fff57

Tout à l'air de fonctionner à merveille, merci beaucoup pour votre efficacité. Je ne sais pas pourquoi je n'arrive pas à faire le rapport Kasperski.

Voici le rapport Avira AntiVir Personal Report file date: lundi 2 mars 2009 21:55 Scanning for 1277024 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: F Computer name: SN203659450008 Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 01/12/2008 11:35:02 AVSCAN.DLL : 8.1.4.0 40705 Bytes 19/07/2008 08:46:55 LUKE.DLL : 8.1.4.5 164097 Bytes 19/07/2008 08:46:55 LUKERES.DLL : 8.1.4.0 12033 Bytes 19/07/2008 08:46:55 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 08:06:40 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:06:46 ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 20/02/2009 11:53:31 ANTIVIR3.VDF : 7.1.2.104 275456 Bytes 02/03/2009 20:17:38 Engineversion : 8.2.0.98 AEVDF.DLL : 8.1.1.0 106868 Bytes 01/02/2009 11:20:15 AESCRIPT.DLL : 8.1.1.56 352634 Bytes 01/03/2009 11:35:51 AESCN.DLL : 8.1.1.7 127347 Bytes 15/02/2009 14:11:08 AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 17:38:45 AEPACK.DLL : 8.1.3.8 397684 Bytes 06/02/2009 11:16:19 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 01/03/2009 11:35:51 AEHEUR.DLL : 8.1.0.100 1618295 Bytes 01/03/2009 11:35:50 AEHELP.DLL : 8.1.2.2 119158 Bytes 01/03/2009 11:35:49 AEGEN.DLL : 8.1.1.22 336245 Bytes 01/03/2009 11:35:48 AEEMU.DLL : 8.1.0.9 393588 Bytes 16/10/2008 06:15:53 AECORE.DLL : 8.1.6.6 176501 Bytes 20/02/2009 14:30:04 AEBB.DLL : 8.1.0.3 53618 Bytes 16/10/2008 06:15:52 AVWINLL.DLL : 1.0.0.12 15105 Bytes 19/07/2008 08:46:55 AVPREF.DLL : 8.0.2.0 38657 Bytes 19/07/2008 08:46:55 AVREP.DLL : 8.0.0.2 98344 Bytes 12/08/2008 14:53:09 AVREG.DLL : 8.0.0.1 33537 Bytes 19/07/2008 08:46:55 AVARKT.DLL : 1.0.0.23 307457 Bytes 21/04/2008 08:10:29 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 19/07/2008 08:46:55 SQLITE3.DLL : 3.3.17.1 339968 Bytes 21/04/2008 08:10:29 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 19/07/2008 08:46:55 NETNT.DLL : 8.0.0.1 7937 Bytes 21/04/2008 08:10:29 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 19/07/2008 08:46:49 RCTEXT.DLL : 8.0.52.0 86273 Bytes 19/07/2008 08:46:49 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, F:, G:, H:, I:, D:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 2 mars 2009 21:55 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'agent.exe' - '1' Module(s) have been scanned Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'opware32.exe' - '1' Module(s) have been scanned Scan process 'fwsrv.exe' - '1' Module(s) have been scanned Scan process 'vspdfprsrv.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'dragdiag.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'PSIService.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [iNFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [iNFO] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [iNFO] In the drive 'I:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '65' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP571\A0257188.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP571\A0257202.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program [NOTE] The file was deleted! C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP571\A0257203.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program [NOTE] The file was deleted! C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP571\A0257204.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program [NOTE] The file was deleted! C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP571\A0257205.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was deleted! Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. End of the scan: lundi 2 mars 2009 22:50 Used time: 54:49 Minute(s) The scan has been done completely. 7415 Scanning directories 354917 Files were scanned 5 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 5 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 354910 Files not concerned 9645 Archives were scanned 2 Warnings 5 Notes

J'ai fait un scan antivir 5 détections: TR/Crypt.XPACK.Gen' BDS/TDSS.adb' [backdoor] BDS/TDSS.JW' [backdoor] BDS/TDSS.acs' [backdoor] TR/Rootkit.Gen'

Voici le dernier rapport Combafix. Par contre, je n'arrive pas à faire Kasperski en ligne. J'ai utilisé expolrer, j'ai vidé la corbeille, j'ai désactivé l'antivirus mais "I accept" reste grisé et inutilisable. De plus explorer se plantait chaque fois que je voulais répondre, j'ai du utiliser mozilla. ComboFix 09-03-01.01 - F 2009-03-02 17:47:31.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.217 [GMT 1:00] Lancé depuis: c:\load-cf\32192\32192.exe Commutateurs utilisés :: c:\documents and settings\F\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\D800EB9C52.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\D800EB9C52.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 )))))))))))))))))))))))))))))))))))) . 2009-03-02 17:44 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2009-03-02 12:27 . 2009-03-02 17:45 <REP> d-------- C:\Load-CF 2009-03-01 22:07 . 2009-03-01 22:07 <REP> d-------- c:\documents and settings\F\Application Data\Malwarebytes 2009-03-01 19:11 . 2009-03-01 22:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-01 19:11 . 2009-03-01 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-01 19:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-01 19:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-01 17:09 . 2009-03-01 17:10 <REP> d-------- c:\documents and settings\F\SmitfraudFix 2009-03-01 15:51 . 2009-03-01 17:26 <REP> d-------- C:\ToolBar SD 2009-03-01 14:54 . 2009-03-01 17:41 <REP> d-------- c:\program files\Registrar Registry Manager 2009-03-01 14:54 . 2009-01-20 12:52 31,928 --a------ c:\windows\system32\rrMon.sys 2009-03-01 14:47 . 2009-03-01 17:41 <REP> d-------- c:\program files\Optimisation Windows 2009-02-24 22:29 . 2009-02-24 23:08 <REP> d-------- c:\windows\BDOSCAN8 2009-02-22 23:36 . 2006-03-17 18:30 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-02-22 23:36 . 2004-08-16 18:19 <REP> dr------- c:\documents and settings\Administrateur\Mes documents 2009-02-22 23:36 . 2004-08-16 17:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-02-22 23:36 . 2004-08-16 18:19 <REP> dr------- c:\documents and settings\Administrateur\Favoris 2009-02-22 23:36 . 2004-08-16 17:55 <REP> dr------- c:\documents and settings\Administrateur\Bureau 2009-02-22 23:36 . 2009-02-22 23:36 <REP> d-------- c:\documents and settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 16:53 --------- d-----w c:\documents and settings\F\Application Data\OpenOffice.org2 2009-03-01 18:38 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-01 16:42 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-01 13:49 74,752 ----a-w c:\windows\ST6UNST.EXE 2009-03-01 13:49 458,752 ------w c:\windows\Setup1.exe 2009-03-01 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic 2009-03-01 10:48 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-24 21:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 15:10 --------- d-----w c:\program files\Fichiers communs\Apple 2009-02-15 15:09 --------- d-----w c:\program files\Apple Software Update 2009-02-15 09:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-01 11:21 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-29 10:47 --------- d-----w c:\program files\Clear History 2006-09-18 20:49 4,642,748 ----a-w c:\program files\eMule-NG-0[1].47a-Installer.zip 2008-05-23 21:56 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-09-06 17:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090620080907\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 32881] "SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 861184] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-21 180269] "vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912] "JeticoPFStartup"="c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "nwiz"="nwiz.exe" [2004-07-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\J\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] c:\documents and settings\F\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZMBV"= zmbv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-03-17 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-03-17 45376] S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-03-17 36048] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3ec311e-a2f9-11db-bb6a-0090d08df06f}] \Shell\AutoRun\command - J:\LaunchU3.exe . . ------- Examen supplémentaire ------- . mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://mm.tf1.fr/superdistribution/installer2.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\F\Application Data\Mozilla\Firefox\Profiles\adh1y4s8.default\ FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 17:53:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Protexis\License Service\PSIService.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.3\program\soffice.exe c:\program files\OpenOffice.org 2.3\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-03-02 17:58:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-02 16:58:44 ComboFix2.txt 2009-03-02 11:42:38 Avant-CF: 123 454 328 832 octets libres Après-CF: 123,439,161,344 octets libres 159 --- E O F --- 2009-02-28 07:31:25

Apparemment cela a fonctionné, tout se déroule normalement. Merci beaucoup. ComboFix 09-03-01.01 - F 2009-03-02 12:31:06.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.205 [GMT 1:00] Lancé depuis: c:\load-cf\2666\2666.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\F\Menu Démarrer\Programmes\InternetGameBox c:\documents and settings\F\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk c:\documents and settings\F\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk c:\documents and settings\F\Menu Démarrer\Programmes\InternetGameBox\Website.lnk c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\TDSSciou.log c:\windows\system32\TDSSpqxt.dat c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 )))))))))))))))))))))))))))))))))))) . 2009-03-02 12:27 . 2009-03-02 12:27 <REP> d-------- C:\Load-CF 2009-03-01 22:07 . 2009-03-01 22:07 <REP> d-------- c:\documents and settings\F\Application Data\Malwarebytes 2009-03-01 19:11 . 2009-03-01 22:07 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-01 19:11 . 2009-03-01 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-01 19:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-01 19:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-01 17:09 . 2009-03-01 17:10 <REP> d-------- c:\documents and settings\F\SmitfraudFix 2009-03-01 15:51 . 2009-03-01 17:26 <REP> d-------- C:\ToolBar SD 2009-03-01 14:54 . 2009-03-01 17:41 <REP> d-------- c:\program files\Registrar Registry Manager 2009-03-01 14:54 . 2009-01-20 12:52 31,928 --a------ c:\windows\system32\rrMon.sys 2009-03-01 14:47 . 2009-03-01 17:41 <REP> d-------- c:\program files\Optimisation Windows 2009-02-24 22:29 . 2009-02-24 23:08 <REP> d-------- c:\windows\BDOSCAN8 2009-02-22 23:36 . 2006-03-17 18:30 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-02-22 23:36 . 2004-08-16 17:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-02-22 23:36 . 2004-08-16 18:19 <REP> dr------- c:\documents and settings\Administrateur\Mes documents 2009-02-22 23:36 . 2004-08-16 17:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-02-22 23:36 . 2004-08-16 18:19 <REP> dr------- c:\documents and settings\Administrateur\Favoris 2009-02-22 23:36 . 2004-08-16 17:55 <REP> dr------- c:\documents and settings\Administrateur\Bureau 2009-02-22 23:36 . 2009-02-22 23:36 <REP> d-------- c:\documents and settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 11:38 --------- d-----w c:\documents and settings\F\Application Data\OpenOffice.org2 2009-03-01 18:38 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-01 16:42 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-01 13:49 74,752 ----a-w c:\windows\ST6UNST.EXE 2009-03-01 13:49 458,752 ------w c:\windows\Setup1.exe 2009-03-01 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic 2009-03-01 10:48 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2009-02-24 21:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-15 15:10 --------- d-----w c:\program files\Fichiers communs\Apple 2009-02-15 15:09 --------- d-----w c:\program files\Apple Software Update 2009-02-15 09:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-01 11:21 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-29 10:47 --------- d-----w c:\program files\Clear History 2006-09-18 20:49 4,642,748 ----a-w c:\program files\eMule-NG-0[1].47a-Installer.zip 2008-05-23 21:56 88 --sh--r c:\windows\system32\D800EB9C52.sys 2008-05-23 21:56 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-09-06 17:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090620080907\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 32881] "SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 861184] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-21 180269] "vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912] "JeticoPFStartup"="c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "nwiz"="nwiz.exe" [2004-07-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\J\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] c:\documents and settings\F\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ZMBV"= zmbv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-03-17 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-03-17 45376] S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-03-17 36048] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3ec311e-a2f9-11db-bb6a-0090d08df06f}] \Shell\AutoRun\command - J:\LaunchU3.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe . ------- Examen supplémentaire ------- . mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://mm.tf1.fr/superdistribution/installer2.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\F\Application Data\Mozilla\Firefox\Profiles\adh1y4s8.default\ FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 12:38:16 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Protexis\License Service\PSIService.exe c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.3\program\soffice.exe c:\program files\OpenOffice.org 2.3\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-03-02 12:42:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-02 11:42:18 Avant-CF: 123 036 971 008 octets libres Après-CF: 123,468,230,656 octets libres 178 --- E O F --- 2009-02-28 07:31:25

J'ai renommé avant avant le téléchargement. Le logiciel ne s'installe pas entièrement, ca se plante à un moment donné même en mode sans échec. J'ai essayé de le désinstaller pour refaire une tentative mais ca se plante également lors de la désinstallarion.

Voici les rapports après action Toolbar: -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3200+ ) BIOS : Award Medallion BIOS v6.00PG USER : F ( Administrator ) BOOT : Fail-safe boot Antivirus : Avira AntiVir PersonalEdition Classic 6.38.1.19 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:114 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 01/03/2009|17:23 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-15-10-23-10.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\4_elements16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\brickquest_216x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\burger_island_216x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cake_shop16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\call_of_atlantis16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\color_cross16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_wedding_216x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dr_lynch_grave_secrets16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\my_tribe16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\saqqarah16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\season_match_216x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sherlock_holmes16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\time_quest16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\treasures_of_mystery_island16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_pool316x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\womens_murder_club_fr16x16.gif Supprime! - C:\Program Files\GamesBar\Localization-French.ini Supprime! - C:\Program Files\GamesBar\oberontb.dll Supprime! - C:\Program Files\GamesBar\OBGet.exe Supprime! - C:\Program Files\GamesBar\uninst.exe Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\GamesBar Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Kazaa Lite K++ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar Supprime! - C:\Program Files\GamesBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (F) - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} => imagezoom (F) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS] 1 - "C:\ToolBar SD\TB_1.txt" - 01/03/2009|16:05 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 01/03/2009|17:26 - Option : [2] -----------\\ Fin du rapport a 17:26:00,54 Rapport smitfraudfix après action: SmitFraudFix v2.398 Rapport fait à 17:13:44,32, 01/03/2009 Executé à partir de C:\Documents and Settings\F\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Voici le rapport smitfrau: mitFraudFix v2.398 Rapport fait à 16:41:39,01, 01/03/2009 Executé à partir de C:\Program Files\AOL 9.0\download\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Defenza\pcd-as.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\AOL 9.0\download\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\F »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\F\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\F\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\F\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F74C6325-6D5E-4890-A1AB-45938726843B}: NameServer=205.188.146.145 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{F74C6325-6D5E-4890-A1AB-45938726843B}: NameServer=205.188.146.145 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D06B2E68-DD43-45F8-AC12-4F5C5757F37C}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Voici le rapport Toobar C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48 C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48.xm_ C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-15-10-23-10.xm_ C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34 C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34.xm_ C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\4_elements16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\brickquest_216x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\burger_island_216x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cake_shop16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\call_of_atlantis16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\color_cross16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_wedding_216x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dr_lynch_grave_secrets16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\my_tribe16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_ C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\saqqarah16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\season_match_216x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sherlock_holmes16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\time_quest16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\treasures_of_mystery_island16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_pool316x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\womens_murder_club_fr16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\about.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\Azada16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\caribbean_hideaway16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\cradle_of_persia16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\cradle_rome16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\death_nile16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\deep_quest16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\download.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\dr_daisy_pet_vet16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\family_restaurant16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\farm_frenzy16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\fashion_craze16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\feedback.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\help.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\highlight.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\newGames.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\partner.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\pirate_poker16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\pirate_stories_kit_ellis16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\popup_off.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\popup_on.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\puzzle.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\search.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\seasonmatch16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\sendafriend.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\solitaire_cruise16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\supercow16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\Turbo_Subs16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\uninstall.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-07-21-49-48\update.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\4_elements16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\about.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\action.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\airport_mania_first_flight16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\arcade.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\bejeweled_twist16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\build_a_lot_316x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\call_of_atlantis16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\cards.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\cooking_dash16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\download.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\dream_day_wedding_216x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\farm_craft16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\feedback.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\fitness_dash16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\green_valley_fun_on_the_farm16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\help.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\highlight.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\jewel_quest_316x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\mahjong.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\mystery_pi_the_vegas_heist16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\natalie_brooks16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\newGames.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\partner.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\popup_off.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\popup_on.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\puzzle.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\saqqarah16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\search.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\sendafriend.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\sherlock_holmes16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\sports.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\treasures_of_mystery_island16x16.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\uninstall.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\update.gif C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-22-20-26-34\womens_murder_club_fr16x16.gif C:\Program Files\GamesBar C:\Program Files\GamesBar\Localization-French.ini C:\Program Files\GamesBar\oberontb.dll C:\Program Files\GamesBar\OBGet.exe C:\Program Files\GamesBar\uninst.exe C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\GamesBar C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Kazaa Lite K++ -----------\\ Extensions (F) - {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} => imagezoom (F) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://recherche.neuf.fr/" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS] 1 - "C:\ToolBar SD\TB_1.txt" - 01/03/2009|16:05 - Option : [1] -----------\\ Fin du rapport a 16:05:39,76

Mon rapport n'était pas le plus récent. Voir ci-dessous. Pourrais-tu m'expliquer comment virer ces lignes et quel est le logiciel en Français le plus simple à utiliser? Merci Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Defenza\pcd-as.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\DOCUME~1\F\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\sl

Je suis victime de petits problèmes - conexion aléatoire ou ralentie à internet - Plantages occasionnels au démarrage Rapport: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Documents and Settings\F\Bureau\SDFix.exe C:\Documents and Settings\F\Bureau\SDFix.exe C:\Documents and Settings\F\Local Settings\Temporary Internet Files\Content.IE5\CGX7ZQJO\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F74C6325-6D5E-4890-A1AB-45938726843B}: NameServer = 205.188.146.145 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 9822 bytes

Les scans ne fonctionnent toujours pas en mode sans échec, impossible de les exécuter. A+

Je ne comprends pas "scan en mode sans échec" tu parles de windows sans échec?** J'ai déjà antivir, le dois le désinstaller? A+

La box fonctionne très bien, j'ai une connexion wifi qui fonctionne sur les portables, les prises n'ont pas de pb. C'est possible que j'aie une merde. J'ai cliqué sur ton lien et j'ai enregistré les deux anti malwares, mais ils refusent d'exécuter le programme, l'un comme l'autre. a+

Non, tout fonctionne normalement A+