loupatoche33

J'avais déjà désisntallé ce programme Il restait des fichiers dans menu démarré que je viens de supprimer

Je voudrais optimiser l'ordi de ma femme. J'ai fait un premier nettoyag par ATF-CLEANER ET MALWAREBYTE ET APRES ?

c'est ça ? Logfile of random's system information tool 1.06 (written by random/random) Run by hernandez at 2010-03-05 18:04:06 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 11 GB (30%) free of 37 GB Total RAM: 510 MB (33% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:04:17, on 05/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Aspire Arcade\PCMService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Documents and Settings\hernandez\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\hernandez\Bureau\RSIT.exe C:\Program Files\trend micro\hernandez.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LaunchApp] "C:\WINDOWS\ALAUNCH.EXE" O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hernandez\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- End of file - 8775 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{4037CFE7-15E6-4C50-9A52-EE12E2396EB1}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=C:\WINDOWS\ALAUNCH.EXE [2004-06-08 499712] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-20 98304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-20 532480] "PCMService"=C:\Program Files\Aspire Arcade\PCMService.exe [2004-03-25 81920] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2003-04-24 59392] "PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-24 455168] "PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-24 455168] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968] "LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2004-07-05 315392] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-04 155648] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\hernandez\Menu Démarrer\Programmes\Démarrage RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe Notification de cadeaux MSN.lnk - C:\Documents and Settings\hernandez\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=255 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-03-05 15:06:28 ----D---- C:\Ad-Remover 2010-03-05 14:11:18 ----RASHD---- C:\autorun.inf 2010-03-05 13:48:18 ----D---- C:\WINDOWS\ie8updates 2010-03-05 13:44:09 ----HD---- C:\WINDOWS\ie8 2010-03-05 13:01:54 ----D---- C:\UsbFix 2010-03-05 12:42:42 ----D---- C:\rsit 2010-03-05 11:14:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-05 09:27:47 ----SHD---- C:\Config.Msi 2010-03-05 00:22:20 ----HD---- C:\WINDOWS\$NtUninstallKB978262$ 2010-03-05 00:22:14 ----HD---- C:\WINDOWS\$NtUninstallKB959426$ 2010-03-05 00:21:56 ----HD---- C:\WINDOWS\$NtUninstallKB960859$ 2010-03-05 00:21:27 ----HD---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-05 00:21:18 ----HD---- C:\WINDOWS\$NtUninstallKB958869$ 2010-03-05 00:17:44 ----HD---- C:\WINDOWS\$NtUninstallKB955759$ 2010-03-05 00:16:48 ----HD---- C:\WINDOWS\$NtUninstallKB974318$ 2010-03-05 00:16:41 ----HD---- C:\WINDOWS\$NtUninstallKB969059$ 2010-03-05 00:16:25 ----HD---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-03-05 00:15:13 ----HD---- C:\WINDOWS\$NtUninstallKB961503$ 2010-03-05 00:15:07 ----HD---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-05 00:14:47 ----HD---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-05 00:14:16 ----HD---- C:\WINDOWS\$NtUninstallKB971657$ 2010-03-05 00:14:11 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-03-05 00:14:07 ----HD---- C:\WINDOWS\$NtUninstallKB960225$ 2010-03-05 00:13:23 ----HD---- C:\WINDOWS\$NtUninstallKB972270$ 2010-03-05 00:13:04 ----HD---- C:\WINDOWS\$NtUninstallKB956744$ 2010-03-05 00:12:58 ----HD---- C:\WINDOWS\$NtUninstallKB974112$ 2010-03-05 00:12:45 ----HD---- C:\WINDOWS\$NtUninstallKB956572$ 2010-03-05 00:12:15 ----HD---- C:\WINDOWS\$NtUninstallKB956844$ 2010-03-05 00:12:02 ----HD---- C:\WINDOWS\$NtUninstallKB961501$ 2010-03-05 00:11:29 ----HD---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-05 00:11:23 ----HD---- C:\WINDOWS\$NtUninstallKB973869$ 2010-03-05 00:11:18 ----HD---- C:\WINDOWS\$NtUninstallKB975025$ 2010-03-05 00:11:07 ----HD---- C:\WINDOWS\$NtUninstallKB952004$ 2010-03-05 00:11:01 ----HD---- C:\WINDOWS\$NtUninstallKB974571$ 2010-03-05 00:10:55 ----HD---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-05 00:10:18 ----HD---- C:\WINDOWS\$NtUninstallKB973507$ 2010-03-05 00:09:47 ----HD---- C:\WINDOWS\$NtUninstallKB973687$ 2010-03-05 00:09:32 ----HD---- C:\WINDOWS\$NtUninstallKB973354$ 2010-03-05 00:09:23 ----HD---- C:\WINDOWS\$NtUninstallKB973904$ 2010-03-05 00:09:13 ----HD---- C:\WINDOWS\$NtUninstallKB967715$ 2010-03-05 00:09:03 ----HD---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-03-05 00:08:46 ----HD---- C:\WINDOWS\$NtUninstallKB974392$ 2010-03-05 00:08:00 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2010-03-05 00:07:55 ----HD---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-05 00:07:32 ----HD---- C:\WINDOWS\$NtUninstallKB970238$ 2010-03-05 00:07:03 ----HD---- C:\WINDOWS\$NtUninstallKB971486$ 2010-03-05 00:06:55 ----HD---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-05 00:06:49 ----HD---- C:\WINDOWS\$NtUninstallKB960803$ 2010-03-05 00:06:28 ----HD---- C:\WINDOWS\$NtUninstallKB973815$ 2010-03-05 00:06:23 ----HD---- C:\WINDOWS\$NtUninstallKB956802$ 2010-03-05 00:05:27 ----HD---- C:\WINDOWS\$NtUninstallKB979306$ 2010-03-05 00:05:07 ----HD---- C:\WINDOWS\$NtUninstallKB923561$ 2010-03-05 00:04:41 ----HD---- C:\WINDOWS\$NtUninstallKB971961$ 2010-03-05 00:04:35 ----HD---- C:\WINDOWS\$NtUninstallKB975467$ 2010-03-05 00:04:28 ----HD---- C:\WINDOWS\$NtUninstallKB968389$ 2010-03-05 00:04:15 ----HD---- C:\WINDOWS\$NtUninstallKB969947$ 2010-03-04 23:54:17 ----SHD---- C:\Recycled 2010-03-04 23:48:49 ----A---- C:\ComboFix.txt 2010-03-04 23:38:20 ----A---- C:\Boot.bak 2010-03-04 23:38:17 ----RASHD---- C:\cmdcons 2010-03-04 19:56:08 ----D---- C:\Program Files\ToniArts 2010-03-04 16:31:12 ----D---- C:\WINDOWS\temp 2010-03-04 16:21:43 ----D---- C:\WINDOWS\ERDNT 2010-03-04 16:11:35 ----D---- C:\Program Files\Navilog1 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\muweb.dll 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\mucltui.dll 2010-03-04 13:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-03-04 13:40:26 ----D---- C:\Documents and Settings\hernandez\Application Data\Malwarebytes 2010-03-04 13:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-04 11:01:28 ----A---- C:\WINDOWS\system32\tmp.txt 2010-03-03 23:58:00 ----A---- C:\WINDOWS\ntbtlog.txt ======List of files/folders modified in the last 1 months====== 2010-03-05 17:22:58 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt 2010-03-05 17:21:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-05 13:48:54 ----A---- C:\WINDOWS\imsins.BAK 2010-03-05 10:30:40 ----A---- C:\WINDOWS\ULEAD32.INI 2010-03-05 09:31:56 ----RASH---- C:\boot.ini 2010-03-05 09:27:54 ----A---- C:\WINDOWS\win.ini 2010-03-04 23:46:24 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft; C:\WINDOWS\System32\DRIVERS\SMBHC.sys [2001-08-17 6784] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-18 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-11 56816] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-10 11043] R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 10386] R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2004-05-31 4054] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-09-27 44032] R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-30 292352] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-30 274688] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2002-11-20 17983] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-03-11 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2004-03-11 199552] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-07-08 6912] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMBBATT;Pilote de batterie intelligente Microsoft; C:\WINDOWS\System32\DRIVERS\SMBBATT.sys [2008-04-13 16000] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-05-26 67584] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w22n51;Pilote Intel® PRO/Wireless 2200 Adapter; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-03-11 682624] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-03-25 46455] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2003-03-27 127145] S3 catchme;catchme; \??\C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\catchme.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys [] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-20 184768] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-07-05 1286144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-18 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-15 68096] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

c'est quoi : poste un nouveau log Hijackthis stp.

RAPPORT CLEAN [1] . ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 05.02.2010 à 17:34 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:22:36, 05/03/2010 | Mode Normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: ACER-WB7UXMO8BJ | Utilisateur actuel: hernandez . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . C:\DOCUME~1\HERNAN~1\MESDOC~1\PacificPoker C:\DOCUME~1\HERNAN~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk C:\log_lobby.txt C:\log_lobby_dumper.txt RAPPORT CLEAN [2] . ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 05.02.2010 à 17:34 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:29:38, 05/03/2010 | Mode Normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: ACER-WB7UXMO8BJ | Utilisateur actuel: hernandez . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . rapport SCAN [1] ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 05.02.2010 à 17:34 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 15:06:29, 05/03/2010 | Mode Normal | Option: SCAN Exécuté de: C:\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: ACER-WB7UXMO8BJ | Utilisateur actuel: hernandez . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . C:\DOCUME~1\HERNAN~1\MESDOC~1\PacificPoker C:\DOCUME~1\HERNAN~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk C:\log_lobby.txt C:\log_lobby_dumper.txt RAPPORT SCAN [2] . ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 05.02.2010 à 17:34 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 15:13:40, 05/03/2010 | Mode Normal | Option: SCAN Exécuté de: C:\Ad-Remover\ Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600 Nom du PC: ACER-WB7UXMO8BJ | Utilisateur actuel: hernandez . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . C:\DOCUME~1\HERNAN~1\MESDOC~1\PacificPoker C:\DOCUME~1\HERNAN~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Pacific Poker.lnk C:\log_lobby.txt C:\log_lobby_dumper.txt .

J'ai lancé l'option 2 (L) de AD-R Il a redémarré l'ordi puis une fenêtre c'est ouverte scan en cours et à 21% elle a disparu une autre c'est ouverte scan en cours et à 21 % elle a disparu puis mes icones de bureau se sont installé. Plus de fenêtre AD-R pourtant l'ordi semble travailler puisque le voyant vers du DD s'allume de temps en temps(brievement)

pour mon ordi j'ai recommencé AD-R ET ça FAIT PAREIL Qu'est-ce que je fait ?

J'ai lancé AD_R au bout de 21% de scan la fenêtre a disparu mais l'ordi semble travailler Est-ce normal ? Je voudrais également nettoyer vacciner et optimiser le portable de ma femme (il est sous vista) par quoi dois je commencer? Merci à toi

voici le rapport : ############################## | UsbFix V6.098 | User : hernandez (Administrateurs) # ACER-WB7UXMO8BJ Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 14:03:57 | 05/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® M processor 1.60GHz Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] C:\ -> Disque fixe local # 36,19 Go (10,92 Go free) [ACER] # FAT32 D:\ -> Disque fixe local # 36,37 Go (23,53 Go free) [ACERDATA] # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 465,76 Go (425,16 Go free) [Expansion Drive] # NTFS H:\ -> Disque amovible # 490,84 Mo (360,69 Mo free) # FAT ################## | Elements infectieux | Supprimé ! F:\autorun.inf Supprimé ! F:\Recycler\S-1-5-21-501881172-4264649163-3499916212-1005 Supprimé ! H:\msvcr71.dll Supprimé ! H:\resycled\boot.com Supprimé ! H:\resycled ################## | Registre | Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Listing des fichiers présent | [08/07/2004 14:38|-rahs----|68] C:\PRELOAD.AAA [03/08/2004 23:00|--a------|263488] C:\cmldr [11/11/1999 00:17|--a------|49] C:\XPH.TAG [08/07/2004 14:46|---hs----|512] C:\BOOTSECT.DOS [24/04/2003 12:00|-rahs----|4952] C:\Bootfont.bin [11/09/2008 20:24|-rahs----|252240] C:\ntldr [20/01/2006 13:58|-rahs----|47564] C:\NTDETECT.COM [05/03/2010 09:31|-rahs----|286] C:\boot.ini [08/07/2004 15:01|--a------|0] C:\CONFIG.SYS [08/07/2004 15:01|--a------|0] C:\AUTOEXEC.BAT [08/07/2004 15:01|-rahs----|0] C:\IO.SYS [08/07/2004 15:01|-rahs----|0] C:\MSDOS.SYS [08/07/2004 15:26|--a------|173] C:\iv5setup.log [20/01/2006 14:20|--a------|216] C:\Boot.bak [04/03/2010 23:48|--a------|9829] C:\ComboFix.txt [29/05/2007 00:37|--a------|29124480] C:\pack-vista-inspirat-2-1.0.exe [?|?|?] C:\pagefile.sys [05/03/2010 14:11|--a------|2224] C:\UsbFix.txt [?|?|?] C:\hiberfil.sys [24/05/2001 12:59|--a------|162304] C:\UNWISE.EXE [16/08/2007 14:26|--a------|1120] C:\INSTALL.LOG [12/09/2007 18:53|--a------|0] C:\conmgr.log [12/09/2007 20:23|--a------|74] C:\CMLoader.log [15/11/2008 21:44|--a------|0] C:\log_lobby.txt [15/11/2008 21:44|--a------|0] C:\log_lobby_dumper.txt [26/11/2008 15:46|--a------|210042] C:\coreuninstall.log [30/11/2009 20:06|--a------|966] C:\index.html [20/03/2006 22:19|--a------|519] C:\_arm_errors.log [23/03/2007 12:57|--a------|443392] C:\Pr‚sentation lyc‚e St Louis.ppt [24/10/2008 07:00|--a------|1515520] D:\UCVA.doc [01/02/2006 15:27|--a------|48128] D:\DGH.xls [20/10/2008 08:50|--a------|91648] D:\megane.doc [15/04/2005 16:10|--a------|82944] D:\1ERE CHIMIE.xls [17/05/2009 19:51|--a------|63985] D:\RICE.pdf [17/05/2009 11:53|--a------|17321] D:\DemandeRattachement.pdf [10/05/2005 09:52|--a------|107008] D:\cahier de notes 2004-2005.xls [19/08/2004 16:10|--a------|28672] D:\setupSNK.exe [02/12/2008 18:41|--a------|3577961] D:\Guide_expert_qualite.pdf [30/09/2009 20:09|--a------|202752] D:\LA_BIBLE.doc [27/09/2008 13:10|--a------|20992] D:\APER EAU.xls [20/06/2004 12:31|--a------|44032] D:\hotel poitiers.doc [23/01/2007 08:17|--a------|31744] D:\HERNANDEZ Nathalie.doc [16/05/2008 20:01|--a------|74240] D:\stages_2008.xls [28/01/2009 22:54|--a------|226816] D:\Curriculum Vit‘.doc [22/03/2009 10:13|--a------|593278] D:\‚cole de de musique.jpg [18/05/2008 10:30|--a------|15587] D:\AR-1211099447577.pdf [18/05/2008 10:30|--a------|9524] D:\Resume-1211099407089.pdf [15/08/2008 19:47|--a------|148480] D:\rapport_d'‚tape__M1.doc [26/08/2008 10:57|--a------|235008] D:\repertoire_chansons.doc [26/03/2008 14:00|--a------|64512] D:\EMPRUNS CAMPING.xls [25/02/2010 22:49|--a------|1968064] D:\imprimer carte de magie.docx [16/10/2008 16:47|--a------|14487] D:\Effectifs2008-2009.xlsx [24/10/2008 06:49|--a------|25088] D:\pr‚sents-UCVA.xls [17/05/2009 12:10|--a------|15587] D:\AR-1242555038531.pdf [31/10/2008 07:42|--a------|1572720] D:\30-10-2008_17 [17/05/2009 12:09|--a------|12614] D:\Resume-1242554935603.pdf [29/09/2009 09:22|--a------|155614720] D:\la_cle_des_chants (avec photos).doc [11/11/2008 14:00|---------|727550] D:\accordeon_179.JPG [11/11/2008 14:00|--a------|744885] D:\accordeon_182.JPG [11/11/2008 14:00|--a------|782471] D:\accordeon_186.JPG [11/11/2008 14:01|--a------|720389] D:\accordeon_176.JPG [16/09/2009 05:51|--a------|40960] D:\avenir_ONCdocument_travail_v2.doc [28/06/2009 01:00|--a------|37376] D:\questionnementolympiades_nouvelleorientation.doc [28/06/2009 01:00|--a------|33280] D:\sujet2009_nouvelleorientation_V3.doc [27/09/2009 07:25|--a------|90624] D:\PROPOSITION___DE___STAGES.doc [02/11/2009 11:28|--a------|15015] D:\carnet de notes 1CH 2009 2010.xlsx [22/09/2009 10:11|--a------|22485] D:\LE_RESPECT_2.docx [11/09/2004 09:10|--ah-----|114688] D:\ffastun.ffl [11/09/2004 09:10|--ah-----|561152] D:\ffastun0.ffx [11/09/2004 09:10|--ah-----|135168] D:\ffastun.ffo [11/09/2004 09:10|--ah-----|4379] D:\ffastun.ffa [20/10/2009 10:17|--a------|96041] D:\Synth‚ 005.jpg [20/10/2009 10:16|--a------|101016] D:\Synth‚ 001.jpg [20/10/2009 10:16|--a------|100707] D:\Synth‚ 002.jpg [20/10/2009 10:15|--a------|110629] D:\Synth‚ 003.jpg [20/10/2009 10:30|--a------|477533] D:\A VENDRE.docx [20/10/2009 10:15|--a------|173970] D:\Synth‚ 004.jpg [30/11/2009 20:06|--a------|966] D:\index.html [03/02/2010 18:11|--a------|51200] D:\CV Laura FERNANDEZ.doc [04/02/2010 19:08|--a------|30720] D:\CV Mathieu Hernandez.doc [16/01/2009 08:14|--a------|156312] F:\Setup.exe [05/03/2010 11:05|--a------|10769] H:\ouvrirPdfAction.pdf [09/02/2010 11:55|--a------|12978] H:\BTS COMMERCE INTERNATIONAL.docx [25/02/2010 17:39|--a------|1149979] H:\faux billets.docx ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_ACER-WB7UXMO8BJ.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.098 ! |

OK Voici le rapport : ############################## | UsbFix V6.098 | User : hernandez (Administrateurs) # ACER-WB7UXMO8BJ Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 13:02:45 | 05/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® M processor 1.60GHz Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 7.0.5730.13 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] C:\ -> Disque fixe local # 36,19 Go (10,85 Go free) [ACER] # FAT32 D:\ -> Disque fixe local # 36,37 Go (23,53 Go free) [ACERDATA] # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 465,76 Go (425,2 Go free) [Expansion Drive] # NTFS H:\ -> Disque amovible # 490,84 Mo (357,33 Mo free) # FAT ################## | Elements infectieux | F:\autorun.inf H:\msvcr71.dll H:\ravmone.exe H:\resycled\boot.com H:\resycled ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Vaccin | ################## | ! Fin du rapport # UsbFix V6.098 ! |

J'ai un DD externe que j'avais fait analyser avec Malwarebyte a meme tenps e C et D de mon ordi voici le contenu du fichier : Logfile of random's system information tool 1.06 (written by random/random) Run by hernandez at 2010-03-05 12:42:42 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 11 GB (30%) free of 37 GB Total RAM: 510 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:09, on 05/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Aspire Arcade\PCMService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\hernandez\Bureau\RSIT.exe C:\Program Files\trend micro\hernandez.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zimbra.free.fr/zimbra/mail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LaunchApp] "C:\WINDOWS\ALAUNCH.EXE" O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtZgAcer.EXE" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- End of file - 8603 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{4037CFE7-15E6-4C50-9A52-EE12E2396EB1}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=C:\WINDOWS\ALAUNCH.EXE [2004-06-08 499712] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-20 98304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-20 532480] "PCMService"=C:\Program Files\Aspire Arcade\PCMService.exe [2004-03-25 81920] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2003-04-24 59392] "PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-24 455168] "PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-24 455168] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968] "LManager"=C:\Program Files\Launch Manager\QtZgAcer.EXE [2004-07-05 315392] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-04 155648] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\hernandez\Menu Démarrer\Programmes\Démarrage RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe Eurobarre.lnk - C:\Program Files\Eurobarre\eb.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-03-05 12:42:42 ----D---- C:\rsit 2010-03-05 11:14:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-05 09:27:47 ----SHD---- C:\Config.Msi 2010-03-05 00:22:20 ----HD---- C:\WINDOWS\$NtUninstallKB978262$ 2010-03-05 00:22:14 ----HD---- C:\WINDOWS\$NtUninstallKB959426$ 2010-03-05 00:21:56 ----HD---- C:\WINDOWS\$NtUninstallKB960859$ 2010-03-05 00:21:27 ----HD---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-05 00:21:18 ----HD---- C:\WINDOWS\$NtUninstallKB958869$ 2010-03-05 00:17:44 ----HD---- C:\WINDOWS\$NtUninstallKB955759$ 2010-03-05 00:16:48 ----HD---- C:\WINDOWS\$NtUninstallKB974318$ 2010-03-05 00:16:41 ----HD---- C:\WINDOWS\$NtUninstallKB969059$ 2010-03-05 00:16:25 ----HD---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-03-05 00:15:13 ----HD---- C:\WINDOWS\$NtUninstallKB961503$ 2010-03-05 00:15:07 ----HD---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-05 00:14:47 ----HD---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-05 00:14:16 ----HD---- C:\WINDOWS\$NtUninstallKB971657$ 2010-03-05 00:14:11 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-03-05 00:14:07 ----HD---- C:\WINDOWS\$NtUninstallKB960225$ 2010-03-05 00:13:23 ----HD---- C:\WINDOWS\$NtUninstallKB972270$ 2010-03-05 00:13:04 ----HD---- C:\WINDOWS\$NtUninstallKB956744$ 2010-03-05 00:12:58 ----HD---- C:\WINDOWS\$NtUninstallKB974112$ 2010-03-05 00:12:45 ----HD---- C:\WINDOWS\$NtUninstallKB956572$ 2010-03-05 00:12:15 ----HD---- C:\WINDOWS\$NtUninstallKB956844$ 2010-03-05 00:12:02 ----HD---- C:\WINDOWS\$NtUninstallKB961501$ 2010-03-05 00:11:29 ----HD---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-05 00:11:23 ----HD---- C:\WINDOWS\$NtUninstallKB973869$ 2010-03-05 00:11:18 ----HD---- C:\WINDOWS\$NtUninstallKB975025$ 2010-03-05 00:11:07 ----HD---- C:\WINDOWS\$NtUninstallKB952004$ 2010-03-05 00:11:01 ----HD---- C:\WINDOWS\$NtUninstallKB974571$ 2010-03-05 00:10:55 ----HD---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-05 00:10:18 ----HD---- C:\WINDOWS\$NtUninstallKB973507$ 2010-03-05 00:09:47 ----HD---- C:\WINDOWS\$NtUninstallKB973687$ 2010-03-05 00:09:32 ----HD---- C:\WINDOWS\$NtUninstallKB973354$ 2010-03-05 00:09:23 ----HD---- C:\WINDOWS\$NtUninstallKB973904$ 2010-03-05 00:09:13 ----HD---- C:\WINDOWS\$NtUninstallKB967715$ 2010-03-05 00:09:03 ----HD---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-03-05 00:08:46 ----HD---- C:\WINDOWS\$NtUninstallKB974392$ 2010-03-05 00:08:00 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2010-03-05 00:07:55 ----HD---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-05 00:07:32 ----HD---- C:\WINDOWS\$NtUninstallKB970238$ 2010-03-05 00:07:03 ----HD---- C:\WINDOWS\$NtUninstallKB971486$ 2010-03-05 00:06:55 ----HD---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-05 00:06:49 ----HD---- C:\WINDOWS\$NtUninstallKB960803$ 2010-03-05 00:06:28 ----HD---- C:\WINDOWS\$NtUninstallKB973815$ 2010-03-05 00:06:23 ----HD---- C:\WINDOWS\$NtUninstallKB956802$ 2010-03-05 00:05:27 ----HD---- C:\WINDOWS\$NtUninstallKB979306$ 2010-03-05 00:05:07 ----HD---- C:\WINDOWS\$NtUninstallKB923561$ 2010-03-05 00:04:41 ----HD---- C:\WINDOWS\$NtUninstallKB971961$ 2010-03-05 00:04:35 ----HD---- C:\WINDOWS\$NtUninstallKB975467$ 2010-03-05 00:04:28 ----HD---- C:\WINDOWS\$NtUninstallKB968389$ 2010-03-05 00:04:15 ----HD---- C:\WINDOWS\$NtUninstallKB969947$ 2010-03-04 23:54:17 ----SHD---- C:\Recycled 2010-03-04 23:48:49 ----A---- C:\ComboFix.txt 2010-03-04 23:38:20 ----A---- C:\Boot.bak 2010-03-04 23:38:17 ----RASHD---- C:\cmdcons 2010-03-04 23:32:55 ----D---- C:\Qoobox 2010-03-04 19:56:08 ----D---- C:\Program Files\ToniArts 2010-03-04 16:31:12 ----D---- C:\WINDOWS\temp 2010-03-04 16:21:50 ----A---- C:\WINDOWS\zip.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\SWSC.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\SWREG.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\sed.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\PEV.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\NIRCMD.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\MBR.exe 2010-03-04 16:21:50 ----A---- C:\WINDOWS\grep.exe 2010-03-04 16:21:43 ----D---- C:\WINDOWS\ERDNT 2010-03-04 16:11:35 ----D---- C:\Program Files\Navilog1 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\muweb.dll 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2010-03-04 14:07:28 ----A---- C:\WINDOWS\system32\mucltui.dll 2010-03-04 13:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-03-04 13:40:26 ----D---- C:\Documents and Settings\hernandez\Application Data\Malwarebytes 2010-03-04 13:40:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-04 11:01:28 ----A---- C:\WINDOWS\system32\tmp.txt 2010-03-03 23:58:00 ----A---- C:\WINDOWS\ntbtlog.txt ======List of files/folders modified in the last 1 months====== 2010-03-05 12:18:00 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt 2010-03-05 12:11:40 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-05 10:30:40 ----A---- C:\WINDOWS\ULEAD32.INI 2010-03-05 09:31:56 ----RASH---- C:\boot.ini 2010-03-05 09:27:54 ----A---- C:\WINDOWS\win.ini 2010-03-05 00:22:18 ----A---- C:\WINDOWS\imsins.BAK 2010-03-04 23:46:24 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft; C:\WINDOWS\System32\DRIVERS\SMBHC.sys [2001-08-17 6784] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-18 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-11 56816] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-10 11043] R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 10386] R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2004-05-31 4054] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-15 745984] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-09-27 44032] R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-30 292352] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-30 274688] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2002-11-20 17983] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-03-11 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2004-03-11 199552] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-07-08 6912] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMBBATT;Pilote de batterie intelligente Microsoft; C:\WINDOWS\System32\DRIVERS\SMBBATT.sys [2008-04-13 16000] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-05-26 67584] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w22n51;Pilote Intel® PRO/Wireless 2200 Adapter; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-03-11 682624] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-03-25 46455] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2003-03-27 127145] S3 catchme;catchme; \??\C:\DOCUME~1\HERNAN~1\LOCALS~1\Temp\catchme.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys [] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2004-05-20 184768] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-07-05 1286144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-18 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-15 376832] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-15 68096] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

MERCI BEAUCOUP J'ai suivi ta procédure voici le nouveau rapport : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3825 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 05/03/2010 12:10:41 mbam-log-2010-03-05 (12-10-41).txt Type de recherche: Examen complet (C:\|D:\|F:\|H:\|) Eléments examinés: 230244 Temps écoulé: 47 minute(s), 30 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rogue.Multiple.Gen) -> Data: c:\windows\system32\aqnuvllwy.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rogue.Multiple.Gen) -> Data: system32\aqnuvllwy.dll -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\au48gahdk.exe (Rogue.Multiple.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aqNUVllwy.dll (Rogue.Multiple.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C6DE8109-9D72-434C-A35E-FFA5FB4B228D}\RP638\A0244570.exe (Adware.Eurobarre) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C6DE8109-9D72-434C-A35E-FFA5FB4B228D}\RP638\A0244571.exe (Adware.Eurobarre) -> Quarantined and deleted successfully.

Tout d'abord merci pour ton aide Voici le nouveau rapport : ComboFix 10-03-04.02 - hernandez 04/03/2010 23:40:28.2.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.254 [GMT 1:00] Lancé depuis: c:\documents and settings\hernandez\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 )))))))))))))))))))))))))))))))))))) . 2010-03-04 18:56 . 2010-03-04 18:56 -------- d-----w- c:\program files\ToniArts 2010-03-04 16:53 . 2010-03-04 16:53 -------- d-----w- c:\windows\LastGood 2010-03-04 15:49 . 2010-03-04 15:49 -------- d-----w- c:\documents and settings\hernandez\Local Settings\Application Data\Threat Expert 2010-03-04 15:11 . 2010-03-04 15:11 -------- d-----w- c:\program files\Navilog1 2010-03-04 13:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-03-04 13:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\program files\Spyware Doctor 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-04 12:40 . 2010-03-04 12:40 -------- d-----w- c:\documents and settings\hernandez\Application Data\Malwarebytes 2010-03-04 12:40 . 2010-03-04 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-04 09:56 . 2010-03-04 09:56 -------- d-----w- c:\program files\RogueRemover FREE 2010-03-04 09:03 . 2010-03-04 09:03 -------- d--h--w- c:\documents and settings\Administrateur.ACER-WB7UXMO8BJ\Modèles 2010-03-03 22:58 . 2010-03-03 22:58 -------- d-----w- c:\documents and settings\Administrateur.ACER-WB7UXMO8BJ 2010-03-03 13:56 . 2010-03-03 13:56 1674752 ----a-w- c:\windows\system32\aqNUVllwy.dll 2010-03-03 13:56 . 2010-03-03 13:56 1674752 ----a-w- c:\windows\system32\au48gahdk.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-14 18:53 . 2009-12-08 10:55 79488 ----a-w- c:\documents and settings\hernandez\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-18 18:48 . 2008-09-09 15:32 1 ----a-w- c:\documents and settings\hernandez\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-01-09 08:05 . 2010-01-09 08:05 -------- d-----w- c:\documents and settings\hernandez\Application Data\DivX 2010-01-09 08:01 . 2010-01-09 08:01 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-09 08:01 . 2010-01-09 08:01 -------- d-----w- c:\program files\DivX 2010-01-04 22:16 . 2010-01-04 22:16 15872 ------w- c:\windows\system32\winskfr.dll 2010-01-04 22:16 . 2010-01-04 22:16 -------- d-----w- c:\program files\Eurobarre 2009-12-11 08:05 . 2009-08-18 10:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-02-09 19:43 . 2008-05-06 19:58 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-02-09 19:43 . 2008-05-06 19:58 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-02-09 19:43 . 2008-05-06 19:58 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-02-09 19:43 . 2008-05-06 19:58 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-02-09 19:43 . 2008-05-06 19:58 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="c:\windows\ALAUNCH.EXE" [2004-06-08 499712] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2004-03-25 81920] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-24 59392] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-24 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-24 455168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-04 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\hernandez\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-20 954475] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\aqNUVllwy.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47053:TCP"= 47053:TCP:EMULE : tcp entrant "10024:UDP"= 10024:UDP:EMULE : udp entrant "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft;c:\windows\system32\drivers\smbhc.sys [08/07/2004 14:56 6784] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/08/2009 11:17 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/09/2009 21:55 54752] R3 SMBBATT;Pilote de batterie intelligente Microsoft;c:\windows\system32\drivers\smbbatt.sys [08/07/2004 14:56 16000] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [24/11/2008 23:13 27904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{4037CFE7-15E6-4C50-9A52-EE12E2396EB1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://zimbra.free.fr/zimbra/mail uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: localhost FF - ProfilePath - c:\documents and settings\hernandez\Application Data\Mozilla\Firefox\Profiles\yinoap3o.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-04 23:46 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3456) c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-03-04 23:48:48 ComboFix-quarantined-files.txt 2010-03-04 22:48 ComboFix2.txt 2010-03-04 15:48 Avant-CF: 12 863 471 616 octets libres Après-CF: 12 964 593 664 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - 04F6AF3B5B7AA1EF0B12B4529CFA201E

J'ai été infecté par virus protector et je m'en suis sorti grace a combofix Pouvez-vous me die si cela suffit ? Merci beaucoup voici le rapport : ComboFix 10-03-03.07 - hernandez 04/03/2010 16:23:20.1.1 - FAT32x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.391 [GMT 1:00] Lancé depuis: H:\ComboFix.exe Commutateurs utilisés :: ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Windows Media Player\pidgen.dll c:\windows\system32\tmp.reg c:\windows\Uninstall.ini D:\resycled . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 )))))))))))))))))))))))))))))))))))) . 2010-03-04 15:11 . 2010-03-04 15:11 -------- d-----w- c:\program files\Navilog1 2010-03-04 13:07 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-03-04 13:07 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-03-04 12:56 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-03-04 12:56 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll 2010-03-04 12:56 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip 2010-03-04 12:56 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip 2010-03-04 12:56 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-03-04 12:56 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2010-03-04 12:56 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-03-04 12:56 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-03-04 12:56 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-03-04 12:55 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\program files\Spyware Doctor 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\documents and settings\hernandez\Application Data\PC Tools 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-03-04 12:55 . 2010-03-04 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-04 12:40 . 2010-03-04 12:40 -------- d-----w- c:\documents and settings\hernandez\Application Data\Malwarebytes 2010-03-04 12:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-04 12:40 . 2010-03-04 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-04 12:40 . 2010-03-04 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-04 12:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-04 09:56 . 2010-03-04 09:56 -------- d-----w- c:\program files\RogueRemover FREE 2010-03-04 09:03 . 2010-03-04 09:03 -------- d--h--w- c:\documents and settings\Administrateur.ACER-WB7UXMO8BJ\Modèles 2010-03-03 22:58 . 2010-03-03 22:58 -------- d-----w- c:\documents and settings\Administrateur.ACER-WB7UXMO8BJ 2010-03-03 13:56 . 2010-03-03 13:56 1674752 ----a-w- c:\windows\system32\aqNUVllwy.dll 2010-03-03 13:56 . 2010-03-03 13:56 1674752 ----a-w- c:\windows\system32\au48gahdk.exe 2010-03-01 19:36 . 2010-03-01 19:36 -------- d-----w- C:\FOUND.029 2010-03-01 08:18 . 2010-03-01 08:18 -------- d-----w- C:\FOUND.028 2010-02-27 12:39 . 2010-02-27 12:39 -------- d-----w- C:\FOUND.027 2010-02-24 21:06 . 2010-02-24 21:06 -------- d-----w- C:\FOUND.026 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-09 08:05 . 2010-01-09 08:05 -------- d-----w- c:\documents and settings\hernandez\Application Data\DivX 2010-01-09 08:01 . 2010-01-09 08:01 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-09 08:01 . 2010-01-09 08:01 -------- d-----w- c:\program files\DivX 2010-01-04 22:16 . 2010-01-04 22:16 15872 ------w- c:\windows\system32\winskfr.dll 2010-01-04 22:16 . 2010-01-04 22:16 -------- d-----w- c:\program files\Eurobarre 2009-12-11 08:05 . 2009-08-18 10:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-02-09 19:43 . 2008-05-06 19:58 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-02-09 19:43 . 2008-05-06 19:58 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-02-09 19:43 . 2008-05-06 19:58 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-02-09 19:43 . 2008-05-06 19:58 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-02-09 19:43 . 2008-05-06 19:58 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="c:\windows\ALAUNCH.EXE" [2004-06-08 499712] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2004-03-25 81920] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-24 59392] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-24 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-24 455168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-04 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\hernandez\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-20 954475] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\aqNUVllwy.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47053:TCP"= 47053:TCP:EMULE : tcp entrant "10024:UDP"= 10024:UDP:EMULE : udp entrant "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04/03/2010 13:56 207280] R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft;c:\windows\system32\drivers\smbhc.sys [08/07/2004 14:56 6784] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/08/2009 11:17 108289] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [04/03/2010 13:56 112592] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18/09/2009 21:55 54752] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [04/03/2010 13:55 365280] R3 SMBBATT;Pilote de batterie intelligente Microsoft;c:\windows\system32\drivers\smbbatt.sys [08/07/2004 14:56 16000] S2 gupdate1ca9101ecf877f0;Service Google Update (gupdate1ca9101ecf877f0);c:\program files\Google\Update\GoogleUpdate.exe [09/01/2010 09:01 133104] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [24/11/2008 23:13 27904] --- Autres Services/Pilotes en mémoire --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 08:01] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 08:01] 2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{4037CFE7-15E6-4C50-9A52-EE12E2396EB1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: localhost FF - ProfilePath - c:\documents and settings\hernandez\Application Data\Mozilla\Firefox\Profiles\yinoap3o.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-adiras - adiras.exe AddRemove-Eurobarre - c:\progra~1\EUROBA~1\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-04 16:36 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3480) c:\program files\Spyware Doctor\pctgmhk.dll c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\acer\eManager\anbmServ.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\OpenOffice.org 2.3\program\soffice.exe c:\program files\OpenOffice.org 2.3\program\soffice.BIN c:\program files\iPod\bin\iPodService.exe c:\windows\System32\wbem\wmiapsrv.exe c:\program files\Spyware Doctor\pctsSvc.exe . ************************************************************************** . Heure de fin: 2010-03-04 16:48:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-04 15:48 Avant-CF: 14 361 493 504 octets libres Après-CF: 13 670 088 704 octets libres - - End Of File - - 3E155089286D56E116D17FEE0563F882