svvs

merci du coup de main , probleme resolu

et enfin, voici le rapport AD Remover après nettoyage : ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 25/10/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:24:42 le 02/11/2010, Mode normal Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) steph@PC1 (MSI MS-7309) ============== ACTION(S) ============== Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js Fichier supprimé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Dossier supprimé: C:\Program Files\Ask.com Dossier supprimé: C:\Users\steph\AppData\LocalLow\AskToolbar Dossier supprimé: C:\Users\steph\AppData\LocalLow\pdfforge Dossier supprimé: C:\Program Files\pdfforge Toolbar Dossier supprimé: C:\Users\steph\AppData\LocalLow\Search Settings (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{AD67B3BF-E44E-424A-A774-C416ADDC675E} Clé supprimée: HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé supprimée: HKLM\Software\pdfforge Clé supprimée: HKLM\Software\Search Settings Clé supprimée: HKCU\Software\Ask.com Clé supprimée: HKCU\Software\Search Settings Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKLM\Software\Classes\Installer\Products\B8CF0B8BB96E5124FAA1B4FD2FD097B4 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\B8CF0B8BB96E5124FAA1B4FD2FD097B4 Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [impossible d'obtenir la version] ** -- C:\Users\steph\AppData\Roaming\Mozilla\FireFox\Profiles\p6ec76fw.default\Prefs.js -- browser.search.defaultenginename, Google browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= browser.search.selectedEngine, Google browser.startup.homepage_override.mstone, rv:1.8.1.2 ======================================== ** Internet Explorer Version [8.0.6001.18975] ** [HKCU\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\System32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 31 Fichier(s) C:\Program Files\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 02/11/2010 (4928 Octet(s)) C:\Ad-Report-SCAN[1].txt - 02/11/2010 (4766 Octet(s)) Fin à: 22:25:51, 02/11/2010 ============== E.O.F ============== Merci encore pour votre aide !

voilà maintenant le rapport AD Remover : ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 25/10/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 22:19:18 le 02/11/2010, Mode normal Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) steph@PC1 (MSI MS-7309) ============== RECHERCHE ============== Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskSearch.js Fichier trouvé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Dossier trouvé: C:\Program Files\Ask.com Dossier trouvé: C:\Users\steph\AppData\LocalLow\AskToolbar Dossier trouvé: C:\Users\steph\AppData\LocalLow\pdfforge Dossier trouvé: C:\Program Files\pdfforge Toolbar Dossier trouvé: C:\Users\steph\AppData\LocalLow\Search Settings Clé trouvée: HKLM\Software\Classes\CLSID\{AD67B3BF-E44E-424A-A774-C416ADDC675E} Clé trouvée: HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKLM\Software\pdfforge Clé trouvée: HKLM\Software\Search Settings Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\Search Settings Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKCU\Software\AppDataLow\Software\AskToolbar Clé trouvée: HKCU\Software\AppDataLow\Software\pdfforge Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Classes\Installer\Products\B8CF0B8BB96E5124FAA1B4FD2FD097B4 Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\B8CF0B8BB96E5124FAA1B4FD2FD097B4 Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [impossible d'obtenir la version] ** -- C:\Users\steph\AppData\Roaming\Mozilla\FireFox\Profiles\p6ec76fw.default\Prefs.js -- browser.search.defaultenginename, Google browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= browser.search.selectedEngine, Google browser.startup.homepage_override.mstone, rv:1.8.1.2 ======================================== ** Internet Explorer Version [8.0.6001.18975] ** [HKCU\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Search_URL: hxxp://www.google.com/ie Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\System32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://fr.fr.acer.yahoo.com [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 02/11/2010 (4637 Octet(s)) Fin à: 22:20:46, 02/11/2010 ============== E.O.F ==============

bonjour, merci pour votre aide, j'ai lancé Combofix comme vous l'avez indiqué, voici le rapport (je suis en train de telecharger AD Remover) : ComboFix 10-11-01.06 - steph 02/11/2010 19:30:06.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1471.701 [GMT 1:00] Lancé depuis: c:\users\steph\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\steph\Desktop\CFScript.txt SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\Ask.com\GenericAskToolbar.dll" "c:\program files\Enigma Software Group" "c:\users\Default\AppData\Local\temp" "c:\users\steph\AppData\Local\temp" "c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP" "c:\windows\TEMP\TMP000000987B931D82169E9A5C" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ask.com\GenericAskToolbar.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-02 au 2010-11-02 )))))))))))))))))))))))))))))))))))) . 2010-11-02 18:40 . 2010-11-02 18:42 -------- d-----w- c:\users\steph\AppData\Local\temp 2010-11-02 18:40 . 2010-11-02 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-01 20:02 . 2010-11-01 20:02 -------- d-----w- c:\program files\Enigma Software Group 2010-11-01 20:01 . 2010-11-01 20:48 -------- d-----w- c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP 2010-11-01 20:01 . 2010-11-01 20:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-10-29 09:37 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0695CB5-1459-4E2A-8B2D-21DC1B9A314B}\mpengine.dll 2010-10-27 10:41 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-27 10:41 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-27 10:41 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-14 10:14 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-14 10:14 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-14 10:14 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 10:14 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-14 10:14 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 10:14 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 10:14 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 10:14 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\users\steph\AppData\Roaming\Malwarebytes 2010-10-10 18:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\programdata\Malwarebytes 2010-10-10 18:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-03 07:59 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-07 15:12 . 2010-08-08 09:53 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2009-01-31 12:07 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2009-01-31 12:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2009-01-31 12:07 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2009-01-31 12:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2009-01-31 12:07 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-07 14:47 . 2009-01-31 12:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-26 16:33 . 2010-10-27 10:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:33 . 2010-10-27 10:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-26 16:33 . 2010-10-27 10:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:33 . 2010-10-27 10:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-17 14:11 . 2010-09-15 10:46 128000 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408] "BitTorrent DNA"="c:\users\steph\Program Files\DNA\btdna.exe" [2009-10-07 323392] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Google Update"="c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-24 151552] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-26 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-26 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-26 81920] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-05-04 992256] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "Google Update"="c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SolidWorks_CheckForUpdates"="c:\program files\Common Files\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520] S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:56] 2010-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:56] 2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32105907-2856920747-1855074730-1002Core.job - c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:55] 2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32105907-2856920747-1855074730-1002UA.job - c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:55] 2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{377E3ED7-231E-40B4-AF78-F82E81623642}.job - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25] 2009-04-26 c:\windows\Tasks\User_Feed_Synchronization-{6588A172-B081-4402-8B23-6B3F66F93481}.job - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://fr.fr.acer.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.fr/SnapfishActivia3.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-02 19:42 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,99,ef,b4,74,b3,04,4b,98,5d,01,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,99,ef,b4,74,b3,04,4b,98,5d,01,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3116) c:\windows\system32\MsnChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\ShowErrMsg.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast5\AvastUI.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-11-02 19:47:56 - La machine a redémarré ComboFix-quarantined-files.txt 2010-11-02 18:47 ComboFix2.txt 2010-11-01 21:08 Avant-CF: 29 597 741 056 octets libres Après-CF: 29 551 734 784 octets libres Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - AFAB3C92E1FC0CFFA0B9F3F9D701F3DF

Bonjour, apres avoir suivi les conseils d'un site pour supprimer Antivirus studio 2010 de mon pc, j'ai installé et lancé Combofix. A priori, tout est rentré dans l'ordre, mais par précaution, j'aimerais avoir la "traduction" du rapport combofix pour savoir ce qui me reste (éventuellement) à faire. Merci d'avance aux connaisseurs... VOICI LE RAPPORT COMBOFIX : ComboFix 10-11-01.01 - steph 01/11/2010 21:52:17.1.2 - x86 Lancé depuis: c:\users\steph\Desktop\ComboFix.exe SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\pdfforge Toolbar\SeARchsettings.dll c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll c:\users\steph\AppData\Roaming\AntiVirus 2010 c:\users\steph\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe c:\users\steph\AppData\Roaming\AntiVirus 2010\securitycenter.exe c:\users\steph\AppData\Roaming\AntiVirus 2010\securityhelper.exe c:\users\steph\AppData\Roaming\AntiVirus 2010\taskmgr.dll c:\users\steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010.lnk . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-01 au 2010-11-01 )))))))))))))))))))))))))))))))))))) . 2010-11-01 21:05 . 2010-11-01 21:05 -------- d-----w- c:\users\steph\AppData\Local\temp 2010-11-01 21:05 . 2010-11-01 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-01 20:02 . 2010-11-01 20:02 -------- d-----w- c:\program files\Enigma Software Group 2010-11-01 20:01 . 2010-11-01 20:48 -------- d-----w- c:\windows\9EFA732347A048E28F7735DB5EED500A.TMP 2010-11-01 20:01 . 2010-11-01 20:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-10-29 09:37 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0695CB5-1459-4E2A-8B2D-21DC1B9A314B}\mpengine.dll 2010-10-27 10:41 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-27 10:41 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-27 10:41 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-14 10:14 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-14 10:14 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-14 10:14 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-14 10:14 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-14 10:14 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-14 10:14 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-14 10:14 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-14 10:14 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\users\steph\AppData\Roaming\Malwarebytes 2010-10-10 18:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\programdata\Malwarebytes 2010-10-10 18:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-10 18:24 . 2010-10-10 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-03 07:59 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-07 15:12 . 2010-08-08 09:53 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 15:11 . 2009-01-31 12:07 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2009-01-31 12:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2009-01-31 12:07 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2009-01-31 12:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2009-01-31 12:07 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-07 14:47 . 2009-01-31 12:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-08-26 16:33 . 2010-10-27 10:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:33 . 2010-10-27 10:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-26 16:33 . 2010-10-27 10:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:33 . 2010-10-27 10:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-17 14:11 . 2010-09-15 10:46 128000 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408] "BitTorrent DNA"="c:\users\steph\Program Files\DNA\btdna.exe" [2009-10-07 323392] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Google Update"="c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-24 151552] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-26 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-26 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-26 81920] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-05-04 992256] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux6"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup "Google Update"="c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SolidWorks_CheckForUpdates"="c:\program files\Common Files\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248] R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520] S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 NBXG7031;NB 802.11g XG703 SP1 Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2004-09-17 381312] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ESGIGUARD [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:56] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 10:56] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32105907-2856920747-1855074730-1002Core.job - c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:55] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-32105907-2856920747-1855074730-1002UA.job - c:\users\steph\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:55] 2010-11-01 c:\windows\Tasks\User_Feed_Synchronization-{377E3ED7-231E-40B4-AF78-F82E81623642}.job - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25] 2009-04-26 c:\windows\Tasks\User_Feed_Synchronization-{6588A172-B081-4402-8B23-6B3F66F93481}.job - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://fr.fr.acer.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.fr/SnapfishActivia3.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-MeseOttobre - c:\users\steph\desktop\anna\anna2\radio maria\medjugorje\messaggi medjugorje\i tempi liturgici\ottobremese.exe HKCU-Run-AntiVirus 2010 - c:\users\steph\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe HKCU-RunServices-0.7589949025356395 - c:\users\steph\AppData\Local\Temp\0.7589949025356395.exe HKCU-RunServices-VisualMicrosoft - c:\users\steph\appdata\locallow\sun\java\deployment\cache\6.0\38\39ba6e6-4d5df55f-n\studiostudio7.10.6030.0.exe HKCU-RunServices-UtiliserInternet261103 - c:\users\steph\desktop\anna\anna2\dox x lavoro\ricerca lavoro\utiliser internet emploi\utiliserinternet261103.exe HKCU-RunServices-FlashFlash - c:\users\steph\appdata\locallow\macromedia\shockwave player\xtras\download\macromediainc\flashasset\assetdirector10.425.exe HKCU-RunServices-SWAStrmSWADcmpr - c:\users\steph\appdata\locallow\macromedia\shockwave player\xtras\download\macromediainc\swa\swastrmswadcmpr.exe HKCU-RunServices-tlchargementsAdobe - c:\users\steph\appdata\locallow\nos\reprendreadobe.exe HKCU-RunServices-MeseOttobre - c:\users\steph\desktop\anna\anna2\radio maria\medjugorje\messaggi medjugorje\i tempi liturgici\ottobremese.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-01 22:05 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP000000987B931D82169E9A5C 524288 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,99,ef,b4,74,b3,04,4b,98,5d,01,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,99,ef,b4,74,b3,04,4b,98,5d,01,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-11-01 22:08:36 ComboFix-quarantined-files.txt 2010-11-01 21:08 Avant-CF: 30 623 698 944 octets libres Après-CF: 32 184 483 840 octets libres Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - D4E540BE09EF30745BC0BC0E48686398