rapport combofix sur atinrrotkit

[jujudu78550]

bonjour,j'ai fait un scan avec combofix et j'aimerais avoir une réponse sur ce rapport.Merci

 

 

 

ComboFix 11-06-01.04 - Nico 01/06/2011 21:43:58.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2550.1991 [GMT 2:00]

Lancé depuis: c:\documents and settings\Nico\Bureau\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\program files\Eorezo

c:\program files\Eorezo\confmedia.cyp

c:\program files\Eorezo\unins000.dat

.

----- BITS: Il y a peut-être des sites infectés -----

.

hxxp://apnmedia.ask.com

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-05-01 au 2011-06-01 ))))))))))))))))))))))))))))))))))))

.

.

2074-05-18 16:44 . 2008-03-21 13:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2011-06-01 18:40 . 2011-06-01 18:40 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-06-01 18:36 . 2011-06-01 18:40 -------- d-----w- c:\program files\ZHPDiag

2011-06-01 16:40 . 2011-06-01 16:40 -------- d-----w- c:\documents and settings\JULIEN\Application Data\SUPERAntiSpyware.com

2011-06-01 15:07 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys

2011-06-01 14:05 . 2011-06-01 14:05 -------- d-----w- c:\documents and settings\Nico\Application Data\SUPERAntiSpyware.com

2011-06-01 14:05 . 2011-06-01 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-01 14:05 . 2011-06-01 14:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-01 14:01 . 2011-06-01 14:01 -------- d-----w- c:\documents and settings\Nico\Application Data\Malwarebytes

2011-06-01 14:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-01 14:01 . 2011-06-01 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-01 14:00 . 2011-06-01 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-01 14:00 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-29 09:13 . 2011-05-29 09:13 -------- d-----w- c:\program files\Universal Interactive

2011-05-29 09:07 . 2011-05-29 09:07 -------- d-----w- c:\program files\Alcohol Soft

2011-05-29 09:02 . 2011-05-29 09:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-05-28 08:00 . 2011-05-28 08:27 -------- d-----w- c:\program files\Sierra

2011-05-28 07:43 . 2011-05-28 07:43 -------- d-----w- c:\documents and settings\JULIEN\Application Data\Sierra

2011-05-28 07:43 . 2011-05-28 07:43 -------- d-----w- c:\documents and settings\JULIEN\Application Data\InstallShield Installation Information

2011-05-28 07:40 . 2011-05-28 07:40 -------- d-----w- c:\documents and settings\JULIEN\Application Data\InstallShield

2011-05-19 17:38 . 2011-05-19 17:38 -------- d-----w- c:\program files\Conduit

2011-05-19 17:38 . 2011-05-19 17:38 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\Conduit

2011-05-19 17:38 . 2011-05-19 17:38 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\Softonic_France_FF

2011-05-19 17:38 . 2011-05-19 17:38 -------- d-----w- c:\program files\Softonic_France_FF

2011-05-19 17:37 . 2011-05-19 17:37 -------- d-----w- c:\program files\FreeTime

2011-05-18 13:31 . 2008-04-13 17:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2011-05-18 13:31 . 2008-04-13 17:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2011-05-18 13:31 . 2008-04-14 01:34 92160 ----a-w- c:\windows\system32\kswdmcap.ax

2011-05-18 13:31 . 2008-04-14 01:34 43008 ----a-w- c:\windows\system32\ksxbar.ax

2011-05-18 13:31 . 2008-04-14 01:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2011-05-18 13:31 . 2008-04-14 01:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2011-05-18 13:31 . 2008-04-14 01:34 61952 ----a-w- c:\windows\system32\kstvtune.ax

2011-05-18 13:24 . 2011-05-18 13:24 -------- d-----w- C:\SXS

2011-05-18 13:24 . 2011-05-18 13:24 -------- d-----w- c:\program files\Logitech

2011-05-18 13:24 . 2004-01-21 01:28 86016 ----a-w- c:\windows\system32\lvcoinst.dll

2011-05-18 13:24 . 2004-01-21 01:16 12080 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys

2011-05-18 13:24 . 2004-01-21 01:26 360448 ----a-w- c:\windows\system32\LVUI2RC.dll

2011-05-18 13:24 . 2004-01-21 01:26 122880 ----a-w- c:\windows\system32\LVUI2.dll

2011-05-18 13:24 . 2004-01-21 01:24 57344 ----a-w- c:\windows\system32\LVComC.dll

2011-05-18 13:24 . 2004-01-21 01:24 135214 ----a-w- c:\windows\system32\LVComS.exe

2011-05-18 13:24 . 2004-01-21 01:25 172032 ----a-w- c:\windows\system32\lvcodec2.dll

2011-05-18 13:24 . 2004-01-21 01:14 271360 ----a-w- c:\windows\system32\drivers\LV302AV.SYS

2011-05-18 13:24 . 2004-01-21 01:14 5915 ----a-w- c:\windows\system32\drivers\lv302af.sys

2011-05-18 13:23 . 2011-05-18 13:23 -------- d-----w- c:\program files\Fichiers communs\Labtec

2011-05-18 13:23 . 1998-11-13 11:16 308224 ----a-w- c:\windows\IsUn040c.exe

2011-05-18 13:22 . 2011-05-18 13:22 53248 ------w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\msihook.dll

2011-05-18 13:22 . 2011-05-18 13:22 126976 ------w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\knlwrap.exe

2011-05-18 13:22 . 2011-05-18 13:22 114688 ------w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\scpthdlr.dll

2011-05-14 08:10 . 2011-05-14 08:10 -------- d-----w- c:\documents and settings\MAXIME\Application Data\searchquband

2011-05-14 08:06 . 2011-05-15 10:49 -------- d-----w- c:\documents and settings\MAXIME\Application Data\searchqutoolbar

2011-05-11 14:29 . 2010-12-02 08:11 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll

2011-05-11 14:29 . 2010-12-02 08:11 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll

2011-05-11 14:26 . 2011-05-12 17:23 -------- d-----w- c:\windows\SxsCaPendDel

2011-05-11 14:20 . 2010-12-02 08:12 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-09 18:59 . 2011-05-09 18:59 -------- d-----w- c:\documents and settings\JULIEN\Application Data\searchqutoolbar

2011-05-09 18:59 . 2011-05-09 18:59 -------- d-----w- c:\documents and settings\JULIEN\Application Data\searchquband

2011-05-08 07:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-08 07:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-05-08 07:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-08 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-05-07 21:53 . 2011-05-07 21:53 -------- d-----w- c:\program files\Pivot Stickfigure Animator

2011-05-07 21:49 . 2011-05-07 21:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-05-07 16:22 . 2011-05-07 16:22 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\Ilivid Player

2011-05-07 16:22 . 2011-05-07 16:22 -------- d-----w- c:\documents and settings\Nico\Application Data\searchquband

2011-05-07 16:19 . 2011-05-07 16:22 -------- d-----w- c:\documents and settings\Nico\Application Data\searchqutoolbar

2011-05-07 16:19 . 2011-05-07 16:19 -------- d-----w- c:\program files\Windows iLivid Toolbar

2011-05-07 16:18 . 2011-05-07 16:18 -------- d-----w- c:\documents and settings\Nico\Local Settings\Application Data\PackageAware

2011-05-07 16:15 . 2011-05-13 17:29 -------- d-----w- c:\program files\Bridge Building Game

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-10 12:10 . 2010-06-29 19:40 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2010-01-24 10:46 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-04-07 17:28 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2010-01-24 10:47 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2010-01-24 10:47 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 12:02 . 2010-01-24 10:46 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-05-10 12:02 . 2010-01-24 10:46 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-05-10 11:59 . 2010-01-24 10:47 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2010-01-24 10:47 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-05-10 11:59 . 2010-01-24 10:47 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-15 17:26 . 2011-03-15 17:26 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-03-07 05:33 . 2011-02-08 17:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2002-08-30 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2001-10-05 10:53 . 2009-04-16 20:28 21866 -c--a-w- c:\program files\Fichiers communs\tppupd2k.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160]

"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]

.

c:\documents and settings\MAXIME\Menu D‚marrer\Programmes\D‚marrage\

Notification de cadeaux MSN.lnk - c:\documents and settings\Nico\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [N/A]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\Nico\Menu D‚marrer\Programmes\D‚marrage\

Notification de cadeaux MSN.lnk - c:\documents and settings\Nico\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [N/A]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\JULIEN\Menu D‚marrer\Programmes\D‚marrage\

Notification de cadeaux MSN.lnk - c:\documents and settings\Nico\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe [2011-1-15 86576]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-23 24576]

WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2011-2-8 806400]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Documents and Settings\\JULIEN\\Mes documents\\utorrent.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/05/2011 11:02 436792]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/04/2011 19:28 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/01/2010 12:47 307928]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/01/2010 12:47 19544]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [05/04/2011 19:28 245760]

S3 JWTGSBG;JWTGSBG;c:\docume~1\Nico\LOCALS~1\Temp\JWTGSBG.exe --> c:\docume~1\Nico\LOCALS~1\Temp\JWTGSBG.exe [?]

.

Contenu du dossier 'Tâches planifiées'

.

2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-725345543-1006Core.job

- c:\documents and settings\JULIEN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 18:24]

.

2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-725345543-1006UA.job

- c:\documents and settings\JULIEN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 18:24]

.

2011-06-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]

.

2011-06-01 c:\windows\Tasks\User_Feed_Synchronization-{896FFEF8-0A01-4F59-8A86-4E86EEEE68DB}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

2011-06-01 c:\windows\Tasks\User_Feed_Synchronization-{B806B5FE-3E25-444C-89E4-C3EF8E04EF15}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: mappy.com

Trusted Zone: orange.fr

Trusted Zone: voila.fr\rw.search.ke

Trusted Zone: weborama.fr\orange

TCP: DhcpNameServer = 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-10 - (no file)

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

HKLM-Run-EPSON Stylus DX4800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE

HKLM-Run-NWEReboot - (no file)

AddRemove-Notification de cadeaux MSN - c:\documents and settings\Nico\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-01 22:10

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]

"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(844)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(3016)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Dell\OpenManage\Client\Iap.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\windows\system32\LVComS.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Heure de fin: 2011-06-01 22:17:55 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-06-01 20:17

.

Avant-CF: 34 452 664 320 octets libres

Après-CF: 36 709 269 504 octets libres

.

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,3,4,5

- - End Of File - - B303B431F4A2DC5458F1D17C29DEF100

[bernard53]

Bonjour

 

Télécharger AD-Remover (créé par C_XX) :

 

http://www.teamxscript.org/adremoverTelechargement.html

 

Cliquez sur "DOWNLOAD " et enregistrez-le "sur votre bureau"

 

Une fois téléchargé sur votre bureau, double-cliquez sur son icone pour lancer l'installation.

 

Sous vista et Windows7 : clic droit sur son icone et sélectionnez "Exécuter en tant qu'administrateur".

L'installation se fera automatiquement.

 

A l'écran principal, cliquez sur Nettoyer pour exécuter le nettoyage.

 

Une fois l'ordinateur redémarré, il ne vous reste plus qu'à copier/coller le rapport sur le forum comme le précédent.

Le rapport se trouve à cet endroit : C:\Ad-Report-CLEAN[1].txt

 

Puis:: Installe Malewarebytes' Antimalware,

 

Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer

 

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

 

 

Et pour contrôle.

 

Télécharges << ZHPDiag>> (de Nicolas Coolman)

 

dezzipes le fichier sur ton bureau...

Fais un clic-droit sur l'icône ZHPDiag .exe et choisis "exécuter en tant qu'administrateur".

 

 

L'installation va créer raccourcis (ZHPDiag et ZHPFix et MBRchek) sur ton bureau

 

 

 

A la fin de l'installation ZHPDiag va se lancer....

 

Cliques sur l'icône "Options" (image du tournevis) et coches toutes les options.

Cliques sur "Lancer le diagnostique" (image de la loupe) et patiente...

 

A la fin du scan cliques sur l'icône "sauvegarder le fichier sous" (image de la disquette bleu) et enregistre le rapport sur ton bureau.

 

Mets le rapport ici car il prend bien de la place.

Cliquez ici.

ou la

Cijoint.fr - Service gratuit de dépôt de fichiers