Bonjour, excusez moi de vous derangé mais j'ai 2 virus qui ne veulent pas partir g avira antivir . le 1er virus est system security qui est detecté par mon antivirus mais pas possible de le suprimé et le 2eme c'est une page d'internet sur mon bureau qui est impossible de trouver et accedé a mes fond d'ecrans pour le changé. merci par avance de votre reponse

Virus system security et sur bureau

Réponse 21 / 32

eZula Messages postés 3509 Statut Contributeur 392

virustotal c:\windows\system32\77AD716965.sys

belette88

Fichier 77AD716965.sys reçu le 2009.01.17 20:27:09 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.17 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.17 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.17 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.17 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.17 -
McAfee 5498 2009.01.17 -
McAfee+Artemis 5498 2009.01.17 -
Microsoft None 2009.01.17 -
NOD32 3773 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.17 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.17 -
TheHacker 6.3.1.5.221 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.17 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.17 -
Information additionnelle
File size: 88 bytes
MD5...: 1ffa379c00b57de94e108d48733a9857
SHA1..: 64d7f85b6917cc6c5a537ee5de047b16cad0b309
SHA256: d678afc538aa20781f2e867d04186a7d41d73beb3fdcaa1292a10634f4f0d712
SHA512: b5ab2f36d28bb9cb43c5653ec9deb67c887bb4eef9289adf5d9f217b3f63a3a0<br>730be5cf06b030a41c77831e0737756cbc1bc090c2790f808a31170325f09eff<br>
ssdeep: 3:hl/hdYf6NrMn:9dRNrMn<br>
PEiD..: -
TrID..: File type identification<br>MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

Réponse 22 / 32

eZula Messages postés 3509 Statut Contributeur 392

Bon, il m'énerve ce driver, pas le précédent mais ce DMSKSSRh.sys. Ca n'a rien à faire dans un répertoire de fichiers temporaires.

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en italique :

Driver::
DMSKSSRh

File::
c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys

Enregistre ce fichier sous le nom CFScript

[*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
[*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

belette88

ComboFix 09-01-17.02 - laurent anais 2009-01-17 20:49:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.197 [GMT 1:00]
Lancé depuis: c:\documents and settings\laurent anais\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\laurent anais\Bureau\CFScript
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\admintxt.txt
c:\windows\service.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.

2009-01-14 20:10 . 2009-01-14 20:10 88 -r-hs---- c:\windows\system32\77AD716965.sys
2009-01-14 19:27 . 2009-01-14 19:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-14 19:23 . 2009-01-14 19:25 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-01-14 19:11 . 2009-01-14 19:11 <REP> d-------- c:\program files\PhotoFiltre
2009-01-14 19:00 . 2009-01-14 19:00 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\windows\system32\GroupPolicy
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\program files\Windows Desktop Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Desktop Search
2009-01-14 18:01 . 2008-03-07 18:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-01-14 18:01 . 2008-03-07 18:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-01-14 18:01 . 2008-03-07 18:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-01-13 23:02 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-13 22:52 . 2009-01-13 22:52 <REP> d-------- c:\program files\THQ
2009-01-13 22:12 . 2009-01-13 22:12 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-13 21:21 . 2009-01-13 21:21 <REP> d-------- c:\program files\filehippo.com
2009-01-13 18:34 . 2009-01-17 16:02 <REP> d----c--- C:\Baphomet
2009-01-13 18:14 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-13 18:13 . 2009-01-13 18:13 <REP> d-------- c:\program files\Panda Security
2009-01-12 22:02 . 2009-01-14 18:53 <REP> d-------- c:\program files\Trend Micro
2009-01-12 21:41 . 2009-01-12 21:41 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-12 21:39 . 2009-01-14 19:42 <REP> d-------- c:\windows\ERUNT
2009-01-12 21:39 . 2009-01-17 12:16 <REP> d----c--- C:\Backups
2009-01-11 21:34 . 2009-01-11 22:02 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 21:34 . 2009-01-12 21:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\Yahoo!
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\CCleaner
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Yahoo!
2009-01-11 21:29 . 2009-01-14 17:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 21:07 . 2009-01-11 21:07 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-11 21:07 . 2009-01-11 21:11 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Deskbar_{80FA45F7-B41F-470c-86A3-A38414374191}
2009-01-11 20:50 . 2009-01-11 21:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 20:50 . 2009-01-11 20:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 20:40 . 2009-01-11 20:40 <REP> d-------- c:\program files\Enigma Software Group
2009-01-11 16:23 . 2009-01-11 16:23 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-11 14:26 . 2009-01-13 17:18 <REP> d-------- c:\documents and settings\All Users\Application Data\533936372
2009-01-11 12:13 . 2009-01-11 12:13 268 --ah-c--- C:\sqmdata14.sqm
2009-01-11 12:13 . 2009-01-11 12:13 244 --ah-c--- C:\sqmnoopt14.sqm
2009-01-10 11:46 . 2009-01-10 11:46 268 --ah-c--- C:\sqmdata13.sqm
2009-01-10 11:46 . 2009-01-10 11:46 244 --ah-c--- C:\sqmnoopt13.sqm
2009-01-07 21:49 . 2009-01-07 21:49 <REP> d----c--- C:\TMOTM
2009-01-07 21:44 . 2004-04-16 20:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-01 17:52 . 2009-01-01 17:52 <REP> d----c--- C:\MicroGaming
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Games
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-27 23:08 . 2008-12-27 23:08 <REP> d-------- c:\windows\system32\AGEIA
2008-12-27 23:00 . 2008-12-27 23:00 <REP> d-------- c:\program files\Focus
2008-12-26 19:03 . 2008-12-26 19:03 244 --ah-c--- C:\sqmnoopt12.sqm
2008-12-26 19:03 . 2008-12-26 19:03 232 --ah-c--- C:\sqmdata12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 19:55 --------- d-----w c:\documents and settings\laurent anais\Application Data\OpenOffice.org2
2009-01-14 19:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\Corel
2009-01-14 18:23 --------- d-----w c:\program files\Corel
2009-01-11 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 15:25 --------- d-----w c:\program files\Lavasoft
2009-01-11 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 20:36 --------- d-----w c:\program files\DivX
2009-01-04 17:54 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-04 17:53 88 --sh--r c:\documents and settings\All Users\Application Data\77AD716965.sys
2008-12-27 22:08 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-27 22:08 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-23 18:42 3,532 -c--a-w C:\drmHeader.bin
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 20:57 --------- d-----w c:\program files\Micro Application
2008-11-28 17:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\InstallShield
2008-11-28 17:08 --------- d-----w c:\program files\Eidos
2008-06-20 17:06 5,632 --sha-w c:\program files\Thumbs.db
2008-06-16 19:23 2,648,090 ----a-w c:\program files\eMulePlus-1.2d.Installer.exe
2008-05-16 18:42 6,115,448 ----a-w c:\program files\Firefox Setup 2.0.0.14.exe
2008-05-15 18:10 35,203 ----a-w c:\program files\elephant.jpg
2008-02-19 20:18 47,360 ----a-w c:\documents and settings\laurent anais\Application Data\pcouffin.sys
2009-01-05 13:04 650,240 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
2007-08-15 21:39 56 --sh--r c:\windows\system32\656971AD77.sys
2008-08-30 15:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_19.28.42.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-15 19:05:35 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2009-01-15 19:05:39 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2009-01-15 19:05:41 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2009-01-15 19:05:40 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2009-01-15 19:05:44 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2009-01-15 19:05:45 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2009-01-15 19:05:50 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2009-01-15 19:05:51 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2009-01-15 19:05:55 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2009-01-15 19:05:57 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2009-01-15 19:06:00 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2009-01-15 19:06:03 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2009-01-15 19:06:05 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2009-01-15 19:06:07 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2009-01-15 19:06:07 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2009-01-15 19:06:09 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2009-01-15 19:06:10 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2009-01-15 19:06:12 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2009-01-15 19:06:42 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2009-01-15 19:06:43 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2009-01-15 19:06:47 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2009-01-15 19:06:37 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-07 77824]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\laurent anais\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-13 28544]
S3 CAM1210;SM0121 USB 2.0 Video Camera;c:\windows\system32\drivers\cam1210.sys [2006-07-24 89856]
.
Contenu du dossier 'Tâches planifiées'

2009-01-17 c:\windows\Tasks\Update Checker.job
- c:\progra~1\FILEHI~1.COM\UPDATE~1.EXE [2008-12-31 12:22]

2009-01-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8bebaba9299846cd8b3462399d909966
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8bebaba9299846cd8b3462399d909966
TCP: {6560E730-C9E6-4205-8C89-8699C603188E} = 192.168.1.1

O16 -: {D5D30A68-E230-49D9-B4D5-BF7532692945} - hxxps://clients.cdiscount.com/ediag/activex/CDiscount.cab
c:\windows\Downloaded Program Files\CDiscount.inf
FF - ProfilePath - c:\documents and settings\laurent anais\Application Data\Mozilla\Firefox\Profiles\suite.User0\
FF - prefs.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.w-w-w-dot-com.com/start.php
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 20:55:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-430353115-455240563-1979012898-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
c:\program files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\searchindexer.exe
c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-01-17 20:58:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-17 19:58:50
ComboFix2.txt 2009-01-15 18:29:49

Avant-CF: 32 750 424 064 octets libres
Après-CF: 32,753,180,672 octets libres

272 --- E O F --- 2008-12-18 22:08:36

Réponse 23 / 32

eZula Messages postés 3509 Statut Contributeur 392

Qu'est-ce que tu vois dans ce dossier c:\documents and settings\All Users\Application Data\533936372 ?

belette88

3 fichiers : config.udb , init.udb , langs.udb

Réponse 24 / 32

eZula Messages postés 3509 Statut Contributeur 392

Tu y tiens à Firefox, avec sa configuration actuelle ? je veux dire, si on le supprime mais que tu restaures ses marque-pages, ça te poserait un problème (tu perdrais les mots de passe, le thème, les modules complémentaires.. sauf les marque-pages)

belette88

c mon moteur de recherche j'utise pas exploreur internet donc oui j'y tien. les virus c'est a cause ke je garde mes mot de passe en memoire? si c ca alors tampi pour les mot de passe, c'etai pour pa les oublié. je doi faire koi

Réponse 25 / 32

eZula Messages postés 3509 Statut Contributeur 392

non le problème c'est qu'il est sali ton Firefox, regarde le log combofix

FF - prefs.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.w-w-w-dot-com.com/start.php
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=

YoogSearch c'est pas franchement recommandable. Supprimer FF et son profil permettra de retrouver un navigateur sain, car bien évidemment l'idée après c'est de le réinstaller.

Peux-tu poster le contenu du fichier internet GenProc\outi`\uninstall.html ? (attention pas le fichier batch, le fichier internet)

belette88

ou je les trouve pour les supprimer et comment je trouve le fichier internet genproc

Réponse 26 / 32

eZula Messages postés 3509 Statut Contributeur 392

hé bien retélécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip lance-le. S'il propose un rapport autre qu'un simple scan en ligne, poste-le. Sinon poste le contenu du fichier GenProc\outil\uninstall.html

belette88

Rapport GenProc 2.336 [1] - 17/01/2009 - Windows XP

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

__________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

Réponse 27 / 32

eZula Messages postés 3509 Statut Contributeur 392

poste le contenu du fichier GenProc\outil\uninstall.html

belette88

~~ Programmes installés ~~

"AAC Decoder"
"Acer eConsole"
"Acer eMode Management"
"Acer WLAN 11g USB Dongle"
"Acer WLAN 11g USB Dongle"
"Adobe Flash Player 9 ActiveX"
"Adobe Flash Player ActiveX"
"Adobe Reader 7.1.0"
"Adobe Shockwave Player"
"Agere Systems PCI Soft Modem"
"Assistant de connexion Windows Live"
"ATI - Utilitaire de désinstallation du logiciel"
"ATI AVIVO Codecs"
"ATI Catalyst Control Center"
"ATI Display Driver"
"ATI Parental Control & Encoder"
"AutoUpdate"
"Avira AntiVir Personal - Free Antivirus"
"Barre d'outils Outlook de Windows Live (Windows Live Toolbar)"
"Bloqueur de fenêtres pop-up (Windows Live Toolbar)"
"Catalyst Control Center Core Implementation"
"Catalyst Control Center Graphics Full Existing"
"Catalyst Control Center Graphics Full New"
"Catalyst Control Center Graphics Light"
"Catalyst Control Center Graphics Previews Common"
"Catalyst Control Center Localization Chinese Standard"
"Catalyst Control Center Localization Chinese Traditional"
"Catalyst Control Center Localization Czech"
"Catalyst Control Center Localization Danish"
"Catalyst Control Center Localization Dutch"
"Catalyst Control Center Localization Finnish"
"Catalyst Control Center Localization French"
"Catalyst Control Center Localization German"
"Catalyst Control Center Localization Greek"
"Catalyst Control Center Localization Hungarian"
"Catalyst Control Center Localization Italian"
"Catalyst Control Center Localization Japanese"
"Catalyst Control Center Localization Korean"
"Catalyst Control Center Localization Norwegian"
"Catalyst Control Center Localization Polish"
"Catalyst Control Center Localization Portuguese"
"Catalyst Control Center Localization Russian"
"Catalyst Control Center Localization Spanish"
"Catalyst Control Center Localization Swedish"
"Catalyst Control Center Localization Thai"
"Catalyst Control Center Localization Turkish"
"ccc-core-preinstall"
"ccc-core-static"
"ccc-utility"
"CCC Help Chinese Standard"
"CCC Help Chinese Traditional"
"CCC Help English"
"CCleaner (remove only)"
"Cooking Dash"
"Corel Paint Shop Pro Photo X2"
"Correctif pour Lecteur Windows Media 11 (KB939683)"
"Correctif pour Windows Internet Explorer 7 (KB947864)"
"Correctif pour Windows XP (KB952287)"
"DivX Codec"
"DivX Converter"
"DivX Converter"
"DivX Player"
"DivX Plus DirectShow Filters"
"DivX Version Checker"
"DivX Web Player"
"Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)"
"eMule Plus 1.2d"
"EPSON Attach To Email"
"EPSON Attach To Email"
"EPSON Easy Photo Print"
"EPSON File Manager"
"EPSON Logiciel imprimante"
"EPSON Scan Assistant"
"EPSON Web-To-Page"
"Extension de Windows Live Toolbar (Windows Live Toolbar)"
"filehippo.com Update Checker"
"Galerie de photos Windows Live"
"Google Toolbar for Internet Explorer"
"Guide d'utilisation ESPR240"
"H.264 Decoder"
"High Definition Audio Driver Package - KB888111"
"HijackThis 2.0.2"
"Hotfix for Windows Media Format 11 SDK (KB929399)"
"Hotfix for Windows XP (KB915800-v4)"
"Le Mystère de la Momie"
"Lecteur Windows Media 11"
"Les Chevaliers de Baphomet - Le Manuscrit de Voynich"
"LightScribe 1.4.124.1"
"Macrogaming SweetIM 2.1"
"Managed DirectX (0901)"
"Menus intelligents (Windows Live Toolbar)"
"Messenger Plus! Live & Sponsor (CiD)"
"Micro Application - Cartes de visite"
"Microsoft .NET Framework 1.1 French Language Pack"
"Microsoft .NET Framework 1.1 Hotfix (KB928366)"
"Microsoft .NET Framework 1.1"
"Microsoft .NET Framework 1.1"
"Microsoft .NET Framework 2.0 Language Pack - FRA"
"Microsoft .NET Framework 2.0 Service Pack 1"
"Microsoft Compression Client Pack 1.0 for Windows XP"
"Microsoft Internationalized Domain Names Mitigation APIs"
"Microsoft National Language Support Downlevel APIs"
"Microsoft Silverlight"
"Microsoft SQL Server 2005 Compact Edition [ENU]"
"Microsoft User-Mode Driver Framework Feature Pack 1.0"
"Microsoft Visual C++ 2005 Redistributable"
"Microsoft Visual C++ 2005 Redistributable"
"Microsoft XML Parser"
"Microsoft XML Parser"
"Mise à jour de sécurité pour Lecteur Windows Media (KB911564)"
"Mise à jour de sécurité pour Lecteur Windows Media (KB952069)"
"Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)"
"Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)"
"Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)"
"Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)"
"Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)"
"Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)"
"Mise à jour de sécurité pour Windows XP (KB938464)"
"Mise à jour de sécurité pour Windows XP (KB941569)"
"Mise à jour de sécurité pour Windows XP (KB946648)"
"Mise à jour de sécurité pour Windows XP (KB950760)"
"Mise à jour de sécurité pour Windows XP (KB950762)"
"Mise à jour de sécurité pour Windows XP (KB950974)"
"Mise à jour de sécurité pour Windows XP (KB951066)"
"Mise à jour de sécurité pour Windows XP (KB951376-v2)"
"Mise à jour de sécurité pour Windows XP (KB951376)"
"Mise à jour de sécurité pour Windows XP (KB951698)"
"Mise à jour de sécurité pour Windows XP (KB951748)"
"Mise à jour de sécurité pour Windows XP (KB952954)"
"Mise à jour de sécurité pour Windows XP (KB953839)"
"Mise à jour de sécurité pour Windows XP (KB954211)"
"Mise à jour de sécurité pour Windows XP (KB954459)"
"Mise à jour de sécurité pour Windows XP (KB954600)"
"Mise à jour de sécurité pour Windows XP (KB955069)"
"Mise à jour de sécurité pour Windows XP (KB956391)"
"Mise à jour de sécurité pour Windows XP (KB956802)"
"Mise à jour de sécurité pour Windows XP (KB956803)"
"Mise à jour de sécurité pour Windows XP (KB956841)"
"Mise à jour de sécurité pour Windows XP (KB957095)"
"Mise à jour de sécurité pour Windows XP (KB957097)"
"Mise à jour de sécurité pour Windows XP (KB958644)"
"Mise à jour de sécurité pour Windows XP (KB958687)"
"Mise à jour pour Windows XP (KB951072-v2)"
"Mise à jour pour Windows XP (KB951978)"
"Mise à jour pour Windows XP (KB955839)"
"MKV Splitter"
"Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA"
"Mozilla Firefox (3.0.5)"
"MSN"
"MSXML 4.0 SP2 (KB936181)"
"MSXML 4.0 SP2 (KB954430)"
"Navigation par onglets (Windows Live Toolbar)"
"Nero 8"
"neroxml"
"NTI Backup NOW! 4"
"NTI Backup NOW! 4"
"NTI CD & DVD-Maker"
"NTI CD & DVD-Maker"
"NVIDIA GAME System Software 2.8.1"
"OneCare Advisor (Windows Live Toolbar)"
"OpenOffice.org 2.3"
"Orange - Logiciels Internet"
"Panda ActiveScan 2.0"
"PhotoFiltre"
"PowerDVD"
"QuickTime"
"RealPlayer"
"Realtek AC'97 Audio"
"Security Update for CAPICOM (KB931906)"
"Security Update for CAPICOM (KB931906)"
"Shockwave Director 10.4"
"Shockwave Flash"
"SiSAGP driver"
"Skins"
"Spybot - Search & Destroy"
"SweetIM For Internet Explorer 3.0b"
"Tomb Raider: Underworld 1.0"
"VC80CRTRedist - 8.0.50727.762"
"VCRedistSetup"
"WebFldrs XP"
"Windows Genuine Advantage Validation Tool (KB892130)"
"Windows Genuine Advantage Validation Tool (KB892130)"
"Windows Imaging Component"
"Windows Internet Explorer 7"
"Windows Live Favorites pour Windows Live Toolbar"
"Windows Live installer"
"Windows Live Messenger"
"Windows Live Toolbar"
"Windows Live Toolbar"
"Windows Media Format 11 runtime"
"Windows Media Format 11 runtime"
"Windows Media Player 11"
"Windows Search 4.0"
"Windows XP Service Pack 3"
"winvi (remove only) "
"Yahoo! Toolbar"
hex(2):45,00,53,00,45,00,54,00,20,00,4f,00,6e,00,6c,00,69,00,6e,\

C:\Program Files\Acer
C:\Program Files\Acer TV-FM
C:\Program Files\Acer WLAN 11g USB Dongle
C:\Program Files\Adobe
C:\Program Files\antivirus
C:\Program Files\ATI Technologies
C:\Program Files\Avira
C:\Program Files\CCleaner
C:\Program Files\Corel
C:\Program Files\CyberLink
C:\Program Files\directx
C:\Program Files\DivX
C:\Program Files\Eidos
C:\Program Files\Eidos Interactive
C:\Program Files\elephant.jpg
C:\Program Files\eMule
C:\Program Files\eMulePlus-1.2d.Installer.exe
C:\Program Files\Enigma Software Group
C:\Program Files\EPSON
C:\Program Files\EsetOnlineScanner
C:\Program Files\Fichiers communs
C:\Program Files\filehippo.com
C:\Program Files\Firefox Setup 2.0.0.14.exe
C:\Program Files\Focus
C:\Program Files\Google
C:\Program Files\Internet Explorer
C:\Program Files\Lavasoft
C:\Program Files\Macrogaming
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Managed DirectX (0901)
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\Micro Application
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Silverlight
C:\Program Files\Microsoft SQL Server Compact Edition
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSXML 4.0
C:\Program Files\Nero
C:\Program Files\NetMeeting
C:\Program Files\NewTech Infosystems
C:\Program Files\Norton AntiVirus
C:\Program Files\Oberon Media
C:\Program Files\Oca History Tool
C:\Program Files\Online Services
C:\Program Files\OpenOffice.org 2.3
C:\Program Files\orange
C:\Program Files\Orange HSS
C:\Program Files\Outlook Express
C:\Program Files\Panda Security
C:\Program Files\PhotoFiltre
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\Realtek AC97
C:\Program Files\Services en ligne
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Sunbelt Software
C:\Program Files\Techcity
C:\Program Files\THQ
C:\Program Files\Trend Micro
C:\Program Files\Windows Desktop Search
C:\Program Files\Windows Live
C:\Program Files\Windows Live Favorites
C:\Program Files\windows live photo
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\xerox
C:\Program Files\Yahoo!
C:\Program Files\Zylom Games

Réponse 28 / 32

eZula Messages postés 3509 Statut Contributeur 392

Tu es toujours dans le coin ?

belette88

oui je sui toujours la. je vous ai envoyé le rapport ke vous m'aviez demandé en attente de votre reponse

Réponse 29 / 32

eZula Messages postés 3509 Statut Contributeur 392

Bien. Est-ce que tu peux supprimer combofix, le retélécharger et poster le rapport, stp http://download.bleepingcomputer.com/sUBs/ComboFix.exe

belette88

ComboFix 09-01-19.05 - laurent anais 2009-01-20 18:03:52.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.423 [GMT 1:00]
Lancé depuis: c:\documents and settings\laurent anais\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-20 au 2009-01-20 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 22:18 . 2009-01-18 22:21 <REP> d-------- c:\documents and settings\laurent anais\Application Data\SecondLife
2009-01-18 22:17 . 2009-01-18 22:18 <REP> d-------- c:\program files\SecondLife
2009-01-17 22:47 . 2009-01-18 00:55 <REP> d-------- c:\program files\EsetOnlineScanner
2009-01-14 20:10 . 2009-01-14 20:10 88 -r-hs---- c:\windows\system32\77AD716965.sys
2009-01-14 19:27 . 2009-01-14 19:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-14 19:23 . 2009-01-14 19:25 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-01-14 19:11 . 2009-01-14 19:11 <REP> d-------- c:\program files\PhotoFiltre
2009-01-14 19:00 . 2009-01-14 19:00 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\windows\system32\GroupPolicy
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\program files\Windows Desktop Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Desktop Search
2009-01-14 18:01 . 2008-03-07 18:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-01-14 18:01 . 2008-03-07 18:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-01-14 18:01 . 2008-03-07 18:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-01-13 23:02 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-13 22:52 . 2009-01-13 22:52 <REP> d-------- c:\program files\THQ
2009-01-13 22:12 . 2009-01-13 22:12 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-13 21:21 . 2009-01-13 21:21 <REP> d-------- c:\program files\filehippo.com
2009-01-13 18:34 . 2009-01-17 16:02 <REP> d----c--- C:\Baphomet
2009-01-13 18:14 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-13 18:13 . 2009-01-13 18:13 <REP> d-------- c:\program files\Panda Security
2009-01-12 22:02 . 2009-01-14 18:53 <REP> d-------- c:\program files\Trend Micro
2009-01-12 21:41 . 2009-01-12 21:41 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-12 21:39 . 2009-01-14 19:42 <REP> d-------- c:\windows\ERUNT
2009-01-12 21:39 . 2009-01-17 12:16 <REP> d----c--- C:\Backups
2009-01-11 21:34 . 2009-01-11 22:02 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 21:34 . 2009-01-19 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\Yahoo!
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\CCleaner
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Yahoo!
2009-01-11 21:29 . 2009-01-14 17:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 21:07 . 2009-01-11 21:07 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-11 21:07 . 2009-01-11 21:11 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Deskbar_{80FA45F7-B41F-470c-86A3-A38414374191}
2009-01-11 20:50 . 2009-01-11 21:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 20:50 . 2009-01-11 20:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 20:40 . 2009-01-11 20:40 <REP> d-------- c:\program files\Enigma Software Group
2009-01-11 16:23 . 2009-01-11 16:23 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-11 14:26 . 2009-01-13 17:18 <REP> d-------- c:\documents and settings\All Users\Application Data\533936372
2009-01-11 12:13 . 2009-01-11 12:13 268 --ah-c--- C:\sqmdata14.sqm
2009-01-11 12:13 . 2009-01-11 12:13 244 --ah-c--- C:\sqmnoopt14.sqm
2009-01-10 11:46 . 2009-01-10 11:46 268 --ah-c--- C:\sqmdata13.sqm
2009-01-10 11:46 . 2009-01-10 11:46 244 --ah-c--- C:\sqmnoopt13.sqm
2009-01-07 21:49 . 2009-01-07 21:49 <REP> d----c--- C:\TMOTM
2009-01-07 21:44 . 2004-04-16 20:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-01 17:52 . 2009-01-01 17:52 <REP> d----c--- C:\MicroGaming
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Games
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-27 23:08 . 2008-12-27 23:08 <REP> d-------- c:\windows\system32\AGEIA
2008-12-27 23:00 . 2008-12-27 23:00 <REP> d-------- c:\program files\Focus
2008-12-26 19:03 . 2008-12-26 19:03 244 --ah-c--- C:\sqmnoopt12.sqm
2008-12-26 19:03 . 2008-12-26 19:03 232 --ah-c--- C:\sqmdata12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 16:46 --------- d-----w c:\documents and settings\laurent anais\Application Data\OpenOffice.org2
2009-01-18 13:43 3,532 -c--a-w C:\drmHeader.bin
2009-01-14 19:44 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-14 19:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\Corel
2009-01-14 18:23 --------- d-----w c:\program files\Corel
2009-01-11 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 15:25 --------- d-----w c:\program files\Lavasoft
2009-01-11 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 20:36 --------- d-----w c:\program files\DivX
2009-01-04 17:54 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-04 17:53 88 --sh--r c:\documents and settings\All Users\Application Data\77AD716965.sys
2008-12-27 22:08 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-27 22:08 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-03 20:57 --------- d-----w c:\program files\Micro Application
2008-11-28 17:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\InstallShield
2008-11-28 17:08 --------- d-----w c:\program files\Eidos
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-06-20 17:06 5,632 --sha-w c:\program files\Thumbs.db
2008-06-16 19:23 2,648,090 ----a-w c:\program files\eMulePlus-1.2d.Installer.exe
2008-05-16 18:42 6,115,448 ----a-w c:\program files\Firefox Setup 2.0.0.14.exe
2008-05-15 18:10 35,203 ----a-w c:\program files\elephant.jpg
2008-02-19 20:18 47,360 ----a-w c:\documents and settings\laurent anais\Application Data\pcouffin.sys
2009-01-05 13:04 650,240 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
2007-08-15 21:39 56 --sh--r c:\windows\system32\656971AD77.sys
2008-08-30 15:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_19.28.42.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-15 19:05:35 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2009-01-15 19:05:39 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2009-01-15 19:05:41 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2009-01-15 19:05:40 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2009-01-15 19:05:44 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2009-01-15 19:05:45 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2009-01-15 19:05:50 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2009-01-15 19:05:51 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2009-01-15 19:05:55 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2009-01-15 19:05:57 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2009-01-15 19:06:00 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2009-01-15 19:06:03 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2009-01-15 19:06:05 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2009-01-15 19:06:07 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2009-01-15 19:06:07 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2009-01-15 19:06:09 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2009-01-15 19:06:10 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2009-01-15 19:06:12 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2009-01-15 19:06:42 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2009-01-15 19:06:43 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2009-01-15 19:06:47 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2009-01-15 19:06:37 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2007-07-27 13:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 11:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2008-02-11 08:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 08:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 12:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 07:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 09:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-07 77824]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\laurent anais\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-13 28544]
S3 CAM1210;SM0121 USB 2.0 Video Camera;c:\windows\system32\drivers\cam1210.sys [2006-07-24 89856]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-01-17 c:\windows\Tasks\Update Checker.job
- c:\progra~1\FILEHI~1.COM\UPDATE~1.EXE [2008-12-31 12:22]

2009-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8bebaba9299846cd8b3462399d909966
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8bebaba9299846cd8b3462399d909966
TCP: {6560E730-C9E6-4205-8C89-8699C603188E} = 192.168.1.1
DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} - hxxps://clients.cdiscount.com/ediag/activex/CDiscount.cab
FF - ProfilePath - c:\documents and settings\laurent anais\Application Data\Mozilla\Firefox\Profiles\suite.User0\
FF - prefs.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.w-w-w-dot-com.com/start.php
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.proxy.type - 0
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 18:06:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-430353115-455240563-1979012898-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-20 18:08:54
ComboFix-quarantined-files.txt 2009-01-20 17:08:52
ComboFix2.txt 2009-01-17 19:58:56
ComboFix3.txt 2009-01-15 18:29:49

Avant-CF: 30 254 882 816 octets libres
Après-CF: 30,248,501,248 octets libres

272 --- E O F --- 2008-12-18 22:08:36

Réponse 30 / 32

eZula Messages postés 3509 Statut Contributeur 392

tape about:config dans la barre d'adresse de FF, valide et cherche les valeurs suivantes (Filtre) et modifie-les comme je t'indique de manière totalement arbitraire

browser.search.defaulturl -> https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl
browser.search.selectedEngine -> Google
keyword.URL -> https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl

Ensuite, ferme Firefox. Supprime le fichier
c:\program files\Mozilla Firefox\components\nsdcads.dll s'il existe encore. Vas dans le répertoire caché c:\documents and settings\laurent anais\Application Data\Mozilla\Firefox\Profiles\suite.User0
mets le fichier user.js à la corbeille, et ne la vide pas.

Redémarre l'ordinateur. Relance combofix normalement et poste le rapport.

belette88

ComboFix 09-01-19.05 - laurent anais 2009-01-20 19:04:46.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.537 [GMT 1:00]
Lancé depuis: c:\documents and settings\laurent anais\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-20 au 2009-01-20 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 22:18 . 2009-01-20 18:49 <REP> d-------- c:\documents and settings\laurent anais\Application Data\SecondLife
2009-01-18 22:17 . 2009-01-18 22:18 <REP> d-------- c:\program files\SecondLife
2009-01-17 22:47 . 2009-01-18 00:55 <REP> d-------- c:\program files\EsetOnlineScanner
2009-01-14 20:10 . 2009-01-14 20:10 88 -r-hs---- c:\windows\system32\77AD716965.sys
2009-01-14 19:27 . 2009-01-14 19:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-14 19:23 . 2009-01-14 19:25 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-01-14 19:11 . 2009-01-14 19:11 <REP> d-------- c:\program files\PhotoFiltre
2009-01-14 19:00 . 2009-01-14 19:00 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\windows\system32\GroupPolicy
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\program files\Windows Desktop Search
2009-01-14 18:02 . 2009-01-14 18:02 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Windows Desktop Search
2009-01-14 18:01 . 2008-03-07 18:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-01-14 18:01 . 2008-03-07 18:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-01-14 18:01 . 2008-03-07 18:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-01-13 23:02 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-13 22:52 . 2009-01-13 22:52 <REP> d-------- c:\program files\THQ
2009-01-13 22:12 . 2009-01-13 22:12 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-13 21:21 . 2009-01-13 21:21 <REP> d-------- c:\program files\filehippo.com
2009-01-13 18:34 . 2009-01-17 16:02 <REP> d----c--- C:\Baphomet
2009-01-13 18:14 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-13 18:13 . 2009-01-13 18:13 <REP> d-------- c:\program files\Panda Security
2009-01-12 22:02 . 2009-01-14 18:53 <REP> d-------- c:\program files\Trend Micro
2009-01-12 21:41 . 2009-01-12 21:41 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-12 21:39 . 2009-01-14 19:42 <REP> d-------- c:\windows\ERUNT
2009-01-12 21:39 . 2009-01-17 12:16 <REP> d----c--- C:\Backups
2009-01-11 21:34 . 2009-01-11 22:02 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 21:34 . 2009-01-19 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\Yahoo!
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\program files\CCleaner
2009-01-11 21:29 . 2009-01-11 21:29 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Yahoo!
2009-01-11 21:29 . 2009-01-14 17:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 21:07 . 2009-01-11 21:07 <REP> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-11 21:07 . 2009-01-11 21:11 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Deskbar_{80FA45F7-B41F-470c-86A3-A38414374191}
2009-01-11 20:50 . 2009-01-11 21:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 20:50 . 2009-01-11 20:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 20:40 . 2009-01-11 20:40 <REP> d-------- c:\program files\Enigma Software Group
2009-01-11 16:23 . 2009-01-11 16:23 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-11 14:26 . 2009-01-13 17:18 <REP> d-------- c:\documents and settings\All Users\Application Data\533936372
2009-01-11 12:13 . 2009-01-11 12:13 268 --ah-c--- C:\sqmdata14.sqm
2009-01-11 12:13 . 2009-01-11 12:13 244 --ah-c--- C:\sqmnoopt14.sqm
2009-01-10 11:46 . 2009-01-10 11:46 268 --ah-c--- C:\sqmdata13.sqm
2009-01-10 11:46 . 2009-01-10 11:46 244 --ah-c--- C:\sqmnoopt13.sqm
2009-01-07 21:49 . 2009-01-07 21:49 <REP> d----c--- C:\TMOTM
2009-01-07 21:44 . 2004-04-16 20:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-01 17:52 . 2009-01-01 17:52 <REP> d----c--- C:\MicroGaming
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\laurent anais\Application Data\Games
2008-12-27 23:09 . 2008-12-27 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-27 23:08 . 2008-12-27 23:08 <REP> d-------- c:\windows\system32\AGEIA
2008-12-27 23:00 . 2008-12-27 23:00 <REP> d-------- c:\program files\Focus
2008-12-26 19:03 . 2008-12-26 19:03 244 --ah-c--- C:\sqmnoopt12.sqm
2008-12-26 19:03 . 2008-12-26 19:03 232 --ah-c--- C:\sqmdata12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 18:03 --------- d-----w c:\documents and settings\laurent anais\Application Data\OpenOffice.org2
2009-01-18 13:43 3,532 -c--a-w C:\drmHeader.bin
2009-01-14 19:44 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-14 19:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\Corel
2009-01-14 18:23 --------- d-----w c:\program files\Corel
2009-01-11 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 15:25 --------- d-----w c:\program files\Lavasoft
2009-01-11 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 20:36 --------- d-----w c:\program files\DivX
2009-01-04 17:54 2,516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-04 17:53 88 --sh--r c:\documents and settings\All Users\Application Data\77AD716965.sys
2008-12-27 22:08 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-12-27 22:08 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-03 20:57 --------- d-----w c:\program files\Micro Application
2008-11-28 17:10 --------- d-----w c:\documents and settings\laurent anais\Application Data\InstallShield
2008-11-28 17:08 --------- d-----w c:\program files\Eidos
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-06-20 17:06 5,632 --sha-w c:\program files\Thumbs.db
2008-06-16 19:23 2,648,090 ----a-w c:\program files\eMulePlus-1.2d.Installer.exe
2008-05-16 18:42 6,115,448 ----a-w c:\program files\Firefox Setup 2.0.0.14.exe
2008-05-15 18:10 35,203 ----a-w c:\program files\elephant.jpg
2008-02-19 20:18 47,360 ----a-w c:\documents and settings\laurent anais\Application Data\pcouffin.sys
2007-08-15 21:39 56 --sh--r c:\windows\system32\656971AD77.sys
2008-08-30 15:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
"PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-07 77824]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\laurent anais\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-13 28544]
S3 CAM1210;SM0121 USB 2.0 Video Camera;c:\windows\system32\drivers\cam1210.sys [2006-07-24 89856]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\LAUREN~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-01-17 c:\windows\Tasks\Update Checker.job
- c:\progra~1\FILEHI~1.COM\UPDATE~1.EXE [2008-12-31 12:22]

2009-01-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8bebaba9299846cd8b3462399d909966
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8bebaba9299846cd8b3462399d909966
TCP: {6560E730-C9E6-4205-8C89-8699C603188E} = 192.168.1.1
DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} - hxxps://clients.cdiscount.com/ediag/activex/CDiscount.cab
FF - ProfilePath - c:\documents and settings\laurent anais\Application Data\Mozilla\Firefox\Profiles\suite.User0\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - google
FF - prefs.js: browser.startup.homepage - hxxp://www.w-w-w-dot-com.com/start.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 19:07:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-430353115-455240563-1979012898-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-20 19:09:46
ComboFix-quarantined-files.txt 2009-01-20 18:09:42
ComboFix2.txt 2009-01-20 17:08:57
ComboFix3.txt 2009-01-17 19:58:56
ComboFix4.txt 2009-01-15 18:29:49

Avant-CF: 30 203 265 024 octets libres
Après-CF: 30,192,623,616 octets libres

226 --- E O F --- 2008-12-18 22:08:36

Réponse 31 / 32

eZula Messages postés 3509 Statut Contributeur 392

Où estimes-tu en être après cette montagne de manipulations, et par rapport aux problèmes de départ ?

belette88

pour le problemen de depart c nikel et meme plus que j'esperé, merci! plu de bloquage a cause des virus par contre internet exporeur n'affiche toujour rien quan je click sur cheker pour les mise a jour. mauvaise configuration?

Réponse 32 / 32

eZula Messages postés 3509 Statut Contributeur 392

Essaye ceci peut être http://www.libellules.ch/reparer_internet_explorer.php

belette88

voila ca a marché tout est ok
je vous remercie pour toute ces manip
bonne soirée
comment je met le statut resolu?

Virus system security et sur bureau

32 réponses

Votre réponse

Discussions similaires

Newsletters