Eliminer le cheval de troie NaviPromo AA & AF

Résolu
germainepoux -  
 calidaho -
Bonjour,
Cela fait une semaine que j'essaie de supprimer un cheval de troie. J'ai réussi à trouvé le nom "NaviPromo AA et AF". Je suis venue voir sur ce forum pour trouver une solution. J'ai téléchagé et installé Navilog1. Je l'ai lancer une première fois avec le choix 1; une deuxième fois avec le choix 2. Puis j'ai installé Hijackthis, que j'ai lancé.
Voici ce que j'obtiens, je voudrais savoir si c'est bon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:22, on 16/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\p2phost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S5CC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b2a4fa6ec283) (gupdate1c9b2a4fa6ec283) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12812 bytes
Configuration: Windows Vista Internet Explorer 7.0

12 réponses

  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Il n'y a apparemment plus d'infection navipromo, navilog a bien fait son travail ;)

    Par contre, il y a deux autres infections (n'essaye pas de fixer ces lignes avec hijackthis, ou de supprimer les fichiers manuellement !) :

    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe

    On va commencer par s'occuper de la barre d'outil néfaste (AskBar)...
    Pour éviter ce genre d'infection, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    • Fais un clic-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu' Administrateur"
    • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    • Poste le rapport généré. (C:\TB.txt)

    0
    1. germainepoux
       
      voici le rapport

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
      BIOS : Ver 1.00PARTTBL
      USER : Aline ( Not Administrator ! )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
      C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 16/05/2009|16:48 )

      [ UAC => 1 ]

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\AskBarDis
      C:\Program Files\AskBarDis\bar
      C:\Program Files\AskBarDis\unins000.dat
      C:\Program Files\AskBarDis\unins000.exe
      C:\Program Files\AskBarDis\bar\bin
      C:\Program Files\AskBarDis\bar\Settings
      C:\Program Files\AskBarDis\bar\bin\askBar.dll
      C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
      C:\Program Files\AskBarDis\bar\bin\psvince.dll
      C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
      C:\Program Files\AskBarDis\bar\Settings\config.dat
      C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://home.sweetim.com/"
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]

      -----------\\ Fin du rapport a 16:49:28,71
      0
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    • Fais un clic-droit sur le raccourci Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu'administrateur"
    • Tape sur "2" puis valide en appuyant sur "Entrée".
    • Ne ferme pas la fenêtre lors de la suppression !
    • Un rapport sera généré, poste son contenu ici.

    0
    1. germainepoux
       
      voila ce que j'obtiens

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
      BIOS : Ver 1.00PARTTBL
      USER : Aline ( Not Administrator ! )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
      C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [2] ( 16/05/2009|17:50 )

      [ UAC => 1 ]

      -----------\\ SUPPRESSION

      Supprime! - C:\Program Files\AskBarDis\bar
      Supprime! - C:\Program Files\AskBarDis\unins000.dat
      Supprime! - C:\Program Files\AskBarDis\unins000.exe
      Supprime! - C:\Program Files\AskBarDis

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr/"
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\273143-7-cracks-risques[1].htm
      C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\dref=http%253A%252F%252Fwww.infos-du-net[1].com%252Fforum%252F273143-7-cracks-risques


      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 16/05/2009|17:51 - Option : [2]

      -----------\\ Fin du rapport a 17:51:54,16
      0
      1. germainepoux > germainepoux
         
        Désolée j'avais oublié de l'exécuté en tant qu'administrateur, donc je l'ai relancé, voila le nouveau rapport


        -----------\\ ToolBar S&D 1.2.8 XP/Vista

        Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
        X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
        BIOS : Ver 1.00PARTTBL
        USER : Aline ( Not Administrator ! )
        BOOT : Normal boot
        Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
        C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
        D:\ (CD or DVD)

        "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
        Option : [2] ( 16/05/2009|17:57 )

        [ UAC => 1 ]

        -----------\\ Recherche de Fichiers / Dossiers ...


        -----------\\ [..\Internet Explorer\Main]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Local Page"="C:\\Windows\\system32\\blank.htm"
        "Search Page"="https://www.google.com/?gws_rd=ssl"
        "Start Page"="https://www.google.com/?gws_rd=ssl"
        "Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
        "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
        "Url"="https://www.msn.com/fr-fr/actualite/"

        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="https://www.msn.com/fr-fr/"
        "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
        "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
        "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


        --------------------\\ Recherche d'autres infections

        --------------------\\ Cracks & Keygens ..

        C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\273143-7-cracks-risques[1].htm
        C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\dref=http%253A%252F%252Fwww.infos-du-net[1].com%252Fforum%252F273143-7-cracks-risques


        [ UAC => 1 ]


        1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]
        2 - "C:\ToolBar SD\TB_2.txt" - 16/05/2009|17:51 - Option : [2]
        3 - "C:\ToolBar SD\TB_3.txt" - 16/05/2009|17:58 - Option : [2]

        -----------\\ Fin du rapport a 17:58:10,80
        0
  3. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, on va s'occuper du reste :

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

    0
    1. germainepoux
       
      rapport malwarebytes

      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2142
      Windows 6.0.6001 Service Pack 1

      16/05/2009 18:41:26
      mbam-log-2009-05-16 (18-41-26).txt

      Type de recherche: Examen rapide
      Eléments examinés: 76863
      Temps écoulé: 9 minute(s), 58 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  4. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    • Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
    • Double-clique sur OTMoveIt3.exe afin de le lancer.
    • Clique sur ce lien et copie le script qu'il contient.
    • Colle le script dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit.
    • Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
    • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
    Le nom du rapport correspond au moment de sa création : date_heure.log

    0
    1. germainepoux
       
      le rapport
      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File move failed. C:\Windows\system32\FreezeScreenSaver.exe scheduled to be moved on reboot.
      ========== SERVICES/DRIVERS ==========
      Service\Driver FreezeScreenSaver not found.
      Unable to delete service\driver keyFreezeScreenSaver.
      ========== COMMANDS ==========
      File delete failed. C:\Users\Aline\AppData\Local\Temp\ppcrlui_4548_2 scheduled to be deleted on reboot.
      File delete failed. C:\Users\Aline\AppData\Local\Temp\~ROMFN_00000858 scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_185603
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    OTMoveIt n'a pas réussi à supprimer FreezeScreenSaver...

    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    /!\ Désactive tous tes logiciels de protection /!\

    • Télécharge ComboFix (de sUBs) sur ton Bureau.
    • Double-clique sur ComboFix.exe afin de le lancer.
    • Il va te demander d'installer la console de récupération : accepte.
    • Ne touche à rien pendant le scan.
    • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    0
    1. germainepoux
       
      Probleme : je n'arrive pas à désactiver avast (antivirus et antispyware)
      pourtant je vais dans Scanner résident Avast et je clique sur terminer, il m'affiche comme état : désactivé mais Combofix me demande de désactiver avast! antivirus 4.8.1296 (antivirus et antispyware)
      Je ne sais pas comment faire ?

      J'ai également AVG, j'ai ignorer l'état de tous les composants, est-ce que ça suffit ? Combofix ne m'a rien dit la dessus.
      0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Pour désactiver Avast, je crois qu'il faut faire un clic-droit sur l'icone d'Avast et cliquer sur "Arrêter la protection résidente".

    Pour AVG je ne sais plus.

    Dans tous les cas, il est fortement déconseillé d'avoir deux antivirus différents, ils risquent de rentrer en conflit, et vont ralentir lourdement ton ordinateur (surtout ces deux là qui ne sont pas top...)

    Une fois que tu en auras désinstallé un et désactivé l'autre, tu peux lancer Combofix. S'il t'affiche encore une alerte, ignore la.

    0
    1. germainepoux
       
      j'ai désinstallé avast et désactivé AVG.
      Quel antivirus me conseille-tu ?

      voici le rapport de Combofix
      ComboFix 09-05-15.08 - Aline 17/05/2009 15:52.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.1993 [GMT 2:00]
      Lancé depuis: c:\users\Aline\Desktop\ComboFix.exe
      SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .
      /wow section - STAGE 1
      'PV' n'est pas reconnu en tant que commande interne
      ou externe, un programme exécutable ou un fichier de commandes.


      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\$recycle.bin\S-1-5-21-1038951691-2387425700-135970857-1003\$ILORWYE.lnk
      c:\$recycle.bin\S-1-5-21-1038951691-2387425700-135970857-1003\$RLORWYE.lnk
      c:\users\Aline\AppData\Roaming\.#

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_FreezeScreenSaver


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-17 au 2009-05-17 ))))))))))))))))))))))))))))))))))))
      .

      2009-05-17 14:00 . 2009-05-17 14:00 -------- d-sh--w C:\$RECYCLE.BIN
      2009-05-17 13:48 . 2009-05-17 13:48 6736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS
      2009-05-16 16:56 . 2009-05-16 16:56 -------- d-----w C:\_OTMoveIt
      2009-05-16 14:48 . 2009-05-16 15:58 -------- d-----w C:\ToolBar SD
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\Aline\AppData\Roaming\Malwarebytes
      2009-05-16 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-05-16 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\programdata\Malwarebytes
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\All Users\Malwarebytes
      2009-05-16 14:16 . 2009-05-16 14:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-05-16 14:11 . 2009-05-16 14:44 -------- d-----w c:\program files\CCleaner
      2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\users\Aline\AppData\Roaming\PeerNetworking
      2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\program files\Trend Micro
      2009-05-16 13:46 . 2009-05-16 13:46 812344 ----a-w c:\program files\HJTInstall.exe
      2009-05-16 13:27 . 2008-06-05 16:18 5737 ----a-w c:\users\Aline\AppData\Local\gnc.exe
      2009-05-16 12:39 . 2009-05-16 12:39 88 ----a-w c:\users\Aline\AppData\Local\kwqym.bat
      2009-05-16 12:39 . 2009-05-16 12:39 89800 ----a-w c:\users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-05-16 12:34 . 2009-05-16 14:54 -------- d-----w c:\program files\Navilog1
      2009-05-15 17:30 . 2009-05-15 17:46 -------- d-----w C:\Downloads
      2009-05-12 14:21 . 2009-05-16 23:03 -------- d-----w c:\users\Aline\AppData\Roaming\Free Download Manager
      2009-05-12 14:21 . 2009-05-12 14:21 -------- d-----w c:\program files\Free Download Manager
      2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\programdata\Azureus
      2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\users\All Users\Azureus
      2009-05-12 13:05 . 2009-05-17 13:42 -------- d-----w c:\users\Aline\AppData\Roaming\Azureus
      2009-05-12 13:04 . 2009-05-12 13:04 -------- d-----w c:\program files\Vuze
      2009-05-12 12:54 . 2009-05-12 12:56 -------- d-----w c:\program files\Azureus4.2.0.2
      2009-05-12 10:28 . 2009-05-15 17:48 -------- d-----w c:\users\Aline\AppData\Roaming\UseNeXT
      2009-05-12 10:27 . 2009-05-12 10:27 -------- d-----w c:\program files\UseNeXT
      2009-05-12 09:35 . 2009-05-12 09:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
      2009-05-12 09:35 . 2009-05-12 09:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
      2009-05-12 09:35 . 2009-05-12 09:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
      2009-05-12 09:35 . 2009-05-12 09:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
      2009-05-12 09:35 . 2009-05-16 22:13 -------- d-----w c:\windows\system32\drivers\Avg
      2009-05-12 09:34 . 2009-05-12 09:34 23832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
      2009-05-10 14:53 . 2009-05-16 10:56 -------- d--h--w C:\$AVG8.VAULT$
      2009-05-10 14:07 . 2009-05-10 14:07 -------- d-----w c:\program files\AVG
      2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\programdata\avg8
      2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\users\All Users\avg8
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\Aline\AppData\Roaming\Grisoft
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\programdata\Grisoft
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\All Users\Grisoft
      2009-05-04 21:31 . 2009-05-04 21:31 -------- d-----w c:\program files\Common Files\DivX Shared

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-05-17 12:58 . 2006-03-11 02:02 678968 ----a-w c:\windows\system32\perfh00C.dat
      2009-05-17 12:58 . 2006-03-11 02:02 128004 ----a-w c:\windows\system32\perfc00C.dat
      2009-05-04 21:31 . 2009-01-23 22:55 -------- d-----w c:\program files\DivX
      2009-04-30 14:27 . 2009-04-30 14:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
      2009-04-23 21:07 . 2008-07-21 11:18 -------- d-----w c:\program files\Java
      2009-04-16 20:04 . 2009-04-16 20:04 -------- d-----w c:\program files\Flash
      2009-04-16 11:53 . 2009-04-16 11:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2009-04-15 21:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
      2009-04-15 21:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
      2009-04-15 21:18 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
      2009-04-15 21:18 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
      2009-04-15 17:58 . 2009-04-15 17:58 1878888 ----a-w c:\program files\install_flash_player.exe
      2009-04-09 11:06 . 2008-07-01 17:06 27839 ----a-w c:\users\Aline\AppData\Roaming\nvModes.dat
      2009-04-01 08:38 . 2009-04-01 08:38 -------- d-----w c:\program files\Common Files\xing shared
      2009-04-01 08:38 . 2008-11-30 12:27 -------- d-----w c:\program files\Common Files\Real
      2009-04-01 08:36 . 2006-03-10 18:51 -------- d-----w c:\program files\Google
      2009-03-17 03:38 . 2009-04-15 13:28 13824 ----a-w c:\windows\system32\apilogen.dll
      2009-03-17 03:38 . 2009-04-15 13:28 24064 ----a-w c:\windows\system32\amxread.dll
      2009-03-09 03:19 . 2008-12-22 15:15 410984 ----a-w c:\windows\system32\deploytk.dll
      2009-03-07 18:18 . 2009-03-07 18:24 6228072 ----a-w c:\program files\Setup_FreeConverter.exe
      2009-03-03 04:46 . 2009-04-15 13:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
      2009-03-03 04:46 . 2009-04-15 13:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
      2009-03-03 04:40 . 2009-04-15 13:28 827392 ----a-w c:\windows\system32\wininet.dll
      2009-03-03 04:39 . 2009-04-15 13:28 183296 ----a-w c:\windows\system32\sdohlp.dll
      2009-03-03 04:39 . 2009-04-15 13:28 551424 ----a-w c:\windows\system32\rpcss.dll
      2009-03-03 04:39 . 2009-04-15 13:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
      2009-03-03 04:37 . 2009-04-15 13:28 78336 ----a-w c:\windows\system32\ieencode.dll
      2009-03-03 04:37 . 2009-04-15 13:28 98304 ----a-w c:\windows\system32\iasrecst.dll
      2009-03-03 04:37 . 2009-04-15 13:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
      2009-03-03 04:37 . 2009-04-15 13:28 54784 ----a-w c:\windows\system32\iasads.dll
      2009-03-03 03:04 . 2009-04-15 13:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
      2009-03-03 02:38 . 2009-04-15 13:28 17408 ----a-w c:\windows\system32\iashost.exe
      2009-03-03 02:28 . 2009-04-15 13:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
      2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
      2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
      2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
      2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
      2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
      2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
      2008-12-22 15:49 . 2008-12-22 15:49 129761 ----a-w c:\program files\DicOOo.sxw
      2008-12-22 15:08 . 2008-12-22 15:08 9329107 ----a-w c:\program files\LanguageTool-0.9.2.oxt
      2008-09-04 14:15 . 2008-09-04 15:04 5948741 ----a-w c:\program files\dmaths310.zip
      2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
      2008-09-20 08:13 . 2008-09-20 08:13 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
      2006-10-11 08:04 . 2006-03-10 18:42 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
      2006-10-11 08:04 . 2006-03-10 18:42 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
      2006-10-11 08:05 . 2006-03-10 18:42 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
      2006-10-11 08:05 . 2006-03-10 18:42 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
      2006-10-11 08:04 . 2006-03-10 18:42 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
      2006-03-11 02:50 . 2006-03-11 02:08 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
      2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPSON Stylus DX8400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 29744]
      "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
      "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
      "SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]
      "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928]
      "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 198160]
      "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]

      c:\users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
      OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

      c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
      OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
      "{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
      "{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
      "{84F69530-94CB-4C22-AF44-72F615F148CE}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
      "{1AB281BB-3029-4BF9-A6C5-19B394261558}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
      "{34BF6101-1E32-48E5-A0A3-7A4285589200}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
      "{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

      R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35 12552]
      R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34 23832]
      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/05/2009 11:35 325896]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/05/2009 11:35 108552]
      R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/05/2009 11:35 908568]
      R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/05/2009 11:35 298776]
      R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [12/05/2009 11:35 1366904]
      R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]
      R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58 281088]
      S2 gupdate1c9b2a4fa6ec283;Service Google Update (gupdate1c9b2a4fa6ec283);c:\program files\Google\Update\GoogleUpdate.exe [01/04/2009 10:36 133104]
      S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/03/2006 20:52 29744]
      S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16 28224]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-05-17 c:\windows\Tasks\Extension de garantie.job
      - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]

      2009-05-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36]

      2008-07-15 c:\windows\Tasks\HDReg.job
      - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

      2008-07-12 c:\windows\Tasks\PBReg.job
      - c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

      2008-08-14 c:\windows\Tasks\PBRegbk.job
      - c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

      2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
      - c:\windows\system32\msfeedssync.exe [2008-09-13 07:33]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
      HKLM-Run-EoEngine - (no file)


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.com/
      mWindow Title =
      uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
      IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
      IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
      IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
      Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      FF - ProfilePath - c:\users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
      FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
      FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

      ---- PARAMETRES FIREFOX ----
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-17 16:00
      Windows 6.0.6001 Service Pack 1 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...


      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\System32\audiodg.exe
      c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      c:\progra~1\AVG\AVG8\avgam.exe
      c:\progra~1\AVG\AVG8\avgrsx.exe
      c:\progra~1\AVG\AVG8\avgnsx.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      c:\windows\System32\conime.exe
      c:\windows\System32\rundll32.exe
      c:\program files\AVG\AVG8\avgtray.exe
      c:\windows\System32\rundll32.exe
      c:\program files\OpenOffice.org 2.2\program\soffice.exe
      c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
      c:\program files\OpenOffice.org 2.2\program\soffice.bin
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-05-17 16:06 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-05-17 14:06

      Avant-CF: 94 555 844 608 octets libres
      Après-CF: 94 371 016 704 octets libres

      303 --- E O F --- 2009-05-15 17:09
      0
  8. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Je te donnerai des conseils pour sécuriser ton ordinateur à la fin de la désinfection ;)

    Il reste une infection mineure

    ● Désactive le contrôle des comptes utilisateurs : Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.
    ● Désactive également ton antivirus, car il risque de faire de fausses alertes sur le programme suivant.

    ● Télécharge Ad-Remover (de C_XX) sur ton Bureau.

    /!\ Déconnecte toi et ferme toutes les applications en cours /!\

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Fais un clic-droit sur le raccourci créé et clique sur "Exécuter en temps qu'administrateur"
    ● Au menu principal choisis l'option "A"
    ● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

    Aide en images : Installation
    Aide en images : Recherche.

    0
    1. germainepoux
       
      voilà le rapport


      ------- LOGFILE OF AD-REMOVER 1.1.3.9 | ONLY XP/VISTA -------

      Updated by C_XX on 16/05/2009 at 21:15
      Contact: AdRemover.contact@gmail.com
      Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

      Start at: 16:59:06, 17/05/2009 | Boot mode: Normal Boot
      Option: Scan | Executed from: C:\Program Files\Ad-remover\
      Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
      Computer Name: PC-DE-ALINE
      Current User: Aline - Administrator
      Drive(s):
      - C:\ (File System: NTFS)

      (!) -- C:\Users\collŠge\Ntuser.dat Loaded as: 'HKU\collŠge'

      ============ Known Adwares Found ============

      .
      .
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atdmt[2].txt

      +-----------------| Eorezo Elements Found:

      HKCU\Software\EoRezo
      HKU\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Eorezo
      .
      C:\Users\Aline\AppData\Roaming\EoRezo
      C:\Users\collŠge\AppData\Roaming\Eorezo

      +-----------------| It's TV Elements Found:

      .

      +-----------------| Sweetim Elements Found:

      HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
      HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
      HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
      HKCR\MediaPlayer.GraphicsUtils
      HKCR\MediaPlayer.GraphicsUtils.1
      HKCR\MgMediaPlayer.GifAnimator
      HKCR\MgMediaPlayer.GifAnimator.1
      HKCR\SWEETIE.IEToolbar
      HKCR\SWEETIE.IEToolbar.1
      HKCR\SWEETIE.SWEETIE
      HKCR\SWEETIE.SWEETIE.3
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
      HKCR\Toolbar3.SWEETIE
      HKCR\Toolbar3.SWEETIE.1
      HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
      HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
      HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
      HKCU\Software\SweetIM
      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\MediaPlayer.GraphicsUtils
      HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
      HKLM\Software\Classes\MgMediaPlayer.GifAnimator
      HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
      HKLM\Software\Classes\SWEETIE.IEToolbar
      HKLM\Software\Classes\SWEETIE.IEToolbar.1
      HKLM\Software\Classes\SWEETIE.SWEETIE
      HKLM\Software\Classes\SWEETIE.SWEETIE.3
      HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
      HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
      HKLM\Software\Classes\Toolbar3.SWEETIE
      HKLM\Software\Classes\Toolbar3.SWEETIE.1
      HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
      HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
      HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
      HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
      HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
      HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\SweetIM
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
      HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Sweetim
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
      .
      C:\Windows\Installer\11c796c.msi
      C:\Windows\Installer\11c7971.msi
      C:\Program Files\SweetIM
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\searchplugins\sweetim.xml
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\SweetIMToolbarData
      C:\ProgramData\SweetIM
      C:\Users\Aline\Appdata\LocalLow\SweetIM

      +-----------------| Added Scan:

      ---- Mozilla FireFox Version 2.0 ----

      ProfilePath: 4eo6avwd.default (Aline)
      .
      (Prefs.js) user_pref("browser.search.defaultenginename", "SweetIM Search");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
      (Prefs.js) user_pref("browser.search.selectedEngine", "SweetIM Search");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
      (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
      (Prefs.js) user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
      .
      (Prefs.js) Found: user_pref("browser.search.defaultenginename", "SweetIM Search");
      (Prefs.js) Found: user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) Found: user_pref("browser.search.selectedEngine", "SweetIM Search");
      (Prefs.js) Found: user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) Found: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) Found: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
      (Prefs.js) Found: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
      (Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
      (Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
      (Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
      (Prefs.js) Found: user_pref("sweetim.toolbar.mode.debug", "false");
      (Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
      (Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
      (Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
      (Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
      (Prefs.js) Found: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://packardbell-partner/locale/partner.properties");
      (Prefs.js) Found: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
      (Prefs.js) Found: user_pref("sweetim.toolbar.search.history", "streaming%20dexter%20saison%202");
      (Prefs.js) Found: user_pref("sweetim.toolbar.search.history.capacity", "10");
      (Prefs.js) Found: user_pref("sweetim.toolbar.simapp_id", "{D4A76A96-E77B-4240-A515-E4B2C36BC2E4}");
      (Prefs.js) Found: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) Found: user_pref("sweetim.toolbar.version", "1.0.0.8");

      ---- Internet Explorer Version 7.0.6001.18000 ----

      [HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.google.com/

      [HKEY_USERS\S-1-5-21-1038951691-2387425700-135970857-1002\..\Internet Explorer\Main]

      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.google.com/

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Start Page: hxxp://www.msn.com/

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://ieframe.dll/tabswelcome.htm

      =========== Suspicious ==========


      +---------------------------------------------------------------------------+

      15107 Byte(s) - C:\Ad-Report-Scan-17.05.2009.log

      1 File(s) - C:\Program Files\Ad-remover\BACKUP
      0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

      End at: 17:07:45 | 17/05/2009
      .
      +-----------------| E.O.F
      .
      0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    ! Déconnecte toi et ferme toutes les applications en cours !

    Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal

    Coche à l'écran de sélection :
    1- Suppression Adwares Connus
    2- Suppression Eorezo
    4- Suppression Sweetim

    Puis choisis "S" , le programme va travailler.
    Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

    Aide en images : Nettoyage

    0
    1. germainepoux
       
      le rapport


      ------- LOGFILE OF AD-REMOVER 1.1.3.9 | ONLY XP/VISTA -------

      Updated by C_XX on 16/05/2009 at 21:15
      Contact: AdRemover.contact@gmail.com
      Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

      **** LIMITED TO ****

      Known Adwares
      Eorezo
      Sweetim

      ********************

      Start at: 23:05:39, 17/05/2009 | Boot mode: Normal Boot
      Option: Clean | Executed from: C:\Program Files\Ad-remover\
      Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
      Computer Name: PC-DE-ALINE
      Current User: Aline - Administrator
      Drive(s):
      - C:\ (File System: NTFS)

      (!) -- C:\Users\collŠge\Ntuser.dat Loaded as: 'HKU\collŠge'

      (!) -- IE start pages/Tabs reset

      ============ Known Adwares Deleted ============

      .
      .
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atdmt[2].txt

      +-----------------| Eorezo Elements Deleted :

      HKCU\Software\EoRezo
      .
      C:\Users\Aline\AppData\Roaming\EoRezo
      C:\Users\collŠge\AppData\Roaming\Eorezo

      +-----------------| Sweetim Elements Deleted :

      HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
      HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
      HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
      HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
      HKCR\MediaPlayer.GraphicsUtils
      HKCR\MediaPlayer.GraphicsUtils.1
      HKCR\MgMediaPlayer.GifAnimator
      HKCR\MgMediaPlayer.GifAnimator.1
      HKCR\SWEETIE.IEToolbar
      HKCR\SWEETIE.IEToolbar.1
      HKCR\SWEETIE.SWEETIE
      HKCR\SWEETIE.SWEETIE.3
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
      HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
      HKCR\Toolbar3.SWEETIE
      HKCR\Toolbar3.SWEETIE.1
      HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
      HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
      HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
      HKCU\Software\SweetIM
      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
      HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
      HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
      HKLM\Software\SweetIM
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
      HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
      HKCU\Software\Microsoft\Internet Explorer\Internetregistry\Registry\User\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Sweetim
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
      .
      C:\Windows\Installer\11c796c.msi
      C:\Windows\Installer\11c7971.msi
      /!\ NOT DELETED - C:\Program Files\SweetIM
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\searchplugins\sweetim.xml
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\SweetIMToolbarData
      C:\ProgramData\SweetIM
      C:\Users\Aline\Appdata\LocalLow\SweetIM

      (!) -- Temp files deleted.
      (!) -- Recycle bin emptied in all drives.


      ********** /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ **********

      "C:\Program Files\SweetIM"

      Second run ...

      /!\ RESIST ! - "C:\Program Files\SweetIM"


      +-----------------| Added Scan:

      ---- Mozilla FireFox Version 2.0 ----

      ProfilePath: 4eo6avwd.default (Aline)
      .
      (Prefs.js) user_pref("browser.search.defaultenginename", "SweetIM Search");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
      (Prefs.js) user_pref("browser.search.selectedEngine", "SweetIM Search");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
      (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
      (Prefs.js) user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1");
      (Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
      .
      (Prefs.js) Removed: user_pref("browser.search.defaultenginename", "SweetIM Search");
      (Prefs.js) Removed: user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) Removed: user_pref("browser.search.selectedEngine", "SweetIM Search");
      (Prefs.js) Removed: user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) Removed: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.mode.debug", "false");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://packardbell-partner/locale/partner.properties");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.search.history", "streaming%20dexter%20saison%202");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.search.history.capacity", "10");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.simapp_id", "{D4A76A96-E77B-4240-A515-E4B2C36BC2E4}");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
      (Prefs.js) Removed: user_pref("sweetim.toolbar.version", "1.0.0.8");

      ---- Internet Explorer Version 7.0.6001.18000 ----

      [HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      [HKEY_USERS\S-1-5-21-1038951691-2387425700-135970857-1002\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://ieframe.dll/tabswelcome.htm

      =========== Suspicious ==========


      +---------------------------------------------------------------------------+

      14716 Byte(s) - C:\Ad-Report-Clean-17.05.2009.log
      15325 Byte(s) - C:\Ad-Report-Scan-17.05.2009.log

      21 File(s) - C:\Program Files\Ad-remover\BACKUP
      4 File(s) - C:\Program Files\Ad-remover\QUARANTINE

      End at: 23:15:28 | 17/05/2009
      .
      +-----------------| E.O.F
      .
      0
  10. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, on va faire un script pour finaliser tout ça, et après on passe au nettoyage final et à la sécurisation de ton ordinateur ;)

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour germainepoux, il n'est pas transposable sur un autre ordinateur !

    • Télécharge ce dossier germainepoux.zip
    • Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
    • Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

    • Désactive tes logiciels de protection
    • Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
    1. germainepoux
       
      ComboFix 09-05-15.08 - Aline 18/05/2009 9:26.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.1954 [GMT 2:00]
      Lancé depuis: c:\users\Aline\Desktop\ComboFix.exe
      Commutateurs utilisés :: c:\users\Aline\Desktop\CFScript.txt
      SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

      FILE ::
      c:\program files\SweetIM
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-18 au 2009-05-18 ))))))))))))))))))))))))))))))))))))
      .

      2009-05-18 07:34 . 2009-05-18 07:34 -------- d-sh--w C:\$RECYCLE.BIN
      2009-05-17 14:57 . 2009-05-17 21:15 -------- d-----w c:\program files\Ad-remover
      2009-05-16 16:56 . 2009-05-16 16:56 -------- d-----w C:\_OTMoveIt
      2009-05-16 14:48 . 2009-05-16 15:58 -------- d-----w C:\ToolBar SD
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\Aline\AppData\Roaming\Malwarebytes
      2009-05-16 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-05-16 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\programdata\Malwarebytes
      2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\All Users\Malwarebytes
      2009-05-16 14:16 . 2009-05-16 14:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-05-16 14:11 . 2009-05-16 14:44 -------- d-----w c:\program files\CCleaner
      2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\users\Aline\AppData\Roaming\PeerNetworking
      2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\program files\Trend Micro
      2009-05-16 13:46 . 2009-05-16 13:46 812344 ----a-w c:\program files\HJTInstall.exe
      2009-05-16 13:27 . 2008-06-05 16:18 5737 ----a-w c:\users\Aline\AppData\Local\gnc.exe
      2009-05-16 12:39 . 2009-05-16 12:39 88 ----a-w c:\users\Aline\AppData\Local\kwqym.bat
      2009-05-16 12:39 . 2009-05-16 12:39 89800 ----a-w c:\users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-05-16 12:34 . 2009-05-16 14:54 -------- d-----w c:\program files\Navilog1
      2009-05-15 17:30 . 2009-05-15 17:46 -------- d-----w C:\Downloads
      2009-05-12 14:21 . 2009-05-17 21:03 -------- d-----w c:\users\Aline\AppData\Roaming\Free Download Manager
      2009-05-12 14:21 . 2009-05-12 14:21 -------- d-----w c:\program files\Free Download Manager
      2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\programdata\Azureus
      2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\users\All Users\Azureus
      2009-05-12 13:05 . 2009-05-17 21:03 -------- d-----w c:\users\Aline\AppData\Roaming\Azureus
      2009-05-12 13:04 . 2009-05-12 13:04 -------- d-----w c:\program files\Vuze
      2009-05-12 12:54 . 2009-05-12 12:56 -------- d-----w c:\program files\Azureus4.2.0.2
      2009-05-12 10:28 . 2009-05-15 17:48 -------- d-----w c:\users\Aline\AppData\Roaming\UseNeXT
      2009-05-12 10:27 . 2009-05-12 10:27 -------- d-----w c:\program files\UseNeXT
      2009-05-12 09:35 . 2009-05-12 09:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
      2009-05-12 09:35 . 2009-05-12 09:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
      2009-05-12 09:35 . 2009-05-12 09:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
      2009-05-12 09:35 . 2009-05-12 09:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
      2009-05-12 09:35 . 2009-05-16 22:13 -------- d-----w c:\windows\system32\drivers\Avg
      2009-05-12 09:34 . 2009-05-12 09:34 23832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
      2009-05-10 14:53 . 2009-05-16 10:56 -------- d--h--w C:\$AVG8.VAULT$
      2009-05-10 14:07 . 2009-05-10 14:07 -------- d-----w c:\program files\AVG
      2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\programdata\avg8
      2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\users\All Users\avg8
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\Aline\AppData\Roaming\Grisoft
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\programdata\Grisoft
      2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\All Users\Grisoft
      2009-05-04 21:31 . 2009-05-04 21:31 -------- d-----w c:\program files\Common Files\DivX Shared

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-05-17 21:14 . 2009-02-21 17:18 -------- d-----w c:\program files\SweetIM
      2009-05-17 19:45 . 2006-03-11 02:02 678968 ----a-w c:\windows\system32\perfh00C.dat
      2009-05-17 19:45 . 2006-03-11 02:02 128004 ----a-w c:\windows\system32\perfc00C.dat
      2009-05-04 21:31 . 2009-01-23 22:55 -------- d-----w c:\program files\DivX
      2009-04-30 14:27 . 2009-04-30 14:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
      2009-04-23 21:07 . 2008-07-21 11:18 -------- d-----w c:\program files\Java
      2009-04-16 20:04 . 2009-04-16 20:04 -------- d-----w c:\program files\Flash
      2009-04-16 11:53 . 2009-04-16 11:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2009-04-15 21:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
      2009-04-15 21:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
      2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
      2009-04-15 21:18 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
      2009-04-15 21:18 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
      2009-04-15 17:58 . 2009-04-15 17:58 1878888 ----a-w c:\program files\install_flash_player.exe
      2009-04-09 11:06 . 2008-07-01 17:06 27839 ----a-w c:\users\Aline\AppData\Roaming\nvModes.dat
      2009-04-01 08:38 . 2009-04-01 08:38 -------- d-----w c:\program files\Common Files\xing shared
      2009-04-01 08:38 . 2008-11-30 12:27 -------- d-----w c:\program files\Common Files\Real
      2009-04-01 08:36 . 2006-03-10 18:51 -------- d-----w c:\program files\Google
      2009-03-17 03:38 . 2009-04-15 13:28 13824 ----a-w c:\windows\system32\apilogen.dll
      2009-03-17 03:38 . 2009-04-15 13:28 24064 ----a-w c:\windows\system32\amxread.dll
      2009-03-09 03:19 . 2008-12-22 15:15 410984 ----a-w c:\windows\system32\deploytk.dll
      2009-03-07 18:18 . 2009-03-07 18:24 6228072 ----a-w c:\program files\Setup_FreeConverter.exe
      2009-03-03 04:46 . 2009-04-15 13:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
      2009-03-03 04:46 . 2009-04-15 13:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
      2009-03-03 04:40 . 2009-04-15 13:28 827392 ----a-w c:\windows\system32\wininet.dll
      2009-03-03 04:39 . 2009-04-15 13:28 183296 ----a-w c:\windows\system32\sdohlp.dll
      2009-03-03 04:39 . 2009-04-15 13:28 551424 ----a-w c:\windows\system32\rpcss.dll
      2009-03-03 04:39 . 2009-04-15 13:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
      2009-03-03 04:37 . 2009-04-15 13:28 78336 ----a-w c:\windows\system32\ieencode.dll
      2009-03-03 04:37 . 2009-04-15 13:28 98304 ----a-w c:\windows\system32\iasrecst.dll
      2009-03-03 04:37 . 2009-04-15 13:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
      2009-03-03 04:37 . 2009-04-15 13:28 54784 ----a-w c:\windows\system32\iasads.dll
      2009-03-03 03:04 . 2009-04-15 13:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
      2009-03-03 02:38 . 2009-04-15 13:28 17408 ----a-w c:\windows\system32\iashost.exe
      2009-03-03 02:28 . 2009-04-15 13:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
      2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
      2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
      2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
      2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
      2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
      2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
      2008-12-22 15:49 . 2008-12-22 15:49 129761 ----a-w c:\program files\DicOOo.sxw
      2008-12-22 15:08 . 2008-12-22 15:08 9329107 ----a-w c:\program files\LanguageTool-0.9.2.oxt
      2008-09-04 14:15 . 2008-09-04 15:04 5948741 ----a-w c:\program files\dmaths310.zip
      2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
      2008-09-20 08:13 . 2008-09-20 08:13 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
      2006-10-11 08:04 . 2006-03-10 18:42 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
      2006-10-11 08:04 . 2006-03-10 18:42 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
      2006-10-11 08:05 . 2006-03-10 18:42 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
      2006-10-11 08:05 . 2006-03-10 18:42 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
      2006-10-11 08:04 . 2006-03-10 18:42 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
      2006-03-11 02:50 . 2006-03-11 02:08 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-05-17_14.00.13 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2006-03-10 18:18 . 2009-05-18 06:45 51104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2006-11-02 13:05 . 2009-05-18 06:45 66124 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-07-12 17:27 . 2009-05-18 06:45 12186 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038951691-2387425700-135970857-1002_UserData.bin
      - 2006-11-02 13:02 . 2009-05-17 13:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2006-11-02 13:02 . 2009-05-18 07:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2006-11-02 13:02 . 2009-05-18 07:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2006-11-02 13:02 . 2009-05-17 13:59 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2006-11-02 13:02 . 2009-05-18 07:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2006-11-02 13:02 . 2009-05-17 13:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2009-05-17 13:59 . 2009-05-17 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2009-05-18 07:33 . 2009-05-18 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2009-05-17 13:59 . 2009-05-17 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2009-05-18 07:33 . 2009-05-18 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2009-04-19 19:56 . 2009-05-17 19:41 194822 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
      + 2006-11-02 10:33 . 2009-05-17 19:45 595506 c:\windows\System32\perfh009.dat
      - 2006-11-02 10:33 . 2009-05-17 12:58 595506 c:\windows\System32\perfh009.dat
      + 2006-11-02 10:33 . 2009-05-17 19:45 104940 c:\windows\System32\perfc009.dat
      - 2006-11-02 10:33 . 2009-05-17 12:58 104940 c:\windows\System32\perfc009.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "EPSON Stylus DX8400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 29744]
      "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
      "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
      "SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]
      "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
      "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 198160]
      "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]

      c:\users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
      OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

      c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
      OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
      "{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
      "{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
      "{84F69530-94CB-4C22-AF44-72F615F148CE}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
      "{1AB281BB-3029-4BF9-A6C5-19B394261558}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
      "{34BF6101-1E32-48E5-A0A3-7A4285589200}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
      "{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

      R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35 12552]
      R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34 23832]
      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/05/2009 11:35 325896]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/05/2009 11:35 108552]
      R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58 281088]
      S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16 28224]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-05-18 c:\windows\Tasks\Extension de garantie.job
      - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]

      2009-05-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36]

      2008-07-15 c:\windows\Tasks\HDReg.job
      - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

      2008-07-12 c:\windows\Tasks\PBReg.job
      - c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

      2008-08-14 c:\windows\Tasks\PBRegbk.job
      - c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

      2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
      - c:\windows\system32\msfeedssync.exe [2008-09-13 07:33]
      .
      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
      IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
      IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
      IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
      Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      FF - ProfilePath - c:\users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - prefs.js: browser.search.selectedEngine - SweetIM Search
      FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
      FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
      FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
      FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
      FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
      FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

      ---- PARAMETRES FIREFOX ----
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-18 09:34
      Windows 6.0.6001 Service Pack 1 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...


      c:\users\Aline\AppData\Local\Temp\sv862.tmp
      c:\users\Aline\AppData\Local\Temp\~ROMFN_00000984 1020 bytes

      Scan terminé avec succès
      Fichiers cachés: 2

      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\System32\audiodg.exe
      c:\progra~1\AVG\AVG8\avgwdsvc.exe
      c:\progra~1\AVG\AVG8\avgfws8.exe
      c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
      c:\progra~1\AVG\AVG8\avgam.exe
      c:\progra~1\AVG\AVG8\avgrsx.exe
      c:\progra~1\AVG\AVG8\avgnsx.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\progra~1\AVG\AVG8\avgemc.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\windows\System32\conime.exe
      c:\windows\System32\WUDFHost.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      c:\windows\System32\rundll32.exe
      c:\windows\System32\rundll32.exe
      c:\program files\AVG\AVG8\avgtray.exe
      c:\program files\OpenOffice.org 2.2\program\soffice.exe
      c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      c:\program files\OpenOffice.org 2.2\program\soffice.bin
      c:\windows\servicing\TrustedInstaller.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-05-18 9:40 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-05-18 07:40
      ComboFix2.txt 2009-05-17 14:06

      Avant-CF: 93 100 523 520 octets libres
      Après-CF: 95 491 723 264 octets libres

      369 --- E O F --- 2009-05-15 17:09
      0
  11. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Désolé, petite erreur dans le script, Combofix n'a rien supprimé... Il faut recommencer :

    Télécharge ce script, et effectue les mêmes manipulation stp : http://sd-1.archive-host.com/membres/up/7739387536519291/germainepoux2.zip

    0
    1. germainepoux
       
      Petit souci : je n'arrive plus à télécharger, j'ai un message qui me dit "Les paramètres de sécurité actuels ne vous permettent pas de télécharger ce fichier".

      J'ai essayé de voir d'où venait le problème mais sans succés. J'ai remis le contrôle d'utilisateur, j'ai vérifié les paramètres d'internet, mais comme je suis super douée, je n'ai rien trouvé. AU SECOURS !!!!
      0
      1. germainepoux > germainepoux
         
        Ca a fini par se débloquer, j'ai pu lancer le script, voila le rapport

        ComboFix 09-05-15.08 - Aline 19/05/2009 12:07:04.3 - NTFSx86
        Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.2043 [GMT 2:00]
        Lancé depuis: C:\Users\Aline\Desktop\ComboFix.exe
        Commutateurs utilisés :: C:\Users\Aline\Desktop\CFScript.txt
        SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
        SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

        FILE ::
        C:\Windows\system32\FreezeScreenSaver.exe
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Program Files\SweetIM
        C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
        C:\Windows\system32\FreezeScreenSaver.exe

        .
        ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-19 au 2009-05-19 ))))))))))))))))))))))))))))))))))))
        .

        2009-05-19 10:14:45 . 2009-05-19 10:14:45 0 d-sh--w C:\$RECYCLE.BIN
        2009-05-19 09:41:00 . 2009-05-19 09:41:00 0 d--h--w C:\Windows\msdownld.tmp
        2009-05-17 14:57:50 . 2009-05-17 21:15:28 0 d-----w C:\Program Files\Ad-remover
        2009-05-16 16:56:03 . 2009-05-16 16:56:03 0 d-----w C:\_OTMoveIt
        2009-05-16 14:48:22 . 2009-05-16 15:58:10 0 d-----w C:\ToolBar SD
        2009-05-16 14:16:18 . 2009-05-16 14:16:18 0 d-----w C:\Users\Aline\AppData\Roaming\Malwarebytes
        2009-05-16 14:16:13 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
        2009-05-16 14:16:10 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
        2009-05-16 14:16:08 . 2009-05-16 14:16:08 0 d-----w C:\ProgramData\Malwarebytes
        2009-05-16 14:16:08 . 2009-05-16 14:16:08 0 d-----w C:\Users\All Users\Malwarebytes
        2009-05-16 14:16:08 . 2009-05-16 14:45:14 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
        2009-05-16 14:11:59 . 2009-05-16 14:44:53 0 d-----w C:\Program Files\CCleaner
        2009-05-16 13:47:51 . 2009-05-16 13:47:51 0 d-----w C:\Users\Aline\AppData\Roaming\PeerNetworking
        2009-05-16 13:47:43 . 2009-05-16 13:47:43 0 d-----w C:\Program Files\Trend Micro
        2009-05-16 13:46:25 . 2009-05-16 13:46:32 812344 ----a-w C:\Program Files\HJTInstall.exe
        2009-05-16 13:27:45 . 2008-06-05 16:18:02 5737 ----a-w C:\Users\Aline\AppData\Local\gnc.exe
        2009-05-16 12:39:39 . 2009-05-16 12:39:39 88 ----a-w C:\Users\Aline\AppData\Local\kwqym.bat
        2009-05-16 12:39:38 . 2009-05-16 12:39:38 89800 ----a-w C:\Users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
        2009-05-16 12:34:15 . 2009-05-16 14:54:22 0 d-----w C:\Program Files\Navilog1
        2009-05-15 17:30:39 . 2009-05-15 17:46:30 0 d-----w C:\Downloads
        2009-05-12 14:21:26 . 2009-05-19 07:38:03 0 d-----w C:\Users\Aline\AppData\Roaming\Free Download Manager
        2009-05-12 14:21:23 . 2009-05-12 14:21:26 0 d-----w C:\Program Files\Free Download Manager
        2009-05-12 13:05:21 . 2009-05-12 13:05:21 0 d-----w C:\ProgramData\Azureus
        2009-05-12 13:05:21 . 2009-05-12 13:05:21 0 d-----w C:\Users\All Users\Azureus
        2009-05-12 13:05:17 . 2009-05-19 09:34:16 0 d-----w C:\Users\Aline\AppData\Roaming\Azureus
        2009-05-12 13:04:41 . 2009-05-12 13:04:58 0 d-----w C:\Program Files\Vuze
        2009-05-12 12:54:54 . 2009-05-12 12:56:14 0 d-----w C:\Program Files\Azureus4.2.0.2
        2009-05-12 10:28:05 . 2009-05-15 17:48:24 0 d-----w C:\Users\Aline\AppData\Roaming\UseNeXT
        2009-05-12 10:27:43 . 2009-05-12 10:27:44 0 d-----w C:\Program Files\UseNeXT
        2009-05-12 09:35:38 . 2009-05-12 09:35:38 11952 ----a-w C:\Windows\system32\avgrsstx.dll
        2009-05-12 09:35:37 . 2009-05-12 09:35:37 12552 ----a-w C:\Windows\system32\drivers\avgrkx86.sys
        2009-05-12 09:35:35 . 2009-05-12 09:35:35 108552 ----a-w C:\Windows\system32\drivers\avgtdix.sys
        2009-05-12 09:35:29 . 2009-05-12 09:35:29 325896 ----a-w C:\Windows\system32\drivers\avgldx86.sys
        2009-05-12 09:35:25 . 2009-05-19 07:43:39 0 d-----w C:\Windows\system32\drivers\Avg
        2009-05-12 09:34:07 . 2009-05-12 09:34:07 23832 ----a-w C:\Windows\system32\drivers\avgfwd6x.sys
        2009-05-10 14:53:41 . 2009-05-16 10:56:10 0 d--h--w C:\$AVG8.VAULT$
        2009-05-10 14:07:20 . 2009-05-10 14:07:20 0 d-----w C:\Program Files\AVG
        2009-05-10 14:07:20 . 2009-05-12 09:34:06 0 d-----w C:\ProgramData\avg8
        2009-05-10 14:07:20 . 2009-05-12 09:34:06 0 d-----w C:\Users\All Users\avg8
        2009-05-10 13:29:27 . 2009-05-10 13:29:27 0 d-----w C:\Users\Aline\AppData\Roaming\Grisoft
        2009-05-10 13:29:20 . 2009-05-10 13:29:20 0 d-----w C:\ProgramData\Grisoft
        2009-05-10 13:29:20 . 2009-05-10 13:29:20 0 d-----w C:\Users\All Users\Grisoft
        2009-05-04 21:31:01 . 2009-05-04 21:31:05 0 d-----w C:\Program Files\Common Files\DivX Shared

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-05-17 19:45:16 . 2006-03-11 02:02:45 678968 ----a-w C:\Windows\system32\perfh00C.dat
        2009-05-17 19:45:16 . 2006-03-11 02:02:45 128004 ----a-w C:\Windows\system32\perfc00C.dat
        2009-05-04 21:31:31 . 2009-01-23 22:55:31 0 d-----w C:\Program Files\DivX
        2009-04-30 14:27:19 . 2009-04-30 14:27:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
        2009-04-23 21:07:53 . 2008-07-21 11:18:24 0 d-----w C:\Program Files\Java
        2009-04-16 20:04:16 . 2009-04-16 20:04:15 0 d-----w C:\Program Files\Flash
        2009-04-16 11:53:23 . 2009-04-16 11:53:23 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
        2009-04-15 21:45:29 . 2006-11-02 12:50:50 174 --sha-w C:\Program Files\desktop.ini
        2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Sidebar
        2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Collaboration
        2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Calendar
        2009-04-15 21:35:26 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
        2009-04-15 21:35:25 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Photo Gallery
        2009-04-15 21:35:25 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Journal
        2009-04-15 21:35:22 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Defender
        2009-04-15 21:18:31 . 2006-11-02 10:32:57 101888 ----a-w C:\Windows\system32\ifxcardm.dll
        2009-04-15 21:18:30 . 2006-11-02 10:32:57 82432 ----a-w C:\Windows\system32\axaltocm.dll
        2009-04-15 17:58:11 . 2009-04-15 17:58:08 1878888 ----a-w C:\Program Files\install_flash_player.exe
        2009-04-09 11:06:19 . 2008-07-01 17:06:58 27839 ----a-w C:\Users\Aline\AppData\Roaming\nvModes.dat
        2009-04-01 08:38:45 . 2009-04-01 08:38:45 0 d-----w C:\Program Files\Common Files\xing shared
        2009-04-01 08:38:37 . 2008-11-30 12:27:12 0 d-----w C:\Program Files\Common Files\Real
        2009-04-01 08:36:53 . 2006-03-10 18:51:35 0 d-----w C:\Program Files\Google
        2009-03-17 03:38:46 . 2009-04-15 13:28:30 13824 ----a-w C:\Windows\system32\apilogen.dll
        2009-03-17 03:38:44 . 2009-04-15 13:28:30 24064 ----a-w C:\Windows\system32\amxread.dll
        2009-03-09 03:19:08 . 2008-12-22 15:15:40 410984 ----a-w C:\Windows\system32\deploytk.dll
        2009-03-08 11:34:57 . 2009-05-19 09:36:00 914944 ----a-w C:\Windows\system32\wininet.dll
        2009-03-08 11:34:28 . 2009-05-19 09:36:11 43008 ----a-w C:\Windows\system32\licmgr10.dll
        2009-03-08 11:33:38 . 2009-05-19 09:36:13 18944 ----a-w C:\Windows\system32\corpol.dll
        2009-03-08 11:33:17 . 2009-05-19 09:36:02 109056 ----a-w C:\Windows\system32\iesysprep.dll
        2009-03-08 11:33:16 . 2009-05-19 09:36:01 109568 ----a-w C:\Windows\system32\PDMSetup.exe
        2009-03-08 11:33:15 . 2009-05-19 09:36:02 107520 ----a-w C:\Windows\system32\RegisterIEPKEYs.exe
        2009-03-08 11:33:15 . 2009-05-19 09:36:01 132608 ----a-w C:\Windows\system32\ieUnatt.exe
        2009-03-08 11:33:15 . 2009-05-19 09:36:01 107008 ----a-w C:\Windows\system32\SetIEInstalledDate.exe
        2009-03-08 11:33:15 . 2009-05-19 09:36:01 103936 ----a-w C:\Windows\system32\SetDepNx.exe
        2009-03-08 11:33:04 . 2009-05-19 09:36:06 420352 ----a-w C:\Windows\system32\vbscript.dll
        2009-03-08 11:32:54 . 2009-05-19 09:36:14 72704 ----a-w C:\Windows\system32\admparse.dll
        2009-03-08 11:32:49 . 2009-05-19 09:36:10 71680 ----a-w C:\Windows\system32\iesetup.dll
        2009-03-08 11:32:38 . 2009-05-19 09:36:09 66560 ----a-w C:\Windows\system32\wextract.exe
        2009-03-08 11:32:32 . 2009-05-19 09:36:02 169472 ----a-w C:\Windows\system32\iexpress.exe
        2009-03-08 11:31:37 . 2009-05-19 09:36:13 34816 ----a-w C:\Windows\system32\imgutil.dll
        2009-03-08 11:31:17 . 2009-05-19 09:36:14 48128 ----a-w C:\Windows\system32\mshtmler.dll
        2009-03-08 11:31:00 . 2009-05-19 09:36:02 45568 ----a-w C:\Windows\system32\mshta.exe
        2009-03-08 11:22:37 . 2009-05-19 09:36:14 156160 ----a-w C:\Windows\system32\msls31.dll
        2009-03-07 18:18:46 . 2009-03-07 18:24:25 6228072 ----a-w C:\Program Files\Setup_FreeConverter.exe
        2009-03-03 04:46:01 . 2009-04-15 13:28:40 3599328 ----a-w C:\Windows\system32\ntkrnlpa.exe
        2009-03-03 04:46:01 . 2009-04-15 13:28:39 3547632 ----a-w C:\Windows\system32\ntoskrnl.exe
        2009-03-03 04:39:36 . 2009-04-15 13:28:44 183296 ----a-w C:\Windows\system32\sdohlp.dll
        2009-03-03 04:39:32 . 2009-04-15 13:28:42 551424 ----a-w C:\Windows\system32\rpcss.dll
        2009-03-03 04:39:22 . 2009-04-15 13:28:37 26112 ----a-w C:\Windows\system32\printfilterpipelineprxy.dll
        2009-03-03 04:37:11 . 2009-04-15 13:28:39 98304 ----a-w C:\Windows\system32\iasrecst.dll
        2009-03-03 04:37:11 . 2009-04-15 13:28:39 44032 ----a-w C:\Windows\system32\iasdatastore.dll
        2009-03-03 04:37:11 . 2009-04-15 13:28:37 54784 ----a-w C:\Windows\system32\iasads.dll
        2009-03-03 03:04:59 . 2009-04-15 13:28:44 666624 ----a-w C:\Windows\system32\printfilterpipelinesvc.exe
        2009-03-03 02:38:13 . 2009-04-15 13:28:44 17408 ----a-w C:\Windows\system32\iashost.exe
        2009-02-24 19:34:16 . 2009-02-24 19:34:16 90112 ----a-w C:\Windows\system32\dpl100.dll
        2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\Windows\system32\divx_xx0c.dll
        2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\Windows\system32\divx_xx07.dll
        2009-02-24 19:34:14 . 2009-02-24 19:34:14 815104 ----a-w C:\Windows\system32\divx_xx0a.dll
        2009-02-24 19:34:14 . 2009-02-24 19:34:14 802816 ----a-w C:\Windows\system32\divx_xx11.dll
        2009-02-24 19:34:14 . 2009-02-24 19:34:14 684032 ----a-w C:\Windows\system32\DivX.dll
        2008-12-22 15:49:45 . 2008-12-22 15:49:44 129761 ----a-w C:\Program Files\DicOOo.sxw
        2008-12-22 15:08:38 . 2008-12-22 15:08:31 9329107 ----a-w C:\Program Files\LanguageTool-0.9.2.oxt
        2008-09-04 14:15:32 . 2008-09-04 15:04:22 5948741 ----a-w C:\Program Files\dmaths310.zip
        2009-02-24 19:34:32 . 2009-02-24 19:34:32 1044480 ----a-w C:\Program Files\mozilla firefox\plugins\libdivx.dll
        2009-02-24 19:34:32 . 2009-02-24 19:34:32 200704 ----a-w C:\Program Files\mozilla firefox\plugins\ssldivx.dll
        2008-09-20 08:13:39 . 2008-09-20 08:13:41 122880 ----a-w C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
        2006-10-11 08:04:58 . 2006-03-10 18:42:17 61036 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
        2006-10-11 08:04:59 . 2006-03-10 18:42:17 48742 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
        2006-10-11 08:05:03 . 2006-03-10 18:42:17 29313 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
        2006-10-11 08:05:03 . 2006-03-10 18:42:17 41082 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
        2006-10-11 08:04:58 . 2006-03-10 18:42:17 166510 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
        2006-03-11 02:50:20 . 2006-03-11 02:08:58 8192 --sha-w C:\Windows\Users\Default\NTUSER.DAT
        .

        ((((((((((((((((((((((((((((( SnapShot@2009-05-17_14.00.13 )))))))))))))))))))))))))))))))))))))))))
        .
        + 2009-05-19 09:36:11 . 2009-03-08 11:32:44 94720 C:\Windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
        + 2009-05-19 09:36:10 . 2009-03-08 11:32:49 71680 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:32:48 55808 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
        + 2009-05-19 09:36:15 . 2009-03-08 11:31:51 59904 C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:31:37 34816 C:\Windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:32:38 66560 C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
        + 2009-05-19 09:36:14 . 2009-03-08 11:31:17 48128 C:\Windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
        + 2009-05-19 09:36:15 . 2009-03-08 11:31:24 66560 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
        + 2009-05-19 09:36:02 . 2009-03-08 11:31:00 45568 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
        + 2009-05-19 09:36:09 . 2009-03-08 11:31:52 13312 C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
        + 2009-05-19 09:36:11 . 2009-03-08 11:31:51 55296 C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:34:28 43008 C:\Windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
        + 2009-05-19 09:36:14 . 2009-03-08 11:32:54 72704 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:28 64512 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
        + 2009-05-19 09:36:14 . 2009-03-08 11:33:24 25600 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:33:38 18944 C:\Windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
        + 2009-05-19 09:36:08 . 2009-03-08 11:31:35 46592 C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
        + 2006-03-10 18:18:19 . 2009-05-19 10:15:52 52004 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
        + 2006-11-02 13:05:11 . 2009-05-19 10:15:56 66260 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
        + 2008-07-12 17:27:08 . 2009-05-19 10:15:57 12376 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038951691-2387425700-135970857-1002_UserData.bin
        + 2009-05-19 09:36:08 . 2009-03-08 11:31:35 46592 C:\Windows\System32\pngfilt.dll
        + 2009-05-19 09:36:15 . 2009-03-08 11:31:24 66560 C:\Windows\System32\mshtmled.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:31:52 13312 C:\Windows\System32\msfeedssync.exe
        + 2009-05-19 09:36:11 . 2009-03-08 11:31:51 55296 C:\Windows\System32\msfeedsbs.dll
        - 2008-10-16 13:50:09 . 2008-02-22 05:01:41 64512 C:\Windows\System32\migration\WininetPlugin.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:28 64512 C:\Windows\System32\migration\WininetPlugin.dll
        + 2009-05-19 09:36:14 . 2009-03-08 11:33:24 25600 C:\Windows\System32\jsproxy.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:32:44 94720 C:\Windows\System32\inseng.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:32:48 55808 C:\Windows\System32\iernonce.dll
        + 2009-05-19 09:36:15 . 2009-03-08 11:31:51 59904 C:\Windows\System32\icardie.dll
        + 2006-11-02 13:02:04 . 2009-05-19 10:14:09 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
        - 2006-11-02 13:02:04 . 2009-05-17 13:59:34 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
        + 2006-11-02 13:02:04 . 2009-05-19 10:14:09 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
        - 2006-11-02 13:02:04 . 2009-05-17 13:59:34 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
        + 2006-11-02 13:02:04 . 2009-05-19 10:14:09 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
        - 2006-11-02 13:02:04 . 2009-05-17 13:59:34 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
        + 2009-05-19 09:36:12 . 2009-03-08 11:35:02 2048 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
        + 2009-05-19 10:13:54 . 2009-05-19 10:13:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
        - 2009-05-17 13:59:20 . 2009-05-17 13:59:20 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
        + 2009-05-19 10:13:54 . 2009-05-19 10:13:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
        - 2009-05-17 13:59:20 . 2009-05-17 13:59:20 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
        + 2009-05-19 09:36:06 . 2009-03-08 11:33:04 420352 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
        + 2009-05-19 09:36:06 . 2009-03-08 11:33:14 726528 C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
        + 2009-05-19 09:36:14 . 2009-03-08 11:22:37 156160 C:\Windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:35:00 121344 C:\Windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
        + 2009-05-19 09:36:00 . 2009-03-08 11:33:55 256000 C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
        + 2009-05-19 09:36:14 . 2009-03-08 11:22:45 164352 C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
        + 2009-05-19 09:36:05 . 2009-03-08 11:34:26 105984 C:\Windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:34:47 208384 C:\Windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
        + 2009-05-19 09:36:07 . 2009-03-08 11:33:46 759296 C:\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
        + 2009-05-19 09:36:02 . 2009-03-08 11:33:17 109056 C:\Windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:32:53 173056 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
        + 2009-05-19 09:36:14 . 2009-03-08 21:09:23 140128 C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
        + 2009-05-19 09:36:10 . 2009-03-08 11:34:17 193536 C:\Windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:16 109568 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
        + 2009-05-19 09:36:01 . 2009-01-08 01:20:17 355832 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
        + 2009-05-19 09:36:02 . 2009-01-08 01:20:17 265720 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
        + 2009-05-19 09:36:10 . 2009-03-08 11:34:47 236544 C:\Windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:34:16 109568 C:\Windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:35:11 233984 C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:35:02 118272 C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:35:01 521216 C:\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
        + 2009-05-19 09:35:59 . 2009-03-08 21:09:24 638816 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:15 132608 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
        + 2009-05-19 09:36:01 . 2009-03-08 11:35:03 144384 C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
        + 2009-05-19 09:36:02 . 2009-03-08 11:32:32 169472 C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
        + 2009-05-19 09:36:09 . 2009-03-08 11:33:29 196096 C:\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
        + 2009-05-19 09:36:02 . 2009-03-08 11:33:48 246784 C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
        + 2009-05-19 09:36:00 . 2009-03-08 11:34:00 115712 C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
        + 2009-05-19 09:40:26 . 2009-04-25 12:39:00 102400 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22867_none_842869855fff5a59\iecompat.dll
        + 2009-05-19 09:40:26 . 2009-04-25 03:31:29 102400 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18777_none_8393fcce46e9d680\iecompat.dll
        + 2009-05-19 09:36:02 . 2009-03-08 11:33:15 125952 C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:15 103936 C:\Windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
        + 2009-05-19 09:36:02 . 2009-03-08 11:33:15 107520 C:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
        + 2009-05-19 09:36:08 . 2009-03-08 11:32:24 594432 C:\Windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
        + 2009-05-19 09:36:12 . 2009-03-08 11:31:37 216064 C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:31:42 348160 C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
        + 2009-05-19 09:36:00 . 2009-03-08 11:35:31 742912 C:\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:31:55 183808 C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
        + 2009-05-19 09:36:06 . 2009-03-08 11:11:10 445952 C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:32:50 163840 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:33:06 229376 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:33:01 125952 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
        + 2009-05-19 09:36:05 . 2009-03-08 21:09:24 391536 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
        + 2009-05-19 09:36:00 . 2009-03-08 11:34:57 914944 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:32:02 611840 C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:33:15 107008 C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
        + 2009-05-19 09:36:08 . 2009-03-08 11:32:46 128512 C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
        - 2008-09-13 09:27:18 . 2008-01-19 07:33:37 208384 C:\Windows\System32\WinFXDocObj.exe
        + 2009-05-19 09:36:09 . 2009-03-08 11:34:47 208384 C:\Windows\System32\WinFXDocObj.exe
        + 2009-05-19 09:36:10 . 2009-03-08 11:34:47 236544 C:\Windows\System32\webcheck.dll
        + 2009-04-19 19:56:40 . 2009-05-17 19:41:40 194822 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
        - 2008-09-13 09:25:55 . 2008-01-19 07:36:46 105984 C:\Windows\System32\url.dll
        + 2009-05-19 09:36:05 . 2009-03-08 11:34:26 105984 C:\Windows\System32\url.dll
        - 2006-11-02 10:33:01 . 2009-05-17 12:58:01 595506 C:\Windows\System32\perfh009.dat
        + 2006-11-02 10:33:01 . 2009-05-17 19:45:16 595506 C:\Windows\System32\perfh009.dat
        - 2006-11-02 10:33:01 . 2009-05-17 12:58:01 104940 C:\Windows\System32\perfc009.dat
        + 2006-11-02 10:33:01 . 2009-05-17 19:45:16 104940 C:\Windows\System32\perfc009.dat
        + 2009-05-19 09:36:11 . 2009-03-08 11:34:16 109568 C:\Windows\System32\occache.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:32:02 611840 C:\Windows\System32\mstime.dll
        + 2009-05-19 09:36:10 . 2009-03-08 11:34:17 193536 C:\Windows\System32\msrating.dll
        + 2009-05-19 09:36:08 . 2009-03-08 11:32:24 594432 C:\Windows\System32\msfeeds.dll
        + 2009-05-19 09:36:06 . 2009-03-08 11:33:14 726528 C:\Windows\System32\jscript.dll
        + 2009-05-19 09:36:14 . 2009-03-08 11:22:45 164352 C:\Windows\System32\ieui.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:31:55 183808 C:\Windows\System32\iepeers.dll
        + 2009-05-19 09:36:05 . 2009-03-08 21:09:24 391536 C:\Windows\System32\iedkcs32.dll
        + 2009-05-19 09:36:06 . 2009-03-08 11:11:10 445952 C:\Windows\System32\ieapfltr.dll
        + 2009-05-19 09:36:09 . 2009-03-08 11:32:50 163840 C:\Windows\System32\ieakui.dll
        + 2009-05-19 09:36:11 . 2009-03-08 11:33:06 229376 C:\Windows\System32\ieaksie.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:33:01 125952 C:\Windows\System32\ieakeng.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:32:53 173056 C:\Windows\System32\ie4uinit.exe
        + 2009-05-19 09:36:12 . 2009-03-08 11:31:37 216064 C:\Windows\System32\dxtrans.dll
        + 2009-05-19 09:36:13 . 2009-03-08 11:31:42 348160 C:\Windows\System32\dxtmsft.dll
        + 2009-05-19 09:52:16 . 2009-05-19 10:08:09 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
        + 2009-05-19 09:36:08 . 2009-03-08 11:32:46 128512 C:\Windows\System32\advpack.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:32:20 1985024 C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
        + 2009-05-19 09:35:52 . 2009-03-08 11:41:15 5937152 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
        + 2009-05-19 09:36:02 . 2009-02-07 04:07:56 3698584 C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
        + 2009-05-19 09:35:59 . 2009-03-08 11:34:55 1206784 C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
        + 2009-05-19 09:35:59 . 2009-03-08 11:34:55 1206784 C:\Windows\System32\urlmon.dll
        - 2006-11-02 10:22:39 . 2009-05-10 17:11:33 6553600 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
        + 2006-11-02 10:22:39 . 2009-05-19 10:12:27 6553600 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
        + 2009-05-19 09:35:52 . 2009-03-08 11:41:15 5937152 C:\Windows\System32\mshtml.dll
        + 2009-05-19 09:36:01 . 2009-03-08 11:32:20 1985024 C:\Windows\System32\iertutil.dll
        + 2009-05-19 09:36:02 . 2009-02-07 04:07:56 3698584 C:\Windows\System32\ieapfltr.dat
        + 2009-05-19 10:06:17 . 2009-05-19 10:06:18 6332416 C:\Windows\ERDNT\Hiv-backup\SCHEMA.DAT
        + 2009-05-19 09:35:57 . 2009-03-08 11:39:47 11063808 C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
        + 2009-05-08 10:28:21 . 2009-05-19 09:40:32 53487630 C:\Windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
        + 2009-05-19 09:35:57 . 2009-03-08 11:39:47 11063808 C:\Windows\System32\ieframe.dll
        .
        -- Instantané actualisé --
        .
        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "EPSON Stylus DX8400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 06:00:00 182272]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 19:07:30 39408]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 02:53:40 894512]
        "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40:22 232184]
        "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 08:13:39 29744]
        "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 01:18:32 366400]
        "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 16:20:56 28672]
        "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 11:00:00 174872]
        "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 17:16:26 90112]
        "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 15:38:32 583048]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
        "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 08:38:06 198160]
        "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-21 03:34:00 92704]
        "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-21 03:34:00 8534560]
        "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-21 03:34:00 88608]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 03:19:17 148888]
        "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-12 09:35:15 1947928]

        C:\Users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
        OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

        C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
        OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableUIADesktopToggle"= 0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
        "{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
        "{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
        "{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= C:\Program Files\AVG\AVG8\avgam.exe:avgam.exe
        "{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= C:\Program Files\AVG\AVG8\avgdiag.exe:avgdiag.exe
        "{84F69530-94CB-4C22-AF44-72F615F148CE}"= C:\Program Files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
        "{1AB281BB-3029-4BF9-A6C5-19B394261558}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
        "{34BF6101-1E32-48E5-A0A3-7A4285589200}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
        "{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
        "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

        R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35:37 12552]
        R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34:07 23832]
        R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [12/05/2009 11:35:29 325896]
        R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [12/05/2009 11:35:35 108552]
        R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [12/05/2009 11:35:14 908568]
        R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [12/05/2009 11:35:11 298776]
        R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [12/05/2009 11:35:15 1366904]
        R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53:02 226656]
        R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58:11 281088]
        S2 gupdate1c9b2a4fa6ec283;Service Google Update (gupdate1c9b2a4fa6ec283);C:\Program Files\Google\Update\GoogleUpdate.exe [01/04/2009 10:36:37 133104]
        S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [10/03/2006 20:52:30 29744]
        S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16:32 28224]
        .
        Contenu du dossier 'Tâches planifiées'

        2009-05-19 C:\Windows\Tasks\Extension de garantie.job
        - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 18:43:16 . 2006-11-21 16:38:02]

        2009-05-19 C:\Windows\Tasks\GoogleUpdateTaskMachine.job
        - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36:37 . 2009-04-01 08:36:13]

        2008-07-15 C:\Windows\Tasks\HDReg.job
        - C:\Program Files\HDReg\HDRegRem.exe [2003-07-15 08:14:54 . 2003-07-15 08:14:54]

        2008-07-12 C:\Windows\Tasks\PBReg.job
        - C:\Program Files\HDReg\HDRegDel.exe [2005-06-21 13:20:28 . 2005-06-21 13:20:28]

        2008-08-14 C:\Windows\Tasks\PBRegbk.job
        - C:\Program Files\HDReg\HDRegDel.exe [2005-06-21 13:20:28 . 2005-06-21 13:20:28]

        2009-05-19 C:\Windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
        - C:\Windows\system32\msfeedssync.exe [2009-05-19 09:36:09 . 2009-03-08 11:31:52]
        .
        .
        ------- Examen supplémentaire -------
        .
        mWindow Title =
        uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
        IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
        IE: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
        IE: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
        IE: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
        IE: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
        Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
        FF - ProfilePath - C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - prefs.js: browser.search.selectedEngine - SweetIM Search
        FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
        FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
        FF - component: C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
        FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
        FF - component: C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
        FF - component: C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
        FF - component: C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
        FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

        ---- PARAMETRES FIREFOX ----
        C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
        C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
        C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
        C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
        .

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-05-19 12:14:38
        Windows 6.0.6001 Service Pack 1 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...

        Scan terminé avec succès
        Fichiers cachés: 0

        **************************************************************************
        .
        ------------------------ Autres processus actifs ------------------------
        .
        C:\Windows\System32\audiodg.exe
        C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
        C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
        C:\PROGRA~1\AVG\AVG8\avgam.exe
        C:\PROGRA~1\AVG\AVG8\avgrsx.exe
        C:\PROGRA~1\AVG\AVG8\avgnsx.exe
        C:\Program Files\AVG\AVG8\avgcsrvx.exe
        C:\Program Files\AVG\AVG8\avgcsrvx.exe
        C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
        C:\Windows\System32\conime.exe
        C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe
        C:\Program Files\AVG\AVG8\avgtray.exe
        C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
        C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
        C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
        C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
        C:\Windows\servicing\TrustedInstaller.exe
        .
        **************************************************************************
        .
        Heure de fin: 2009-05-19 12:21:29 - La machine a redémarré
        ComboFix-quarantined-files.txt 2009-05-19 10:21:23
        ComboFix2.txt 2009-05-18 07:40:55
        ComboFix3.txt 2009-05-17 14:06:28

        Avant-CF: 88 087 449 600 octets libres
        Après-CF: 88 029 982 720 octets libres

        502 --- E O F --- 2009-05-19 07:11:52
        0
  12. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Parfait, poste un dernier rapport hijackthis stp

    0
    1. germainepoux
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:19:27, on 20/05/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Windows\System32\rundll32.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\AVG\AVG8\avgtray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
      C:\Program Files\Windows Mail\WinMail.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S5CC.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
      O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Service Google Update (gupdate1c9b2a4fa6ec283) (gupdate1c9b2a4fa6ec283) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      0
  13. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Très bien, ton ordinateur n'est plus infecté !

    Avant de retourner surfer sur internet, il y a certaines choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (7).

    1) Les barres d'outils

    Souvent installées avec d'autres logiciels sans que l'utilisateur y fasse attention, les barres d'outils se multiplient sur les ordinateurs et ont deux résultats : ralentir les ordinateurs et provoquer des bugs des navigateurs.
    Je te conseille de désinstaller la tienne qui ets inutile (barre d'outil Windows Live).
    Pour ça, ferme ton navigateur, puis Menu démarrer --> Panneau de configuration --> ajout/suppression de programmes --> désinstalle la Windows Live Toolbar.

    2) Sécurise ton ordinateur

    • Anti-virus :
    Tu as tout d'abord des restes de Norton, il faut les supprimer : Outil de désinstallation Norton

    Ensuite, si tu souhaites remplacer AVG, tu dois le désactiver, puis le désinstaller et faire redémarrer ton ordinateur.
    Tu pourras alors le remplacer par AntiVir, qui est ce qui se fait de mieux parmi les antivirus gratuits.

    • Anti-spyware :
    * Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement (« Updates »), tous les 15 jours environ, et activer toutes les protections (« Enable all protection »)
    * En complément, garde MalwareBytes pour son scan de nettoyage performant.

    • Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox. Une fois que c'est fait, lance le et installe les deux extensions de sécurité suivantes :
    AdBlockPlus pour bloquer les publicités ;
    WOT, pour t'avertir des sites web dangereux.

    • Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.

    • Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker

    3) Relance Hijackthis (pour la dernière fois), choisis "scan system only" et coche les lignes suivantes qui sont inutiles (j'ai intégré les barres d'outils dans cette liste) :

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, cette ligne devrait apparaitre, tu peux la cocher : O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    Coche également toutes les lignes commençant par 016

    Ensuite, clique sur "Fix checked"

    4) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
    Fais un clic-droit dessus et choisis « Exécuter en temps qu'administrateur ». Clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
    Tu peux aussi supprimer les fichiers temporaires.
    Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
    S'il ne supprime pas tout, supprime manuellement ce qui reste.

    5) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

    Lance CCleaner
    Clique sur Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
    Puis Nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
    Enfin, Registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

    (Tu peux garder ce logiciel et l'utiliser régulièrement).

    6) Pour finir le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés).

    • Menu démarrer --> clic droit sur ordinateur --> propriétés --> protection du système
    • Désactive la restauration du système sur tous les lecteurs
    • Clique sur OK.

    Puis refais la manipulation inverse pour réactiver la restauration système.

    7) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet

    Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
    0
    1. germainepoux
       
      Bonjour,

      J'ai fait le nettoyage de mon ordi, j'ai lancé un scan avec AntiVir, il m'a trouvé un virus qui n'en était pas un donc tout va bien.

      Je te remercie pour toute l'aide que tu m'as apporté, et tout le temps que tu m'as accordé.

      MERCI !!!!
      0
      1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790 > germainepoux
         
        De rien ;)

        Bonne continuation !
        0
      2. calidaho > anthony5151 Messages postés 10927 Statut Contributeur sécurité
         
        Bonjour,

        Il y a 3 semaines, j'ai eu une alerte sur un cheval de troie, que je pensais avoir supprimé. Toutefois, depuis le lendemain, je n'ai pas d'accès internet. J'ai essayé plusieurs anti-virus mais ceux ci ne détectent rien. Après avoir lu les messages de ce forum, je vous envoie le log de hijackthis.

        Merci de votre aide

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\HP\HP Software Update\HPWuSchd2.exe
        C:\WINDOWS\VM_STI.EXE
        C:\Program Files\Orange\Systray\SystrayApp.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
        C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
        C:\Program Files\Microsoft ActiveSync\wcescomm.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\PROGRA~1\MI3AA1~1\rapimgr.exe
        C:\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
        C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Util\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\system32\IoctlSvc.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\System32\svchost.exe
        C:\HP\Digital Imaging\bin\hpqSTE08.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
        C:\WINDOWS\System32\wbem\wmiapsrv.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Util\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O2 - BHO: (no name) - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - (no file)
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O3 - Toolbar: (no name) - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - (no file)
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
        O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
        O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
        O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Util\Microsoft Office\Office10\OSA.EXE
        O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Util\MICROS~1\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?290de83fd655410e94bee61e162b3ebd
        O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?290de83fd655410e94bee61e162b3ebd
        O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7E285D-5EF7-4060-B88B-4CCF6A2B3A01}: NameServer = 192.168.1.1
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Util\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O20 - Winlogon Notify: WgaLogon_old - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Util\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
        O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
        O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        0