SOS virus blocant tout mes antivirus...

Résolu
damien -  
fix200 Messages postés 3365 Statut Contributeur sécurité -
Bonjour,
j'ai un gros souci avec mon ordi. je me suis rendu compte que mon antivirus avast ( version enregistrée) ne fonctionne plus. mon icone avast a également disparu.
j'ai essayer de desinstaler puis reinstaler, mais aucun changement. mon centre de sécurité m'indique qu'il n'y a pas d'antivirus sur mon ordi.
j'ai donc essayé d'installer un autre antivirus ( antivir) mais celui ci reste inactif ( lorsque je double clic sur l'icone da l'antivirus, rien ne se passe).
j'ai essayé de resoudre mon probleme en me renseignement sur google mais rien n'y fait, je n'y arrive pas.
j'ai telecharger hijack, mais pareil, lorsque je double clic dessus, rien ne se passe...

aider moi s'il vous plait, car je n'aimerais pas devoir formater mon PC!!!!

merci beaucoup

j'utilise windows xp avec Service pack toujours mis à jour jusqu'à maintenant...
Configuration: Windows XP
Firefox 3.0.10

32 réponses

  • 1
  • 2
  1. fix200 Messages postés 3365 Statut Contributeur sécurité 158
     
    5 réponses et personne n'a aidé!

    **********************************************************
    ********************* Option 1 (Recherche) *********************
    **********************************************************

    Télécharge FindyKill de Chiquitine29

    ▶ Lance l'installation avec les paramètres par défaut

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés (!) sans les ouvrir (!)

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Choisissez F pour Français puis pressez Entrée

    ▶ Au menu principal,choisis l'option 1 (Recherche)

    ▶ Poste le rapport FindyKill.txt

    Note: le rapport FindyKill.txt est sauvegardé a la racine du disque

    Tutoriel installation

    Tutoriel recherche
    1
  2. lolo28300 Messages postés 3087 Statut Membre 442
     
    Essaye de faire une analyse de ton antivirus ou en installant Spybot Search & Destroy (ne pas oublier de mettre à jour avant toute analyse) en mode sans échec (touche F8 au démarrage)
    0
  3. damien
     
    re

    je viens de faire un spybot en mode sans echec, mais il ne m'a rien trouvé... et j'ai toujours mon problème
    0
  4. lolo28300 Messages postés 3087 Statut Membre 442
     
    Pourrais-tu dire quel était ton problème et comment l'as-tu résolu !
    Merci d'avance pour d'autres internautes qui auront ce problèmes et qui grâce à toi, si tu expliques la solution, l'auront résolu :)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. damien
     
    non je n'ai pas résolu mon problème. impossible de faire fonctionner un antivirus. merci de m'aider
    0
  7. lolo28300 Messages postés 3087 Statut Membre 442
     
    J'avais mal lu votre phrase, désolé !
    0
  8. lolo28300 Messages postés 3087 Statut Membre 442
     
    J'avais mal lu votre phrase, désolé !
    0
  9. damien
     
    bonjour..

    voici le rapport:

    ############################## [ FindyKill V4.730 ]

    # User : Damien (Administrateurs) # DAMIEN-6O2Z7B2S
    # Update on 25/05/09 by Chiquitine29
    # Start at: 15:33:34 | 2009-05-25
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # Intel(R) Celeron(R) D CPU 3.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled

    # C:\ # Disque fixe local # 29.29 Go (7.88 Go free) # NTFS
    # D:\ # Disque fixe local # 203.58 Go (1.48 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\jntqn\jntqn.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers / Dossiers infectieux ]

    ################## [ Infected Temp Files ]

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-2025429265-1085031214-725345543-1004\Software\Local AppWizard-Generated Applications\uiytuhjy
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

    ################## [ Recherche dans supports amovibles]

    ################## [ Registre / Mountpoints2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.730 ! ]
    0
    1. fix200 Messages postés 3365 Statut Contributeur sécurité 158
       
      **********************************************************
      ********************* Option 2 (Nettoyage) *********************
      **********************************************************

      ▶ Supprime tes cracks et keygens (Surtout le fichier qui t'a infecté).

      ▶ Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, carte SD, etc...) sans les ouvrir.

      ▶ Double-clique sur le raccourci FindyKill situé sur ton Bureau (Sous Vista, il faut faire un clic droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur).

      ▶ Choisis F pour Français puis presse Entrée.

      ▶ Au menu principal, choisis l'option 2 (Suppression)

      ▶ Poste le rapport FindyKill.txt

      Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

      ▶ Tutoriel Nettoyage
      0
  10. damien
     
    ok je viens de le faire. voici le rapport:

    ############################## [ FindyKill V4.730 ]

    # User : Damien (Administrateurs) # DAMIEN-6O2Z7B2S
    # Update on 25/05/09 by Chiquitine29
    # Start at: 15:44:27 | 2009-05-25
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # Intel(R) Celeron(R) D CPU 3.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled

    # C:\ # Disque fixe local # 29.29 Go (7.89 Go free) # NTFS
    # D:\ # Disque fixe local # 203.58 Go (1.48 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque amovible
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible

    ############################## [ Active Processes ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    ################## [ Infected Files \ Folders ]

    Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

    ################## [ Infected Temp Files ]

    ################## [ Registry / Infected keys ]

    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy

    ################## [ Cleaning Removable drives ]

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Ip6Fw -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2

    ################## [ Searching Other Infections ]

    # -> Nothing found.

    ################## [ Corrupted files # Re-Installation required ]

    C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
    C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
    C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
    C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
    C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
    C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
    C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
    C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
    C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
    C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
    C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
    C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
    C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
    C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
    C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
    C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
    C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
    C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
    C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
    C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
    C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
    C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
    C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
    C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
    C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
    C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
    C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
    C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
    C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
    C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
    C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
    C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
    C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
    C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
    C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
    C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
    C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
    C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
    C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
    C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
    C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
    C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
    C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
    C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
    C:\WINDOWS\BricoPacks\Crystal Clear\Update.exe
    C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\d2a86e41f655ff4548759e4137a0944d\update\update.exe
    C:\WINDOWS\system32\dllcache\register.exe

    ################################### [ Cracks / Keygens / Serials ]

    # -> Nothing found !

    ################## [ ! End of Report # FindyKill V4.730 ! ]
    0
    1. fix200 Messages postés 3365 Statut Contributeur sécurité 158
       
      Bien,

      Télécharge MalwareBytes' Anti-Malware

      ▶ Tu l'installe; le programme va se mettre automatiquement a jour.

      ▶ Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"

      ▶ Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".

      ▶ Puis clic sur "rechercher".

      ▶ Laisse le scanner le PC...

      ▶ Si des éléments on été trouvés > clic sur supprimer la sélection.

      ▶ Si il t´es demandé de redémarrer > clic sur "YES".

      ▶ A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

      Copie et colle le rapport S.T.P.

      Note: les rapport sont aussi rangé dans l'onglet Rapport/Log
      0
  11. damien
     
    ok c'est fait.
    j'ai supprimé les elements et redemarrer mon pc.

    voici le rapport:

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2176
    Windows 5.1.2600 Service Pack 3

    2009-05-25 16:10:54
    mbam-log-2009-05-25 (16-10-54).txt

    Type de recherche: Examen rapide
    Eléments examinés: 103677
    Temps écoulé: 3 minute(s), 6 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 88
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  12. fix200 Messages postés 3365 Statut Contributeur sécurité 158
     
    Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ! Déconnecte toi et ferme toutes applications en cours !

    • Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    • Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    • Au menu principal choisis l'option "L" et tape sur [entrée] .

    • Laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin , sur le forum ...

    Aides en images (Installation) : http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
    Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html

    Notes:
    Le rapport est sauvegardé aussi sous C:\Ad-report.log
    "Process.exe", une composante de l'outil, est détecté par certains antivirus :
    (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    0
  13. damien
     
    ok c'est fait: rapport ad remover:

    ------- RAPPORT D'AD-REMOVER 1.1.4.3 | UNIQUEMENT XP/VISTA -------

    Mit à jour part C_XX le 24/05/2009 à 15:20
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    Lancé à: 16:24:55, 2009-05-25 | Mode Normal
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: DAMIEN-6O2Z7B2S
    Utilisateur actuel: Damien - Administrator

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKCU\Software\pacificpoker
    HKCU\Software\PartyGaming
    HKCU\Software\Poker 770
    HKCU\Software\pokerinstaller
    HKCU\Software\Titan Poker
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    HKLM\Software\Poker 770
    HKLM\Software\Search Settings
    HKLM\Software\Titan Poker
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    .
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
    C:\Documents and Settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\res
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14387.log
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14388.log
    C:\Documents and Settings\Damien\Application Data\Search Settings\kb126\temp\ws-14389.log
    C:\Documents and Settings\Damien\Application Data\Search Settings
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\PopSwatter
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Cache
    C:\Program Files\AskBarDis\bar\History
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Cache\000317CF
    C:\Program Files\AskBarDis\bar\Cache\001440C0.bin
    C:\Program Files\AskBarDis\bar\Cache\0014440C.bin
    C:\Program Files\AskBarDis\bar\Cache\0014462F.bin
    C:\Program Files\AskBarDis\bar\Cache\00144871.bin
    C:\Program Files\AskBarDis\bar\Cache\00144AA4.bin
    C:\Program Files\AskBarDis\bar\Cache\00144CB7.bin
    C:\Program Files\AskBarDis\bar\Cache\0060A228.bin
    C:\Program Files\AskBarDis\bar\Cache\0060A3DE.bin
    C:\Program Files\AskBarDis\bar\Cache\0060A545.bin
    C:\Program Files\AskBarDis\bar\Cache\0060A6FB.bin
    C:\Program Files\AskBarDis\bar\Cache\0060A862.bin
    C:\Program Files\AskBarDis\bar\Cache\files.ini
    C:\Program Files\AskBarDis\bar\History\search
    C:\Program Files\AskBarDis\bar\Settings\config.dat
    C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
    C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
    C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
    C:\Program Files\AskBarDis\PopSwatter\History
    C:\Program Files\AskBarDis\PopSwatter\History\allowed
    C:\Program Files\AskBarDis\PopSwatter\History\notallow
    C:\Program Files\AskBarDis
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\chrome.manifest
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\install.rdf
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\SKIN
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\DStringsUtils.js
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearch.idl
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearch.xpt
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearchHelperEngine.idl
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFBHOSearchHelperEngine.xpt
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFHelperPreferences.idl
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\IFHelperPreferences.xpt
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    C:\Program Files\Search Settings\kb126
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb126\res
    C:\Program Files\Search Settings\kb126\SearchSettings.dll
    C:\Program Files\Search Settings\kb126\temp
    C:\Program Files\Search Settings
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
    C:\WINDOWS\Installer\44c526.msi
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf

    (!) -- Fichiers temporaires supprimés.

    .
    +-----------------| Scan additionnel:
    .

    ---- Mozilla FireFox Version 3.0.10 ----

    Nom du profil: lgs3llnl.default (Damien)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
    .
    .

    ---- Internet Explorer Version 8.0.6001.18702 ----

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    =========== Suspect (Cracks, Serials ... ) ==========

    .
    C:\Documents and Settings\Damien\.housecall6.6\patch.exe
    [218736 Octet(s)|--a------|2009-05-24 17:01|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]

    C:\Documents and Settings\Damien\Mes documents\Mes fichiers re‡us\Xara 3D v6.0 Full Keygen.rar
    [23251741 Octet(s)|--a------|2005-07-12 20:47|HashMD5: bd6af6aaf1e1b0ba1ee8348344bc7b26 |CRC32: cd2b4486]

    +---------------------------------------------------------------------------+

    11506 Octet(s) - C:\Ad-Report-20.9-.5-25.log

    17 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    24 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

    Fin à: 16:36:00 | 2009-05-25
    .
    +-----------------| E.O.F
    .
    0
  14. fix200 Messages postés 3365 Statut Contributeur sécurité 158
     
    Télécharge Random's System Information Tool (RSIT) par random et sauvegarde-le sur ton Bureau.

    * Double-clique sur RSIT.exe afin de lancer RSIT.

    * Clique sur Continue à l'écran Disclaimer.

    * Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    * Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

    C:\Documents and Settings\Damien\.housecall6.6\patch.exe
    C:\Documents and Settings\Damien\Mes documents\Mes fichiers re‡us\Xara 3D v6.0 Full Keygen.rar


    Supprime tes cracks car source de virus
    0
  15. damien
     
    ok. je n'ai qu'un seul rapport, le log.txt
    pas de info.txt dans ma barre des taches...

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Damien at 2009-05-25 16:56:51
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 8 GB (27%) free of 30 GB
    Total RAM: 2039 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:57, on 2009-05-25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\System32\igfxsrvc.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\jntqn\jntqn.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Free Download Manager\fdm.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Downloads\Software\RSIT.exe
    C:\Program Files\trend micro\Damien.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [jntqn] C:\Program Files\jntqn\jntqn.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-2025429265-1085031214-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Agent de protection d'accès réseau napagent Defrag (napagent Defrag) - Unknown owner - C:\WINDOWS\system32\arpv.exe (file missing)
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O24 - Desktop Component 0: (no name) - https://www.leblogauto.com/wp-content/uploads/2007/02/plr/Lotus_Exige_police_1_big.jpg
    O24 - Desktop Component 2: (no name) - https://www.google.fr/?gws_rd=ssl
    0
  16. fix200 Messages postés 3365 Statut Contributeur sécurité 158
     
    Salut!

    Télécharge Toolbar S&D ( de Eric_71/Team IDN )

    Laisse le te guider pendant l'installation ..

    !! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

    ▶ choisis F puis valide.

    ▶ Tapes sur 2 (nettoyage) puis tape sur [Entrée].

    *La recherche commence*

    ▶ Ne touche a rien pendant le scan

    ▶ Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

    NOTE:
    Le rapport est sauvegardé ici -> C:\TB.txt

    **************************************************************************

    ▶ Télécharge UsbFix de C_XX & Chiquitine29

    ▶ Tutoriel d'installation

    ▶ Tutoriel recherche

    ▶ Lance l'installation avec les paramètres par défaut

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés (!) sans les ouvrir (!)

    ▶ Double clique sur le raccourci UsbFix sur ton bureau

    ▶ Choisis l'option 1 (recherche)

    ▶ Laisse travailler l'outil

    Ensuite poste le rapport UsbFix.txt qui apparaîtra
    0
  17. damien
     
    c'est fait

    le rapport

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
    BIOS : Default System BIOS
    USER : Damien ( Not Administrator ! )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1335 [VPS 090524-0] 4.8.1335 (Activated)
    C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
    D:\ (Local Disk) - NTFS - Total:203 Go (Free:22 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 2009-05-25|17:12 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\Search Settings\kb126
    Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Damien) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (Damien) - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} => wot
    (Damien) - {e411bb40-b04c-11d8-92e7-00d09e0179f2} => igraal

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Window Title"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

    --------------------\\ Suspect ..

    C:\WINDOWS\system32\TDSSosvd.dat

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-000.wav
    C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-001.wav
    C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-002.wav
    C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-003.wav
    C:\DOCUME~1\Damien\Application Data\Firaxis Games\Sid Meier's Civilization 4\Assets\Sounds\Units\CrackNeck-004.wav
    C:\DOCUME~1\Damien\Mes documents\Downloads\Pokerbility.Online.Poker.Cheat.Tool.IV10IV.Crack.Free.100%.WORKING.zip
    C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks(1).RB0
    C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks(1).zip
    C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks.RB0
    C:\DOCUME~1\Damien\Mes documents\Mes fichiers reçus\Xara Menu Maker + Xara3D V6 + XaraWebstyle + Cracks.zip

    1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-25|17:13 - Option : [2]

    -----------\\ Fin du rapport a 17:13:40.54
    0
    1. fix200 Messages postés 3365 Statut Contributeur sécurité 158
       
      Arrrfffrffff

      Télécharge ComboFix de sUBs sur ton bureau


      /!\ Outil très puissant,sachez qu'une mauvaise utilisation du programme pourrait entraîner des problèmes dans le fonctionnement normal de votre ordinateur /!\


      AVANT d'utiliser ComboFix :

      /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
      (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


      ▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")

      ▶ Appuies sur la touche 1, pour que le programme commence à s'exécuter et suit les instructions à l'écran

      ▶ Si il te demande d'installer la console de récupération, Accepte.

      /!\ Ne touche a rien pendant le scan /!\

      ▶ Si il te demande de redémarrer , accepte

      ▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle le dans ton a ta prochaine réponse


      (Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

      Un tutoriel si besoin

      jE REVIENS DEMAIN MATIN.
      @+
      0
  18. damien
     
    ok ca marche.
    en tout cas merci de m'aider!!! c'est très sympa!!! bonne soirée et à demain

    ci joint le rapport combofix

    ComboFix 09-05-24.07 - Damien 2009-05-25 17:33.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2039.1471 [GMT 2:00]
    Lancé depuis: c:\downloads\Software\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090524-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Damien\Application Data\Google\T-Scan
    c:\documents and settings\Damien\Application Data\Google\T-Scan\n.gif
    c:\documents and settings\Damien\Application Data\Google\T-Scan\t.gif
    c:\documents and settings\Damien\Application Data\Google\T-Scan\y.gif
    c:\windows\patch.exe
    c:\windows\system32\_id.dat
    c:\windows\system32\TDSSosvd.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NAPAGENT_DEFRAG
    -------\Legacy_TDSSSERV.SYS
    -------\Service_napagent Defrag
    -------\Service_TDSSserv.sys

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-25 au 2009-05-25 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-25 15:10 . 2009-05-25 15:13 -------- d-----w C:\ToolBar SD
    2009-05-25 14:24 . 2009-05-25 14:36 -------- d-----w c:\program files\Ad-remover
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\Damien\Application Data\Malwarebytes
    2009-05-25 14:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-25 14:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-25 13:32 . 2009-05-25 13:55 -------- d-----w C:\FindyKill
    2009-05-25 13:24 . 2009-05-25 13:25 -------- d-----w C:\rsit
    2009-05-24 18:08 . 2009-05-24 18:38 -------- d-----w c:\windows\BDOSCAN8
    2009-05-24 18:01 . 2009-05-24 18:01 100240 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-24 17:57 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
    2009-05-24 17:57 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    2009-05-24 17:57 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    2009-05-24 17:57 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
    2009-05-24 17:57 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
    2009-05-24 17:57 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
    2009-05-24 17:57 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
    2009-05-24 17:57 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    2009-05-24 17:57 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
    2009-05-24 17:47 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-24 15:49 . 2009-05-25 14:56 -------- d-----w c:\program files\Trend Micro
    2009-05-24 14:48 . 2009-05-24 14:48 -------- d-sh--w c:\documents and settings\Damien\PrivacIE
    2009-05-24 14:47 . 2009-05-24 14:47 -------- d-sh--w c:\documents and settings\Damien\IETldCache
    2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w c:\windows\ie8updates
    2009-05-24 14:45 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
    2009-05-24 14:44 . 2009-05-24 14:45 -------- dc-h--w c:\windows\ie8
    2009-05-22 07:14 . 2009-05-22 07:14 32 --s-a-w c:\windows\system32\3293728073.dat
    2009-05-18 15:38 . 2009-05-18 15:38 -------- d-----w c:\documents and settings\Damien\Application Data\ImgBurn
    2009-05-18 15:09 . 2009-05-18 15:09 -------- d-----w c:\program files\ImgBurn
    2009-05-18 11:15 . 2009-05-18 11:24 -------- d-----w c:\program files\PC Wizard 2008
    2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Damien\Local Settings\Application Data\MulletPower
    2009-05-16 00:33 . 2009-05-16 00:33 57344 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-61b3398b-n\Decora-SSE.dll
    2009-05-16 00:33 . 2009-05-16 00:33 24064 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7db2921d-n\Decora-D3D.dll
    2009-05-16 00:33 . 2009-05-16 00:33 315392 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl.dll
    2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_awt.dll
    2009-05-16 00:33 . 2009-05-16 00:33 114688 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_cg.dll
    2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-76dba7b2-n\gluegen-rt.dll
    2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcp71.dll
    2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\jmc.dll
    2009-05-16 00:33 . 2009-05-16 00:33 348160 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcr71.dll
    2009-05-14 17:53 . 2009-05-14 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2009-05-14 17:53 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Damien\Application Data\Azureus
    2009-05-14 17:52 . 2009-05-18 15:05 -------- d-----w c:\program files\Vuze
    2009-05-14 09:45 . 2009-05-14 09:55 -------- d-----w c:\program files\PokerStars
    2009-05-08 08:22 . 2009-05-17 17:12 -------- d-----w C:\Poker
    2009-05-06 14:15 . 2009-05-25 14:48 -------- d-----w c:\program files\bwin
    2009-04-29 09:22 . 2009-04-29 09:21 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-04-29 09:21 . 2009-04-29 09:21 152576 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-28 08:52 . 2009-04-28 08:55 -------- d-----w c:\program files\RocketDock
    2009-04-26 11:54 . 2009-05-13 15:18 -------- d-----w c:\program files\The Adventure Company

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-25 15:38 . 2008-11-24 17:54 -------- d-----w c:\program files\DNA
    2009-05-25 15:38 . 2008-11-24 17:54 -------- d-----w c:\documents and settings\Damien\Application Data\DNA
    2009-05-25 15:35 . 2009-03-22 22:11 -------- d-----w c:\documents and settings\Damien\Application Data\Free Download Manager
    2009-05-25 15:31 . 2009-03-04 17:56 -------- d-----w c:\documents and settings\Damien\Application Data\BitTorrent
    2009-05-25 15:14 . 2008-02-19 10:27 -------- d-----w c:\program files\Mozilla Thunderbird
    2009-05-25 14:48 . 2009-03-25 19:26 -------- d-----w c:\program files\ScenicReflections
    2009-05-25 14:47 . 2002-08-30 12:00 84526 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-25 14:47 . 2002-08-30 12:00 510324 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-25 12:05 . 2009-03-25 19:37 -------- d-----w c:\program files\jntqn
    2009-05-24 15:12 . 2008-03-10 11:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-24 14:47 . 2008-02-15 17:30 100240 -c--a-w c:\documents and settings\Damien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-24 14:41 . 2008-02-15 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-24 14:40 . 2008-02-15 18:15 -------- d-----w c:\program files\Microsoft Works
    2009-05-20 13:10 . 2009-02-04 10:12 -------- d-----w c:\program files\GRATIS
    2009-04-29 09:21 . 2008-02-25 13:02 -------- d-----w c:\program files\Java
    2009-04-28 08:51 . 2008-03-05 08:34 -------- d-----w c:\program files\eMule
    2009-04-19 14:11 . 2009-04-19 14:11 -------- d-----w c:\program files\CCleaner
    2009-04-02 16:35 . 2009-04-02 16:35 -------- d-----w c:\program files\MSN Reaper
    2009-03-27 10:51 . 2008-03-10 11:21 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-26 17:07 . 2009-03-26 17:07 1607184 ----a-w c:\windows\system32\Aquarium Exotique.scr
    2009-03-25 19:37 . 2009-03-25 19:37 118784 ----a-w c:\windows\Web\Wallpaper\Scenic- Beach Scenes Wallpaper dir\uninstall.exe
    2009-03-08 02:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 02:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 02:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 02:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 02:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 02:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 02:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 02:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 02:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 02:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
    2009-02-25 20:59 . 2009-02-25 20:59 1316096 ----a-w c:\windows\system32\ooscrsav.scr
    2009-02-25 20:59 . 2009-02-25 20:59 730368 ----a-w c:\windows\system32\oodsvct.exe
    2009-02-25 20:59 . 2009-02-25 20:59 1352960 ----a-w c:\windows\system32\oodag.exe
    2009-02-25 20:58 . 2009-02-25 20:58 2553088 ----a-w c:\windows\system32\oodtray.exe
    2009-02-25 20:57 . 2009-02-25 20:57 194816 ----a-w c:\windows\system32\oodbs.exe
    2009-02-25 20:54 . 2009-02-25 20:54 955648 ----a-w c:\windows\system32\oodtrrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 541952 ----a-w c:\windows\system32\oodssrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 9984 ----a-w c:\windows\system32\oodbsrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 8448 ----a-w c:\windows\system32\oodagrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 17152 ----a-w c:\windows\system32\oodagmg.dll
    2007-11-09 14:25 . 2008-09-15 13:56 57344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-04 321344]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-24 160592]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-02-26 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-02-26 155648]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-02-26 131072]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-06 185896]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
    "jntqn"="c:\program files\jntqn\jntqn.exe" [2007-07-27 159744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Damien\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/u 1999-\[u]0/u<?<?<?û?\[u]0/uŸ<Ÿ\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Damien^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
    path=c:\documents and settings\Damien\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
    backup=c:\windows\pss\Y'z Toolbar.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\Damien\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Mindscape\\Web Creator Pro 3\\FTPCopyDir.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-24 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-24 20560]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
    HKCU-Run-fsm - (no file)
    HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    SafeBoot-procexp90.Sys
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys

    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger avec IDM
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Télécharger le contenu de video FLV avec IDM
    IE: Télécharger tous les liens avec IDM
    Trusted Zone: secuser.com\www
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
    FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
    FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.com\platform\WINNT_x86-msvc\plugins\npfax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-25 17:37
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4a997c2c-8ea0-4de6-a558-142dce9ae901}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000050
    "Therad"=dword:00000014

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):49,0e,b1,7f,37,bf,b2,f2,b0,86,f6,c4,e0,49,26,70,98,fc,c1,92,a3,
    d1,6f,09,4f,23,3b,e7,a7,d8,2c,78,77,5e,32,87,bc,7e,1b,03,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="B289C2B999E5DA628CA99F45260919A466FC4701F7ADF28A7DE7536E27270E38B07035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C868638E43F6879BF6B79AB0E96661556EDA02D99EFEFA8C7DD8E84313ED1502FAA414577A42360CE52E09710C2C658AE9C85DF43E279333CA894AD2EE6FAFB04C72BF778133CB47C2996B32C1CA392525BE2AE12915F0358136F45990D448679C81F5F623BC7DABF2B10C0402FFC6B6A50E5ADE0832624974E26D5F454DC84788F9E19757E3E0793036615EBB9B15DA316628751F5BA77F704E2FE8196D7D8EEEFCCDAB5737C467753D51992AF89BA2DB9CCFA49586AB1FACBF47445E1AEBE51AFF1EBE7E5C17570303F4A5C39AC253D3D3FDA71D0665B24B74F7D0A78B943950D79AA9952334906A22939B6B029158B17F70B38B747D100C90A755DCE3AC9B5B6F384186D5AC7C2293A8C51286F56D532D808CB9786461AF7DD4B130ED306B0529400779B21CA3733407C20DF5509DB6B6760A3B282BC852F2A02C0958C038A7533348F785982F5272D58D9D1942062954D34797DFC8DD6CCF3B0BFF4519EC72E4D4E79D3387018DB147E7DA8C963B1F45ABB49A01D66A7A4DE832F72EF8AF47C808E952D55EB3920AFE4494477F01746FD4153766DC7977E39B9EF089D4B9FD31247883D2CA077B45A9641B602B46335CE219E93DC0746936F252AE2F0BBD91CE9E336ED9E0CF7CE18AFAF4933756A65884F73B8BBCBD91494AEC564E30BBBB0135ECC5E700161178CE01D77B94A85EB06D1DE60C114FBA3E05272A2D7B8DF633FC7B9E04AA7DFAA0070DDEFA41E12D2CBC232B60A2FDAD7AE1DA2E5109AE3F63F4330FA3879A29A5F370216EA31EE19FE51819B91C2273C7C320BAC335CEA238E8B2868AA455EEB3B236502E51881AEE73D29A43CC717CF6D4B2628CC791B94C66A5D96F5AE49174AB3A17FD1B9B2FCF6DEC299CE0B6506C832B3BE4C46A0EBA741CCA953AB2089657F970CD1526F5ABCA031F6F42CCCC578C6B3880566283D17053A76DD87232507316BDE6A702717EE00196E3C22926A8C7B6ED4AFD3E58E1B3D2F8896E014BDD10306DB83F850F46810636218B3F9413758EB2365DD10DDE085731EE1A93C9D0A4892216DA3E12A26753FED5E7E4C104FF6FA2AA6A5E01A378F19A989AAE57F986602FCD7FC59DF4AEB9A5B4973598BD089AE54D79F97A8929E71D1B77CE1170C558773D86337349A42ACACF6D5716059515D3C3E96F55F8A8B93717E0F038813231CBBE88A00398158EE95EA416A2CACA51FB68729448C5C42DB165025A16B04717C41667C3DF58C279D7F8A201E02B0F254C741C6CA6FE542E88308D499CE56F42723"
    "OODEFRAG11.00.00.01WORKSTATION"="7D12FA4FDD2103344AB82AFDAB8A42B7FC12DF51B2DD4F39C190668182CA08606A037FB1F5E99BB2AD5829A41F06B2163CE5AD7CF9F2EE581B4E90107B72B4485AE739CB65AA4BE31041FE24702EC68EAD30F8184491C4601CE82843401078FC3035640696C78AFD68ACA5AC2EF74170FD08993B63DD005C467B823E881B1261632773AAC5A6C5DE4295CC523C595EB06E4A18657F81CAF9AFE1A786610BB3FB7E3A8AE90632DC85BE39568E50CE48E8D317B6F695293B0B843C5305AB5E0778A1B184573D59A316919C59BC75D8A1551A52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B5554DD010032BC5CADB24ED2425DC526B017A92D0746D22031DA12BCB6C17FEA96B6088ABBA0934932BFB5189CACB41582F8A0C80D8052C9F7E99A87499FED10603222AA673075C64C5495222BD9B325F3D7A69759F6409C730C790367004FC481F23A2DE3331B9E9C55AA2F096A338E1A6F54875925107B12F5509BE8A7AA41E5EA8BF050507EB630A325DCB71328D52AB5CAA9C7F8518293B9E1D1005A916C4222E37A1F77DB827B8877DDEEC878D3DD0C2F4DBB42FD00ADB33397B82CBBE12125F1E8B9DFB051BB4456227ACD93BBD5DEE70758971EB4958D7B1AD288F316B979DF1728DDD5FBC2D0853F8D8D03A07DE5E4B81D36048693E06BBA19E99264D607F1157E2F4F49C0F24767A9D0A53DCA3BD976DF207E58860E9F2A7947F77C4DD4EBE11BA839C5E0D9FD8272A97F39841F2C8F6C5646CD35163D4E43B4CA3F74887A248B942CB3A9FB5EACBB07CACA78E953A32B068250C6C8844D249FE4E1D995D48F904DDA07C0153010E6B33B28CA9EE27089D7A7D88CC20863EF60CBDFD0E349E794675D907321C53E194A75EDA7180B3B2F8F40735D52748460359DC7CA9A5F86C2F1DDA4B73E57E146B3C2DBC0AFC63C3B2A4798C2B4F16E12E423B0A317F90CB70DDACD3CE3C03C235C4BF6FDA4D1F9D40CB2DA4B57B62583F948BADAFC3FDE6BF31F93C8CDC46DF378BDA44130B367899A0A021A34584C67F962504F32742DCD90B93343F3A0E3440CBE7A09E8659E03C4E753EE5F7B61EBBFA013C0E9341A5FCCB6D8037FB89581C38F37CB5441D35A87171C8311696A24570BF985527C08A6ACD9EF90C7BC63C2275AEE6CD7AFBA9621D00A37F5227EE749325F064B26D29EADB630C9947BC23289BEE002394524672D5AC448C17CE6D9F7815B099BBD5F3C6361DB77FA2C0A209B82BFD37B2626866172A37DA7FD760A7A69DD6967CEEAFCE124D109F0412A5264E82A9CDA8D03CCE4FCF18AFDB715C6A186B76BF618EF5D4161D3E2294CF6B624F355F6E7DA8483FDE959B13312CC9D1BBD2"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1568)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\oodag.exe
    c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\program files\Alwil Software\Avast4\Setup\avast.setup
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-25 18:57 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-25 16:57
    ComboFix2.txt 2008-03-18 21:07
    ComboFix3.txt 2008-03-18 20:50

    Avant-CF: 8,479,944,704 octets libres
    Après-CF: 8,605,241,344 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    287 --- E O F --- 2009-05-13 19:57
    0
  19. fix200 Messages postés 3365 Statut Contributeur sécurité 158
     
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TDSSserv.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
    File::
    C:\WINDOWS\system32\drivers\tdssserv.sys
    C:\windows\system32\3293728073.dat
    Service::
    TDSSserv.sys


    - Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    - Sauvegarde ce fichier sous le nom de CFScript.txt

    - Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt

    *******************************************************************************
    Télécharge Gmer:

    http://www.gmer.net#files

    tutorial ici

    Dezippes gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

    Les lignes rouges indiquent la presence d'un rootkit

    Ensuite, sur les lignes rouge:

    Services:cliques droit delete service
    Process:cliques droit kill process
    Adl ,file:cliques droit delete files

    Une fois que le scan est terminé,avant de supprimer les eventuelles ligne rouges,postes moi le rapport (tu cliques sur copy,puis tu vas dans demarrer de l'ordinateur,puis bloc note,puis edition ,puis collet.Le rapport va apparaitre)

    @+
    0
  20. damien
     
    salut

    voici le rapport de combofix

    je joins le rapport de gmer dans un prochain post

    ComboFix 09-05-25.07 - Damien 2009-05-26 12:49.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2039.1423 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Damien\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Damien\Mes documents\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\3293728073.dat"
    "c:\windows\system32\drivers\tdssserv.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\3293728073.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-26 au 2009-05-26 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-25 15:10 . 2009-05-25 15:13 -------- d-----w C:\ToolBar SD
    2009-05-25 14:24 . 2009-05-25 14:36 -------- d-----w c:\program files\Ad-remover
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\Damien\Application Data\Malwarebytes
    2009-05-25 14:05 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-25 14:05 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-25 14:05 . 2009-05-25 14:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-25 13:32 . 2009-05-25 13:55 -------- d-----w C:\FindyKill
    2009-05-25 13:24 . 2009-05-25 13:25 -------- d-----w C:\rsit
    2009-05-24 18:08 . 2009-05-24 18:38 -------- d-----w c:\windows\BDOSCAN8
    2009-05-24 18:01 . 2009-05-24 18:01 100240 ----a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-24 17:57 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
    2009-05-24 17:57 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    2009-05-24 17:57 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    2009-05-24 17:57 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
    2009-05-24 17:57 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
    2009-05-24 17:57 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
    2009-05-24 17:57 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
    2009-05-24 17:57 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    2009-05-24 17:57 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
    2009-05-24 17:47 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-24 15:49 . 2009-05-25 14:56 -------- d-----w c:\program files\Trend Micro
    2009-05-24 14:48 . 2009-05-24 14:48 -------- d-sh--w c:\documents and settings\Damien\PrivacIE
    2009-05-24 14:47 . 2009-05-24 14:47 -------- d-sh--w c:\documents and settings\Damien\IETldCache
    2009-05-24 14:46 . 2009-05-24 14:46 -------- d-----w c:\windows\ie8updates
    2009-05-24 14:45 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
    2009-05-24 14:44 . 2009-05-24 14:45 -------- dc-h--w c:\windows\ie8
    2009-05-18 15:38 . 2009-05-18 15:38 -------- d-----w c:\documents and settings\Damien\Application Data\ImgBurn
    2009-05-18 15:09 . 2009-05-18 15:09 -------- d-----w c:\program files\ImgBurn
    2009-05-18 11:15 . 2009-05-18 11:24 -------- d-----w c:\program files\PC Wizard 2008
    2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\documents and settings\Damien\Local Settings\Application Data\MulletPower
    2009-05-16 00:33 . 2009-05-16 00:33 57344 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-61b3398b-n\Decora-SSE.dll
    2009-05-16 00:33 . 2009-05-16 00:33 24064 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7db2921d-n\Decora-D3D.dll
    2009-05-16 00:33 . 2009-05-16 00:33 315392 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl.dll
    2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_awt.dll
    2009-05-16 00:33 . 2009-05-16 00:33 114688 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5dabaac3-n\jogl_cg.dll
    2009-05-16 00:33 . 2009-05-16 00:33 20480 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-76dba7b2-n\gluegen-rt.dll
    2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcp71.dll
    2009-05-16 00:33 . 2009-05-16 00:33 499712 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\jmc.dll
    2009-05-16 00:33 . 2009-05-16 00:33 348160 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-28610b75-n\msvcr71.dll
    2009-05-14 17:53 . 2009-05-14 17:53 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
    2009-05-14 17:53 . 2009-05-14 21:08 -------- d-----w c:\documents and settings\Damien\Application Data\Azureus
    2009-05-14 17:52 . 2009-05-18 15:05 -------- d-----w c:\program files\Vuze
    2009-05-14 09:45 . 2009-05-14 09:55 -------- d-----w c:\program files\PokerStars
    2009-05-08 08:22 . 2009-05-17 17:12 -------- d-----w C:\Poker
    2009-05-06 14:15 . 2009-05-25 14:48 -------- d-----w c:\program files\bwin
    2009-04-29 09:22 . 2009-04-29 09:21 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-04-29 09:21 . 2009-04-29 09:21 152576 ----a-w c:\documents and settings\Damien\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-28 08:52 . 2009-04-28 08:55 -------- d-----w c:\program files\RocketDock
    2009-04-26 11:54 . 2009-05-13 15:18 -------- d-----w c:\program files\The Adventure Company

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-26 10:52 . 2009-03-22 22:11 -------- d-----w c:\documents and settings\Damien\Application Data\Free Download Manager
    2009-05-26 10:47 . 2009-03-04 17:56 -------- d-----w c:\documents and settings\Damien\Application Data\BitTorrent
    2009-05-26 10:42 . 2008-11-24 17:54 -------- d-----w c:\documents and settings\Damien\Application Data\DNA
    2009-05-26 07:48 . 2008-02-19 10:27 -------- d-----w c:\program files\Mozilla Thunderbird
    2009-05-26 07:02 . 2009-03-25 19:37 -------- d-----w c:\program files\jntqn
    2009-05-26 07:02 . 2008-11-24 17:54 -------- d-----w c:\program files\DNA
    2009-05-25 14:48 . 2009-03-25 19:26 -------- d-----w c:\program files\ScenicReflections
    2009-05-25 14:47 . 2002-08-30 12:00 84526 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-25 14:47 . 2002-08-30 12:00 510324 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-24 15:12 . 2008-03-10 11:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-24 14:47 . 2008-02-15 17:30 100240 -c--a-w c:\documents and settings\Damien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-24 14:41 . 2008-02-15 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-24 14:40 . 2008-02-15 18:15 -------- d-----w c:\program files\Microsoft Works
    2009-05-20 13:10 . 2009-02-04 10:12 -------- d-----w c:\program files\GRATIS
    2009-04-29 09:21 . 2008-02-25 13:02 -------- d-----w c:\program files\Java
    2009-04-28 08:51 . 2008-03-05 08:34 -------- d-----w c:\program files\eMule
    2009-04-19 14:11 . 2009-04-19 14:11 -------- d-----w c:\program files\CCleaner
    2009-04-02 16:35 . 2009-04-02 16:35 -------- d-----w c:\program files\MSN Reaper
    2009-03-26 17:07 . 2009-03-26 17:07 1607184 ----a-w c:\windows\system32\Aquarium Exotique.scr
    2009-03-25 19:37 . 2009-03-25 19:37 118784 ----a-w c:\windows\Web\Wallpaper\Scenic- Beach Scenes Wallpaper dir\uninstall.exe
    2009-03-08 02:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 02:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 02:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 02:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 02:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 02:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 02:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 02:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 02:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 02:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
    2009-02-25 20:59 . 2009-02-25 20:59 1316096 ----a-w c:\windows\system32\ooscrsav.scr
    2009-02-25 20:59 . 2009-02-25 20:59 730368 ----a-w c:\windows\system32\oodsvct.exe
    2009-02-25 20:59 . 2009-02-25 20:59 1352960 ----a-w c:\windows\system32\oodag.exe
    2009-02-25 20:58 . 2009-02-25 20:58 2553088 ----a-w c:\windows\system32\oodtray.exe
    2009-02-25 20:57 . 2009-02-25 20:57 194816 ----a-w c:\windows\system32\oodbs.exe
    2009-02-25 20:54 . 2009-02-25 20:54 955648 ----a-w c:\windows\system32\oodtrrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 541952 ----a-w c:\windows\system32\oodssrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 9984 ----a-w c:\windows\system32\oodbsrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 8448 ----a-w c:\windows\system32\oodagrs.dll
    2009-02-25 20:54 . 2009-02-25 20:54 17152 ----a-w c:\windows\system32\oodagmg.dll
    2007-11-09 14:25 . 2008-09-15 13:56 57344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-25_15.38.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-26 07:00 . 2009-05-26 07:00 16384 c:\windows\TEMP\Perflib_Perfdata_598.dat
    + 2009-05-26 07:00 . 2009-05-26 07:00 16384 c:\windows\TEMP\Perflib_Perfdata_42c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-04 321344]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-01-24 160592]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-02-26 131072]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-02-26 155648]
    "Persistence"="c:\windows\System32\igfxpers.exe" [2007-02-26 131072]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-06 185896]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
    "jntqn"="c:\program files\jntqn\jntqn.exe" [2007-07-27 159744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Damien\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/u 1999-\[u]0/u<?<?<?û?\[u]0/uŸ<Ÿ\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Damien^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
    path=c:\documents and settings\Damien\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
    backup=c:\windows\pss\Y'z Toolbar.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\Damien\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Mindscape\\Web Creator Pro 3\\FTPCopyDir.exe"=
    "c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-24 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-24 20560]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger avec IDM
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Télécharger le contenu de video FLV avec IDM
    IE: Télécharger tous les liens avec IDM
    Trusted Zone: secuser.com\www
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
    FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
    FF - plugin: c:\documents and settings\Damien\Application Data\Mozilla\Firefox\Profiles\lgs3llnl.default\extensions\npfax@microgaming.com\platform\WINNT_x86-msvc\plugins\npfax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-26 12:51
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4a997c2c-8ea0-4de6-a558-142dce9ae901}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000050
    "Therad"=dword:00000014

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):49,0e,b1,7f,37,bf,b2,f2,b0,86,f6,c4,e0,49,26,70,98,fc,c1,92,a3,
    d1,6f,09,4f,23,3b,e7,a7,d8,2c,78,77,5e,32,87,bc,7e,1b,03,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG06.00.00.01WORKSTATION"="B289C2B999E5DA628CA99F45260919A466FC4701F7ADF28A7DE7536E27270E38B07035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74C868638E43F6879BF6B79AB0E96661556EDA02D99EFEFA8C7DD8E84313ED1502FAA414577A42360CE52E09710C2C658AE9C85DF43E279333CA894AD2EE6FAFB04C72BF778133CB47C2996B32C1CA392525BE2AE12915F0358136F45990D448679C81F5F623BC7DABF2B10C0402FFC6B6A50E5ADE0832624974E26D5F454DC84788F9E19757E3E0793036615EBB9B15DA316628751F5BA77F704E2FE8196D7D8EEEFCCDAB5737C467753D51992AF89BA2DB9CCFA49586AB1FACBF47445E1AEBE51AFF1EBE7E5C17570303F4A5C39AC253D3D3FDA71D0665B24B74F7D0A78B943950D79AA9952334906A22939B6B029158B17F70B38B747D100C90A755DCE3AC9B5B6F384186D5AC7C2293A8C51286F56D532D808CB9786461AF7DD4B130ED306B0529400779B21CA3733407C20DF5509DB6B6760A3B282BC852F2A02C0958C038A7533348F785982F5272D58D9D1942062954D34797DFC8DD6CCF3B0BFF4519EC72E4D4E79D3387018DB147E7DA8C963B1F45ABB49A01D66A7A4DE832F72EF8AF47C808E952D55EB3920AFE4494477F01746FD4153766DC7977E39B9EF089D4B9FD31247883D2CA077B45A9641B602B46335CE219E93DC0746936F252AE2F0BBD91CE9E336ED9E0CF7CE18AFAF4933756A65884F73B8BBCBD91494AEC564E30BBBB0135ECC5E700161178CE01D77B94A85EB06D1DE60C114FBA3E05272A2D7B8DF633FC7B9E04AA7DFAA0070DDEFA41E12D2CBC232B60A2FDAD7AE1DA2E5109AE3F63F4330FA3879A29A5F370216EA31EE19FE51819B91C2273C7C320BAC335CEA238E8B2868AA455EEB3B236502E51881AEE73D29A43CC717CF6D4B2628CC791B94C66A5D96F5AE49174AB3A17FD1B9B2FCF6DEC299CE0B6506C832B3BE4C46A0EBA741CCA953AB2089657F970CD1526F5ABCA031F6F42CCCC578C6B3880566283D17053A76DD87232507316BDE6A702717EE00196E3C22926A8C7B6ED4AFD3E58E1B3D2F8896E014BDD10306DB83F850F46810636218B3F9413758EB2365DD10DDE085731EE1A93C9D0A4892216DA3E12A26753FED5E7E4C104FF6FA2AA6A5E01A378F19A989AAE57F986602FCD7FC59DF4AEB9A5B4973598BD089AE54D79F97A8929E71D1B77CE1170C558773D86337349A42ACACF6D5716059515D3C3E96F55F8A8B93717E0F038813231CBBE88A00398158EE95EA416A2CACA51FB68729448C5C42DB165025A16B04717C41667C3DF58C279D7F8A201E02B0F254C741C6CA6FE542E88308D499CE56F42723"
    "OODEFRAG11.00.00.01WORKSTATION"="7D12FA4FDD2103344AB82AFDAB8A42B7FC12DF51B2DD4F39C190668182CA08606A037FB1F5E99BB2AD5829A41F06B2163CE5AD7CF9F2EE581B4E90107B72B4485AE739CB65AA4BE31041FE24702EC68EAD30F8184491C4601CE82843401078FC3035640696C78AFD68ACA5AC2EF74170FD08993B63DD005C467B823E881B1261632773AAC5A6C5DE4295CC523C595EB06E4A18657F81CAF9AFE1A786610BB3FB7E3A8AE90632DC85BE39568E50CE48E8D317B6F695293B0B843C5305AB5E0778A1B184573D59A316919C59BC75D8A1551A52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B5554DD010032BC5CADB24ED2425DC526B017A92D0746D22031DA12BCB6C17FEA96B6088ABBA0934932BFB5189CACB41582F8A0C80D8052C9F7E99A87499FED10603222AA673075C64C5495222BD9B325F3D7A69759F6409C730C790367004FC481F23A2DE3331B9E9C55AA2F096A338E1A6F54875925107B12F5509BE8A7AA41E5EA8BF050507EB630A325DCB71328D52AB5CAA9C7F8518293B9E1D1005A916C4222E37A1F77DB827B8877DDEEC878D3DD0C2F4DBB42FD00ADB33397B82CBBE12125F1E8B9DFB051BB4456227ACD93BBD5DEE70758971EB4958D7B1AD288F316B979DF1728DDD5FBC2D0853F8D8D03A07DE5E4B81D36048693E06BBA19E99264D607F1157E2F4F49C0F24767A9D0A53DCA3BD976DF207E58860E9F2A7947F77C4DD4EBE11BA839C5E0D9FD8272A97F39841F2C8F6C5646CD35163D4E43B4CA3F74887A248B942CB3A9FB5EACBB07CACA78E953A32B068250C6C8844D249FE4E1D995D48F904DDA07C0153010E6B33B28CA9EE27089D7A7D88CC20863EF60CBDFD0E349E794675D907321C53E194A75EDA7180B3B2F8F40735D52748460359DC7CA9A5F86C2F1DDA4B73E57E146B3C2DBC0AFC63C3B2A4798C2B4F16E12E423B0A317F90CB70DDACD3CE3C03C235C4BF6FDA4D1F9D40CB2DA4B57B62583F948BADAFC3FDE6BF31F93C8CDC46DF378BDA44130B367899A0A021A34584C67F962504F32742DCD90B93343F3A0E3440CBE7A09E8659E03C4E753EE5F7B61EBBFA013C0E9341A5FCCB6D8037FB89581C38F37CB5441D35A87171C8311696A24570BF985527C08A6ACD9EF90C7BC63C2275AEE6CD7AFBA9621D00A37F5227EE749325F064B26D29EADB630C9947BC23289BEE002394524672D5AC448C17CE6D9F7815B099BBD5F3C6361DB77FA2C0A209B82BFD37B2626866172A37DA7FD760A7A69DD6967CEEAFCE124D109F0412A5264E82A9CDA8D03CCE4FCF18AFDB715C6A186B76BF618EF5D4161D3E2294CF6B624F355F6E7DA8483FDE959B13312CC9D1BBD2"
    .
    Heure de fin: 2009-05-26 14:03
    ComboFix-quarantined-files.txt 2009-05-26 12:03
    ComboFix2.txt 2009-05-25 16:57
    ComboFix3.txt 2008-03-18 21:07
    ComboFix4.txt 2008-03-18 20:50

    Avant-CF: 8,617,926,656 octets libres
    Après-CF: 8,606,597,120 octets libres

    236 --- E O F --- 2009-05-13 19:57
    0
  • 1
  • 2