Virus: Google redirige mes recherches

Rapport GenProc 2.617 [1] - 2009-08-31 à 14:08:11
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Germain *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.617 2009-08-31 à 14:08:24
Toolbar:le 2009-08-31 à 14:08:53 "C:\WINDOWS\iun6002.exe"

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 14:09:23 ~~

Tu désinstalles des sites web toi ? Bravo

www.google.fr c'est pas un site web... J'en apprend aujourd'hui dis donc !

Un site web peut aussi être un moteur de recherche ou en intégrer un

Non je ne compte pas me battre mais quand on ne sais pas, on se tait...

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 12/24/07 14:46:29 Ver: 08.00.10
USER : Germain ( Administrator )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090831-0] 4.8.1351 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:146 Go (Free:80 Go)
D:\ (Local Disk) - NTFS - Total:151 Go (Free:91 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 2009-08-31|14:54 )
C:\WINDOWS\iun6002.exe
C:\DOCUME~1\Germain\LOCALS~1\Temp\ICD1.tmp

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Germain\LOCALS~1\Temp\AIM_6.5.11.1\Toolbar.exe
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\Germain\LOCALS~1\Temp\ICD1.tmp

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://fr.canoe.ca/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ KoobFace !

C:\WINDOWS\mmsmark2.dat
C:\WINDOWS\nlmark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Germain\Application Data\Shareaza\Torrents\Replay Media Catcher 2.10 + Crack.torrent
C:\DOCUME~1\Germain\Favoris\cracks.url
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\A Hundred Million Suns - Snow Patrol - Crack The Shutters.mp3
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe.rar
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Replay AV v8.00 (capture video & audio web)+ crack.rar
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Replay Media Catcher 2.01+Crack.zip
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE\dvdaudioextractor.exe
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE\Goldesel_-_Visit_us_for_more_brandnew_stuff.url
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE\keygen.exe
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE\tbe.nfo
C:\DOCUME~1\Germain\Mes documents\Shareaza Downloads\Dvd Audio Extractor v4.2.2 Incl Keygen-Tbe\DVD.Audio.Extractor.v4.2.2.Incl.Keygen-TBE\Wichtig_Lesen_Goldesel_Adressen.txt



1 - "C:\ToolBar SD\TB_1.txt" - 2009-08-31|14:56 - Option : [2]

-----------\\ Fin du rapport a 14:56:29,35





Rapport GenProc 2.617 [2] - 2009-08-31 à 15:04:09
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


# Etape 1/ Télécharge :
ToolsCleaner! http://pc-system.fr/ (A.Rothstein & Dj QUIOU) sur ton Bureau.

# Etape 2/
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt


# Etape 3/
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:58, on 2009-08-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\sySTEM32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Germain_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

ComboFix 09-08-31.03 - Germain 2009-08-31 15:28.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3447.2924 [GMT -4:00]
Running from: c:\documents and settings\Germain\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090831-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
[i] ADS - system32: deleted 40 bytes in 1 streams. /i
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. /i

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\0101120101464857.xe
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\0101120101465349.xe
c:\windows\Installer\af22.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX
-------\Legacy_ddnsfilter
-------\Service_ddnsfilter


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 19:02 . 2009-08-31 19:02 -------- d-----w- c:\program files\Avanquest update
2009-08-31 18:28 . 2009-08-31 18:28 -------- d-----w- c:\program files\CCleaner
2009-08-31 02:42 . 2009-08-31 03:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-31 02:27 . 2009-08-31 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-31 02:17 . 2009-08-31 02:17 -------- d-----w- c:\documents and settings\Germain\Application Data\Malwarebytes
2009-08-31 02:17 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 02:17 . 2009-08-31 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-31 02:17 . 2009-08-31 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-31 02:17 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 15:38 . 2009-08-30 15:38 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-08-29 20:20 . 2009-08-29 20:20 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-29 20:20 . 2009-08-30 21:48 263 ----a-w- c:\windows\ex1234.dat
2009-08-29 20:19 . 2009-08-29 20:19 1 ---h--w- c:\windows\ex23567.dat
2009-08-29 20:19 . 2009-08-29 20:19 1 ---h--w- c:\windows\nlmark2.dat
2009-08-29 20:19 . 2009-08-29 20:19 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-24 21:18 . 2009-08-24 21:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\agi
2009-08-12 17:34 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 19:02 . 2008-03-03 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 18:34 . 2008-03-05 01:42 -------- d-----w- c:\program files\Google
2009-08-31 02:52 . 2009-07-26 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-30 04:18 . 2008-12-14 15:13 -------- d-----w- c:\program files\PartyGaming
2009-08-30 04:17 . 2009-07-15 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-30 04:17 . 2008-04-02 22:00 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-08-30 04:15 . 2008-07-12 11:38 -------- d-----w- c:\program files\SlySoft
2009-08-17 16:10 . 2008-03-03 18:58 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-03 18:58 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-03 18:58 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-05-11 02:16 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-05-11 02:16 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-03 18:58 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-03 18:58 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-03 18:58 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-03 18:58 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 13:45 . 2009-08-10 13:45 12628 ----a-w- c:\program files\messieu yve corbeil déguiser en homme invisible.fac
2009-08-10 13:43 . 2009-08-10 13:43 12628 ----a-w- c:\program files\harry potter chauve.fac
2009-08-10 13:38 . 2008-07-20 13:05 12628 ----a-w- c:\program files\ousama benladen.fac
2009-08-05 09:00 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 14:55 . 2008-06-19 22:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 14:00 . 2009-08-01 14:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi
2009-08-01 14:00 . 2009-08-01 14:00 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-08-01 14:00 . 2009-08-01 14:00 2117632 ----a-w- c:\windows\system32\python25.dll
2009-08-01 14:00 . 2009-08-01 14:00 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-07-24 12:46 . 2009-07-24 12:46 -------- d-----w- c:\program files\MétéoMédia
2009-07-17 19:03 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 13:41 . 2006-03-02 12:00 63818 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-17 13:41 . 2006-03-02 12:00 445346 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-15 22:09 . 2008-03-30 15:25 -------- d-----w- c:\program files\Norton Security Scan
2009-07-15 22:09 . 2009-07-15 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 22:09 . 2009-07-15 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-14 03:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-04 02:02 . 2008-10-20 02:42 -------- d-----w- c:\program files\PokerStars.NET
2009-07-03 16:57 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2006-03-02 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:21 . 2008-03-03 17:20 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2006-03-02 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-04-13 19:30 . 2009-04-13 19:30 2524896 ----a-w- c:\program files\Nero7_chm_Fra.exe
2009-04-08 21:10 . 2009-04-08 21:10 12628 ----a-w- c:\program files\john lennon.fac
2009-04-04 17:06 . 2009-04-04 17:04 8597840 ----a-w- c:\program files\Windows_Movie_Maker_2.0.exe
2009-02-04 22:35 . 2009-02-04 22:35 613895 ----a-w- c:\program files\prof_de_champ.jpg
2009-02-04 22:34 . 2009-02-04 22:31 460854 ----a-w- c:\program files\equivalences.jpg
2009-02-03 01:12 . 2009-02-03 01:11 29017528 ----a-w- c:\program files\FileFormatConverters.exe
2008-12-29 15:25 . 2008-12-29 15:25 1943689 ----a-w- c:\program files\installer_Power_MP3_Cutter_1_0.exe
2008-12-01 00:11 . 2008-12-01 00:11 2009404 ----a-w- c:\program files\drm_packager_135.zip
2008-11-27 11:33 . 2008-11-27 11:32 8997595 ----a-w- c:\program files\themes_creator_3.32.zip
2008-11-27 03:23 . 2008-11-27 03:23 633399 ----a-w- c:\program files\SWFOpenerSetup.exe
2008-10-06 02:17 . 2008-10-06 02:17 7168 --sha-w- c:\program files\Thumbs.db
2008-09-21 12:54 . 2008-09-21 12:54 267056 ----a-w- c:\program files\utorrent.exe
2008-09-21 12:49 . 2008-09-21 12:49 938120 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-09-14 19:21 . 2008-09-14 19:21 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-07-20 12:59 . 2008-07-20 12:59 12628 ----a-w- c:\program files\mol.fac
2008-06-08 21:08 . 2008-06-08 21:08 2370048 ----a-w- c:\program files\expéditio...ppt
2008-06-08 19:32 . 2008-06-08 19:31 12590 ----a-w- c:\program files\léon le professionel.fac
2008-06-07 02:09 . 2008-06-07 02:09 39833 ----a-w- c:\program files\phoqueléo.JPG
2008-06-04 01:58 . 2008-06-04 01:58 130273 ----a-w- c:\program files\Dernier+continent.jpg
2008-05-11 03:42 . 2008-05-09 01:37 4500672 ----a-w- c:\program files\RCATSetup.exe
2008-03-20 01:38 . 2008-03-20 01:38 1104734 ----a-w- c:\program files\dvdshrink_3.2.0.16_fr.zip
2008-03-20 00:50 . 2008-03-20 00:50 899414 ----a-w- c:\program files\SetupDVDDecrypter_3.5.4.0.exe
2008-03-19 01:36 . 2008-03-19 01:36 6228072 ----a-w- c:\program files\Setup_FreeConverter.exe
2008-03-19 01:24 . 2008-03-19 01:24 2000324 ----a-w- c:\program files\cdex_151.exe
2008-03-15 02:54 . 2008-03-15 02:54 5924080 ----a-w- c:\program files\840-enu-xpinfu.exe
2008-03-11 21:40 . 2008-03-11 21:40 3723454 ----a-w- c:\program files\IZArc_Setup.exe
2008-03-11 21:37 . 2008-03-11 21:37 860391 ----a-w- c:\program files\7z457.exe
2008-03-07 21:43 . 2008-03-07 21:42 5265101 ----a-w- c:\program files\Shareaza_2.3.1.0_Win32.exe
2008-03-06 14:20 . 2008-03-06 14:20 59163944 ----a-w- c:\program files\iTunesSetup.exe
2008-03-06 02:43 . 2008-03-06 02:43 2402832 ----a-w- c:\program files\WLinstaller.exe
2008-03-05 20:35 . 2008-03-05 20:35 38790688 ----a-w- c:\program files\Realtek_HDAudio_v51005506.zip
2008-03-05 19:59 . 2008-03-05 19:59 26081790 ----a-w- c:\program files\WDM_R186.exe
2008-03-05 19:24 . 2008-03-05 19:24 849 ----a-w- c:\program files\HP Deskjet 5700 Series Guide de l'utilisateur.lnk
2008-03-05 19:24 . 2008-03-05 19:19 940 ----a-w- c:\program files\sfx.log
2008-03-05 19:19 . 2008-03-05 19:19 31724512 ----a-w- c:\program files\5700_fra_win2k_xp.exe
2008-03-05 19:15 . 2008-03-05 19:09 16833056 ----a-w- c:\program files\5700_enu_win2k_xp.exe
2008-07-12 11:39 . 2008-07-12 11:38 24 --sh--w- c:\windows\SCEB80AF1.tmp
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-07 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-09-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"VideotronSA.exe"="c:\program files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-12-17 2065648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2004-2-28 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-10 114768]
R1 Filter;Filter;c:\windows\system32\drivers\Filter.sys [2009-08-30 37760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-10 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-03-25 24652]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2009-05-18 17432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-30 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-12-01 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-12-01 85696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-05 14:41]

2009-08-31 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.canoe.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 15:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{120DD7CE-F761-D227-3DEF-DE163CD5C2A3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapfmdlpajdnhbkbgf"=hex:6b,61,6c,6d,6c,6a,66,61,6d,6e,70,65,61,64,68,6f,65,65,
6e,68,6f,6e,00,00
"hafggjhhdajmgdog"=hex:6b,61,6c,6d,6c,6a,66,61,70,6e,69,65,69,64,6b,6c,64,67,
70,62,69,6c,00,7e
"halgmgcilnnkmbpe"=hex:61,61,00,7e
"halgmgcicndalldn"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-31 15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 19:35

Pre-Run: 90 150 723 584 octets libres
Post-Run: 90 029 780 992 octets libres

265 --- E O F --- 2009-08-26 07:00

Désolé pour la réponse tardive.



;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-09-01 20:49:54
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1351 [VPS 090901-0] 4.8.1351 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00110851 adware/qoologic Adware No 0 Yes No c:\windows\downloaded program files\installer.exe
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@advertising[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Germain\Cookies\germain@www3.addfreestats[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP590\A0042156.sys
02605587 Generic Worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP590\A0042150.exe
02605732 W32/Koobface.EP.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP590\A0042153.exe
02607177 Generic Worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP590\A0042151.exe
02610587 Generic Worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP590\A0042152.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP591\A0043019.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location r
;===================================================================================================================================================================================
No C:\System Volume Information\_restore{8BA79C4D-E1FF-4D47-B86F-66FBF51A9981}\RP591\A0042816.exe r
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description r
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Je n'ai pas trouvé installer.exe, dois-je procéder la suite des instructions?



c:\windows\downloaded program files\installer.exe