Virus iexplore.exe + rapport hijackthis [Résolu/Fermé]

Signaler
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013
-
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
-
Bonjour, j'ai un peu soucis depuis quelques semaines.
Une fenêtre s'ouvre toutes les 30 secondes: IEXPLORE.EXE avec comme message : iexplore.exe a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru.
Je n'arrives pas à m'en débarrasser et je voudrais que vous m'aidiez à enlever cette fenêtre intempestive !
Dîtes moi ce qu'il faut que je mette en quarantaine ou que je supprime dans mon rapport hijackthis ci-dessous :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:00, on 16/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [puwou] C:\WINDOWS\system32\koujou.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [updtr.exe] c:\windows\system32\updtr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [puwou] C:\WINDOWS\system32\koujou.exe
O4 - HKCU\..\Run: [manager dupe] D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\ObjLogoDebug.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1694146165-2628061020-2127861650-1008\..\Run: [MessengerPlus3] "\" /WinStart (User 'ANNABELLE')
O4 - HKUS\S-1-5-21-1694146165-2628061020-2127861650-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'ANNABELLE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Compare Prices with &Dealio - D:\Documents and Settings\COEUR OLIVIER\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: bcveServ (nxnmas7y3aiu9) - Unknown owner - C:\WINDOWS\system32\koujou.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

63 réponses

Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

J'ai trouvé un autre lien pour Combofix sur un forum je vais faire l'analyse et je vous donne le rapport de l'analyse après !
Merci de votre patiente a toute suite
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Non,
attends une minute stp
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

RE.

OK! le lien que j'ai trouvé sur internet ne march epas non plus je n'arrives pas a faire enregistrer le lien sous sa ne marche toujours pas :s
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Ce lien c'est ComboFix ou un autre logiciel ?
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
c'est combofix renommé
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Ok merci.
Je lance l'analyse tout fonctionne parfaitement et lorsque c'est la 31e étape terminé un écran bleu s'affiche et je dois redémarrer l'ordinateur car mon ordi a planté je l'ai déjà fait 2 fois mais l'analyse ne s'effectue pas entièrement et je n'arrive pas à avoir le rapport de Combofix !
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

j'ai eu 2 analyse apparement de Combofix:

ComboFix 08-03-05.1 - COEUR OLIVIER 2008-03-05 18:51:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00]
Endroit: D:\Documents and Settings\COEUR OLIVIER\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\COEUR OLIVIER\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\[u]0/u
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\1BE42A9
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\dgjiwurr.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\eanvvxjp.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\more dash jump anti.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\ObjLogoDebug.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.

2008-03-04 19:12 . 2008-03-04 19:17 <REP> d-------- C:\Program Files\Navilog1
2008-03-04 17:50 . 2008-03-04 17:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 17:50 . 2008-03-04 17:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:06 . 2008-03-03 20:06 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Application Data\Grisoft
2008-03-03 20:01 . 2008-03-03 20:01 <REP> d-------- D:\Documents and Settings\Christine\Application Data\AVG7
2008-03-03 20:00 . 2008-03-03 20:00 <REP> d-------- D:\Documents and Settings\Christine\Application Data\Grisoft
2008-03-02 12:06 . 2008-03-02 12:06 <REP> d-------- D:\Documents and Settings\ANNABELLE\Application Data\Grisoft
2008-02-28 15:07 . 2008-02-28 15:09 <REP> d-------- D:\Documents and Settings\ANNABELLE\Application Data\AVG7
2008-02-27 19:29 . 2008-02-27 20:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 19:21 . 2008-02-27 19:21 3,262 --a------ C:\WINDOWS\system32\ocasino2.ico
2008-02-27 10:11 . 2008-02-27 19:10 <REP> d-------- D:\Documents and Settings\THEOPHILE\Application Data\AVG7
2008-02-27 00:07 . 2008-02-27 00:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-26 23:29 . 2008-02-26 23:54 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Application Data\AVG7
2008-02-26 23:28 . 2008-02-26 23:28 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\AVG7
2008-02-26 23:28 . 2008-03-01 11:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 23:28 . 2008-03-04 23:00 <REP> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 23:04 . 2008-02-26 23:04 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Contacts
2008-02-26 22:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-26 22:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-26 22:40 . 2008-02-26 22:40 <REP> d-------- C:\Program Files\Dcads Games Collection
2008-02-26 22:39 . 2008-02-26 22:39 <REP> d-------- C:\Program Files\Boonty
2008-02-26 22:21 . 2008-02-26 22:39 <REP> d-------- C:\Program Files\BoontyGames
2008-02-26 21:08 . 2008-02-27 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-26 20:52 . 2008-02-26 20:52 <REP> d-------- C:\Program Files\Alwil Software
2008-02-26 04:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-25 23:00 . 2008-03-01 19:57 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-25 22:59 . 2008-03-01 19:56 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 18:17 . 2008-02-24 18:17 <REP> d-------- C:\Program Files\FBrowsingAdvisor
2008-02-24 18:17 . 2008-02-24 18:17 <REP> d-------- C:\Program Files\FBrowserAdvisor
2008-02-24 18:17 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-02-22 14:40 . 2008-02-22 14:40 <REP> d-------- C:\Program Files\ChicStopBone
2008-02-16 16:15 . 2008-02-16 16:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-14 18:37 . 2008-02-14 18:37 <REP> d-------- D:\Documents and Settings\THEOPHILE\Application Data\ScanSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 15:17 --------- d-----w D:\Documents and Settings\ANNABELLE\Application Data\AdobeUM
2008-03-04 21:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\WinZip
2008-02-29 19:05 --------- d-----w C:\Program Files\Windows Live
2008-02-29 18:03 --------- d-----w C:\Program Files\eMule
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\ChicStopBone
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\ANNABELLE\Application Data\ChicStopBone
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Dart heck store upload
2008-02-26 22:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-26 19:17 --------- d-----w C:\Program Files\Eurobarre
2008-02-22 13:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Software rule flag owns
2008-02-14 17:38 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\Canon
2008-02-06 11:49 --------- d-----w C:\Program Files\EA SPORTS
2008-01-28 15:01 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\Autodesk
2008-01-25 06:33 46,300 ----a-w C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:39 --------- d-----w C:\Program Files\Fichiers communs\element5 Shared
2008-01-08 13:58 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\LimeWire
2008-01-07 22:08 --------- d-----w D:\Documents and Settings\COEUR OLIVIER\Application Data\ArcSoft
2008-01-07 22:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\element5
2007-12-31 17:36 2,724,328 ----a-w C:\WINDOWS\ccsetup203.exe
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 20:35 812,344 ----a-w C:\WINDOWS\HJTInstall.exe
2007-12-18 19:44 7,251,821 ----a-w C:\WINDOWS\StoikVideoConverter20.zip
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-04 06:04 374 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb6334.dat
2007-10-03 21:56 555 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb8467.dat
2007-10-03 21:56 18,432 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb41.dat
2007-09-24 15:54 5,632 -csha-w C:\Program Files\Thumbs.db
2007-07-31 11:21 4,771 ----a-w D:\Documents and Settings\ANNABELLE\nzizra.exe
2007-07-31 01:51 81,920 ----a-w D:\Documents and Settings\COEUR OLIVIER\biyfpc.exe
2007-07-30 11:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\dmekas.exe
2007-07-30 11:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ivchdd.exe
2007-07-30 11:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\juqkgu.exe
2007-07-30 11:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\twutzd.exe
2007-07-30 11:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\zwumyl.exe
2007-07-30 11:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\kdxzox.exe
2007-07-30 10:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\abcqgw.exe
2007-07-30 10:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\nrktuz.exe
2007-07-30 10:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\jeehts.exe
2007-07-30 10:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ebenxg.exe
2007-07-30 10:43 2,821 ----a-w D:\Documents and Settings\ANNABELLE\bjndnx.exe
2007-07-30 10:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\uwfzej.exe
2007-07-30 10:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\uzhzvf.exe
2007-07-30 10:29 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\uyjvsc.exe
2007-07-30 10:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\qlqnzt.exe
2007-07-30 10:23 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ohhzuc.exe
2007-07-30 10:22 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\tiqtlh.exe
2007-07-30 10:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\qjhtbs.exe
2007-07-30 10:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mrvkch.exe
2007-07-30 10:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\cfxtpw.exe
2007-07-30 10:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ftcyyc.exe
2007-07-30 10:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\kkdksw.exe
2007-07-30 10:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\iqbzzj.exe
2007-07-30 09:56 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\lzfxcn.exe
2007-07-30 09:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\wtjouw.exe
2007-07-30 09:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\maokyc.exe
2007-07-30 09:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\wkbwgl.exe
2007-07-30 09:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\eqiavl.exe
2007-07-30 09:42 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xmxvda.exe
2007-07-30 09:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\dtyuoi.exe
2007-07-30 09:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\aqvwku.exe
2007-07-30 09:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\gbgskm.exe
2007-07-30 09:22 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\exxvgv.exe
2007-07-30 09:22 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xwyvzp.exe
2007-07-30 09:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\swlmvq.exe
2007-07-30 09:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ksbylf.exe
2007-07-30 09:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\nttfhq.exe
2007-07-30 09:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\guabll.exe
2007-07-30 09:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mwkyin.exe
2007-07-30 08:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\fqqnuo.exe
2007-07-30 08:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\vpuizs.exe
2007-07-30 08:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\kbqqxy.exe
2007-07-30 08:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ffrwug.exe
2007-07-30 08:42 2,821 ----a-w D:\Documents and Settings\ANNABELLE\tovbsm.exe
2007-07-30 08:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\waicwp.exe
2007-07-30 08:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mmqxau.exe
2007-07-30 08:29 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\klrytn.exe
2007-07-30 08:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xuovcn.exe
2007-07-30 08:22 2,821 ----a-w D:\Documents and Settings\ANNABELLE\snlblj.exe
2007-07-30 08:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\nykniz.exe
2007-07-30 08:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\qmoakw.exe
2007-07-30 08:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\rxcxsp.exe
2007-07-30 08:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mqwonk.exe
2007-07-30 08:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ubpvzp.exe
2007-07-30 08:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\flgxto.exe
2007-07-30 07:56 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\shpeqw.exe
2007-07-30 07:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\nnvboz.exe
2007-07-30 07:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\olqkow.exe
2007-07-30 07:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\vtbfcz.exe
2007-07-30 07:43 2,821 ----a-w D:\Documents and Settings\ANNABELLE\btlwit.exe
2007-07-30 07:42 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\bparfp.exe
2007-07-30 07:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\fmysdj.exe
2007-07-30 07:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\iaceno.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"manager dupe"="D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\ObjLogoDebug.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 18:18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 15:37 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-16 06:31 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 08:30 729088]
"{5E-E6-67-78-ZN}"="C:\windows\system32\kqdsrngm.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-26 23:28 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-26 23:28 219136]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"= C:\WINDOWS\svchost.exe

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
--a------ 2007-05-15 12:53 2434492 C:\Program Files\Winsos\WINSOS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 N10;iriver Internet Audio Player N10;C:\WINDOWS\system32\drivers\N10.sys [2004-03-29 17:28]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-20 06:26]
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 17:14]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\851EE20795C5BC97.job"
- d:\docume~1\theoph~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\A6186F37918BE51B.job"
- d:\docume~1\coeuro~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2008-02-26 22:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\B8B546BA98F2F09E.job"
- d:\docume~1\annabe~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2005-12-09 21:04:09 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 18:52:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-03-05 18:52:30
ComboFix-quarantined-files.txt 2008-03-05 17:52:22
ComboFix2.txt 2008-03-05 17:45:03
.
2008-02-27 02:01:09 --- E O F ---

et la 2e analyse:

ComboFix 08-03-05.1 - COEUR OLIVIER 2008-03-05 18:51:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00]
Endroit: D:\Documents and Settings\COEUR OLIVIER\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\COEUR OLIVIER\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\[u]0/u
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\1BE42A9
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\dgjiwurr.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\eanvvxjp.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\more dash jump anti.exe
D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\\ObjLogoDebug.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
.

2008-03-04 19:12 . 2008-03-04 19:17 <REP> d-------- C:\Program Files\Navilog1
2008-03-04 17:50 . 2008-03-04 17:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 17:50 . 2008-03-04 17:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:06 . 2008-03-03 20:06 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Application Data\Grisoft
2008-03-03 20:01 . 2008-03-03 20:01 <REP> d-------- D:\Documents and Settings\Christine\Application Data\AVG7
2008-03-03 20:00 . 2008-03-03 20:00 <REP> d-------- D:\Documents and Settings\Christine\Application Data\Grisoft
2008-03-02 12:06 . 2008-03-02 12:06 <REP> d-------- D:\Documents and Settings\ANNABELLE\Application Data\Grisoft
2008-02-28 15:07 . 2008-02-28 15:09 <REP> d-------- D:\Documents and Settings\ANNABELLE\Application Data\AVG7
2008-02-27 19:29 . 2008-02-27 20:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-27 19:21 . 2008-02-27 19:21 3,262 --a------ C:\WINDOWS\system32\ocasino2.ico
2008-02-27 10:11 . 2008-02-27 19:10 <REP> d-------- D:\Documents and Settings\THEOPHILE\Application Data\AVG7
2008-02-27 00:07 . 2008-02-27 00:07 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-26 23:29 . 2008-02-26 23:54 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Application Data\AVG7
2008-02-26 23:28 . 2008-02-26 23:28 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\AVG7
2008-02-26 23:28 . 2008-03-01 11:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 23:28 . 2008-03-04 23:00 <REP> d-------- D:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 23:04 . 2008-02-26 23:04 <REP> d-------- D:\Documents and Settings\COEUR OLIVIER\Contacts
2008-02-26 22:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-26 22:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-26 22:40 . 2008-02-26 22:40 <REP> d-------- C:\Program Files\Dcads Games Collection
2008-02-26 22:39 . 2008-02-26 22:39 <REP> d-------- C:\Program Files\Boonty
2008-02-26 22:21 . 2008-02-26 22:39 <REP> d-------- C:\Program Files\BoontyGames
2008-02-26 21:08 . 2008-02-27 03:01 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-26 20:52 . 2008-02-26 20:52 <REP> d-------- C:\Program Files\Alwil Software
2008-02-26 04:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-25 23:00 . 2008-03-01 19:57 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-25 22:59 . 2008-03-01 19:56 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 18:17 . 2008-02-24 18:17 <REP> d-------- C:\Program Files\FBrowsingAdvisor
2008-02-24 18:17 . 2008-02-24 18:17 <REP> d-------- C:\Program Files\FBrowserAdvisor
2008-02-24 18:17 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-02-22 14:40 . 2008-02-22 14:40 <REP> d-------- C:\Program Files\ChicStopBone
2008-02-16 16:15 . 2008-02-16 16:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-14 18:37 . 2008-02-14 18:37 <REP> d-------- D:\Documents and Settings\THEOPHILE\Application Data\ScanSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 15:17 --------- d-----w D:\Documents and Settings\ANNABELLE\Application Data\AdobeUM
2008-03-04 21:45 --------- d-----w D:\Documents and Settings\All Users\Application Data\WinZip
2008-02-29 19:05 --------- d-----w C:\Program Files\Windows Live
2008-02-29 18:03 --------- d-----w C:\Program Files\eMule
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\ChicStopBone
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\ANNABELLE\Application Data\ChicStopBone
2008-02-27 01:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Dart heck store upload
2008-02-26 22:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-26 19:17 --------- d-----w C:\Program Files\Eurobarre
2008-02-22 13:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Software rule flag owns
2008-02-14 17:38 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\Canon
2008-02-06 11:49 --------- d-----w C:\Program Files\EA SPORTS
2008-01-28 15:01 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\Autodesk
2008-01-25 06:33 46,300 ----a-w C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:39 --------- d-----w C:\Program Files\Fichiers communs\element5 Shared
2008-01-08 13:58 --------- d-----w D:\Documents and Settings\THEOPHILE\Application Data\LimeWire
2008-01-07 22:08 --------- d-----w D:\Documents and Settings\COEUR OLIVIER\Application Data\ArcSoft
2008-01-07 22:08 --------- d-----w D:\Documents and Settings\All Users\Application Data\element5
2007-12-31 17:36 2,724,328 ----a-w C:\WINDOWS\ccsetup203.exe
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 20:35 812,344 ----a-w C:\WINDOWS\HJTInstall.exe
2007-12-18 19:44 7,251,821 ----a-w C:\WINDOWS\StoikVideoConverter20.zip
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-04 06:04 374 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb6334.dat
2007-10-03 21:56 555 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb8467.dat
2007-10-03 21:56 18,432 ----a-w D:\Documents and Settings\ANNABELLE\Application Data\internaldb41.dat
2007-09-24 15:54 5,632 -csha-w C:\Program Files\Thumbs.db
2007-07-31 11:21 4,771 ----a-w D:\Documents and Settings\ANNABELLE\nzizra.exe
2007-07-31 01:51 81,920 ----a-w D:\Documents and Settings\COEUR OLIVIER\biyfpc.exe
2007-07-30 11:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\dmekas.exe
2007-07-30 11:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ivchdd.exe
2007-07-30 11:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\juqkgu.exe
2007-07-30 11:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\twutzd.exe
2007-07-30 11:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\zwumyl.exe
2007-07-30 11:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\kdxzox.exe
2007-07-30 10:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\abcqgw.exe
2007-07-30 10:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\nrktuz.exe
2007-07-30 10:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\jeehts.exe
2007-07-30 10:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ebenxg.exe
2007-07-30 10:43 2,821 ----a-w D:\Documents and Settings\ANNABELLE\bjndnx.exe
2007-07-30 10:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\uwfzej.exe
2007-07-30 10:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\uzhzvf.exe
2007-07-30 10:29 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\uyjvsc.exe
2007-07-30 10:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\qlqnzt.exe
2007-07-30 10:23 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ohhzuc.exe
2007-07-30 10:22 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\tiqtlh.exe
2007-07-30 10:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\qjhtbs.exe
2007-07-30 10:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mrvkch.exe
2007-07-30 10:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\cfxtpw.exe
2007-07-30 10:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ftcyyc.exe
2007-07-30 10:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\kkdksw.exe
2007-07-30 10:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\iqbzzj.exe
2007-07-30 09:56 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\lzfxcn.exe
2007-07-30 09:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\wtjouw.exe
2007-07-30 09:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\maokyc.exe
2007-07-30 09:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\wkbwgl.exe
2007-07-30 09:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\eqiavl.exe
2007-07-30 09:42 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xmxvda.exe
2007-07-30 09:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\dtyuoi.exe
2007-07-30 09:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\aqvwku.exe
2007-07-30 09:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\gbgskm.exe
2007-07-30 09:22 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\exxvgv.exe
2007-07-30 09:22 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xwyvzp.exe
2007-07-30 09:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\swlmvq.exe
2007-07-30 09:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\ksbylf.exe
2007-07-30 09:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\nttfhq.exe
2007-07-30 09:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\guabll.exe
2007-07-30 09:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mwkyin.exe
2007-07-30 08:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\fqqnuo.exe
2007-07-30 08:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\vpuizs.exe
2007-07-30 08:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\kbqqxy.exe
2007-07-30 08:43 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ffrwug.exe
2007-07-30 08:42 2,821 ----a-w D:\Documents and Settings\ANNABELLE\tovbsm.exe
2007-07-30 08:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\waicwp.exe
2007-07-30 08:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mmqxau.exe
2007-07-30 08:29 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\klrytn.exe
2007-07-30 08:29 2,821 ----a-w D:\Documents and Settings\ANNABELLE\xuovcn.exe
2007-07-30 08:22 2,821 ----a-w D:\Documents and Settings\ANNABELLE\snlblj.exe
2007-07-30 08:16 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\nykniz.exe
2007-07-30 08:16 2,821 ----a-w D:\Documents and Settings\ANNABELLE\qmoakw.exe
2007-07-30 08:09 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\rxcxsp.exe
2007-07-30 08:09 2,821 ----a-w D:\Documents and Settings\ANNABELLE\mqwonk.exe
2007-07-30 08:03 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\ubpvzp.exe
2007-07-30 08:02 2,821 ----a-w D:\Documents and Settings\ANNABELLE\flgxto.exe
2007-07-30 07:56 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\shpeqw.exe
2007-07-30 07:56 2,821 ----a-w D:\Documents and Settings\ANNABELLE\nnvboz.exe
2007-07-30 07:49 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\olqkow.exe
2007-07-30 07:49 2,821 ----a-w D:\Documents and Settings\ANNABELLE\vtbfcz.exe
2007-07-30 07:43 2,821 ----a-w D:\Documents and Settings\ANNABELLE\btlwit.exe
2007-07-30 07:42 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\bparfp.exe
2007-07-30 07:36 2,821 ----a-w D:\Documents and Settings\COEUR OLIVIER\fmysdj.exe
2007-07-30 07:36 2,821 ----a-w D:\Documents and Settings\ANNABELLE\iaceno.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"manager dupe"="D:\DOCUME~1\COEURO~1\APPLIC~1\CHICST~1\ObjLogoDebug.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 18:18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 20:43 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 15:37 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-16 06:31 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 08:30 729088]
"{5E-E6-67-78-ZN}"="C:\windows\system32\kqdsrngm.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-26 23:28 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-26 23:28 219136]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"= C:\WINDOWS\svchost.exe

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
--a------ 2007-05-15 12:53 2434492 C:\Program Files\Winsos\WINSOS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 N10;iriver Internet Audio Player N10;C:\WINDOWS\system32\drivers\N10.sys [2004-03-29 17:28]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-09-20 06:26]
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 17:14]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\851EE20795C5BC97.job"
- d:\docume~1\theoph~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\A6186F37918BE51B.job"
- d:\docume~1\coeuro~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2008-02-26 22:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 17:00:00 C:\WINDOWS\Tasks\B8B546BA98F2F09E.job"
- d:\docume~1\annabe~1\applic~1\chicst~1\HELPPEAKFORD.exe
"2005-12-09 21:04:09 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 18:52:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-03-05 18:52:30
ComboFix-quarantined-files.txt 2008-03-05 17:52:22
ComboFix2.txt 2008-03-05 17:45:03
.
2008-02-27 02:01:09 --- E O F ---

Merci de votre compréhention
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Ouaou!!!!!!!!!

/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.

▶ Copie le texte ci-dessous :

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"manager dupe"=-

File::
D:\Documents and Settings\ANNABELLE\nzizra.exe
D:\Documents and Settings\COEUR OLIVIER\biyfpc.exe
D:\Documents and Settings\COEUR OLIVIER\dmekas.exe
D:\Documents and Settings\ANNABELLE\ivchdd.exe
D:\Documents and Settings\COEUR OLIVIER\juqkgu.exe
D:\Documents and Settings\ANNABELLE\twutzd.exe
D:\Documents and Settings\COEUR OLIVIER\zwumyl.exe
D:\Documents and Settings\ANNABELLE\kdxzox.exe
D:\Documents and Settings\ANNABELLE\abcqgw.exe
D:\Documents and Settings\COEUR OLIVIER\nrktuz.exe
D:\Documents and Settings\ANNABELLE\jeehts.exe
D:\Documents and Settings\COEUR OLIVIER\ebenxg.exe
D:\Documents and Settings\ANNABELLE\bjndnx.exe
D:\Documents and Settings\COEUR OLIVIER\uwfzej.exe
D:\Documents and Settings\ANNABELLE\uzhzvf.exe
D:\Documents and Settings\COEUR OLIVIER\uyjvsc.exe
D:\Documents and Settings\ANNABELLE\qlqnzt.exe
D:\Documents and Settings\ANNABELLE\ohhzuc.exe
D:\Documents and Settings\COEUR OLIVIER\tiqtlh.exe
D:\Documents and Settings\COEUR OLIVIER\qjhtbs.exe
D:\Documents and Settings\ANNABELLE\mrvkch.exe
D:\Documents and Settings\COEUR OLIVIER\cfxtpw.exe
D:\Documents and Settings\ANNABELLE\ftcyyc.exe
D:\Documents and Settings\COEUR OLIVIER\kkdksw.exe
D:\Documents and Settings\ANNABELLE\iqbzzj.exe
D:\Documents and Settings\COEUR OLIVIER\lzfxcn.exe
D:\Documents and Settings\ANNABELLE\wtjouw.exe
D:\Documents and Settings\COEUR OLIVIER\maokyc.exe
D:\Documents and Settings\ANNABELLE\wkbwgl.exe
D:\Documents and Settings\COEUR OLIVIER\eqiavl.exe
D:\Documents and Settings\ANNABELLE\xmxvda.exe
D:\Documents and Settings\COEUR OLIVIER\dtyuoi.exe
D:\Documents and Settings\ANNABELLE\aqvwku.exe
D:\Documents and Settings\ANNABELLE\gbgskm.exe
D:\Documents and Settings\COEUR OLIVIER\exxvgv.exe
D:\Documents and Settings\ANNABELLE\xwyvzp.exe
D:\Documents and Settings\COEUR OLIVIER\swlmvq.exe
D:\Documents and Settings\ANNABELLE\ksbylf.exe
D:\Documents and Settings\ANNABELLE\nttfhq.exe
D:\Documents and Settings\COEUR OLIVIER\guabll.exe
D:\Documents and Settings\ANNABELLE\mwkyin.exe
D:\Documents and Settings\ANNABELLE\fqqnuo.exe
D:\Documents and Settings\COEUR OLIVIER\vpuizs.exe
D:\Documents and Settings\ANNABELLE\kbqqxy.exe
D:\Documents and Settings\COEUR OLIVIER\ffrwug.exe
D:\Documents and Settings\ANNABELLE\tovbsm.exe
D:\Documents and Settings\COEUR OLIVIER\waicwp.exe
D:\Documents and Settings\ANNABELLE\mmqxau.exe
D:\Documents and Settings\COEUR OLIVIER\klrytn.exe
D:\Documents and Settings\ANNABELLE\xuovcn.exe
D:\Documents and Settings\ANNABELLE\snlblj.exe
D:\Documents and Settings\COEUR OLIVIER\nykniz.exe
D:\Documents and Settings\ANNABELLE\qmoakw.exe
D:\Documents and Settings\COEUR OLIVIER\rxcxsp.exe
D:\Documents and Settings\ANNABELLE\mqwonk.exe
D:\Documents and Settings\COEUR OLIVIER\ubpvzp.exe
D:\Documents and Settings\ANNABELLE\flgxto.exe
D:\Documents and Settings\COEUR OLIVIER\shpeqw.exe
D:\Documents and Settings\ANNABELLE\nnvboz.exe
D:\Documents and Settings\COEUR OLIVIER\olqkow.exe
D:\Documents and Settings\ANNABELLE\vtbfcz.exe
D:\Documents and Settings\ANNABELLE\btlwit.exe
D:\Documents and Settings\COEUR OLIVIER\bparfp.exe
D:\Documents and Settings\COEUR OLIVIER\fmysdj.exe
D:\Documents and Settings\ANNABELLE\iaceno.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\Tasks\851EE20795C5BC97.job
d:\docume~1\theoph~1\applic~1\chicst~1\HELPPEAKFORD.exe
C:\WINDOWS\Tasks\A6186F37918BE51B.job
d:\docume~1\coeuro~1\applic~1\chicst~1\HELPPEAKFORD.exe
C:\WINDOWS\Tasks\B8B546BA98F2F09E.job"
d:\docume~1\annabe~1\applic~1\chicst~1\HELPPEAKFORD.exe

Folder::
D:\Documents and Settings\THEOPHILE\Application Data\ChicStopBone
D:\Documents and Settings\ANNABELLE\Application Data\ChicStopBone
D:\Documents and Settings\All Users\Application Data\Dart heck store upload
D:\Documents and Settings\All Users\Application Data\Software rule flag owns
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowserAdvisor
C:\Program Files\ChicStopBone


▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

▶ Sauvegarde ce fichier sous le nom de CFScript.txt

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

-> Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé /!\

▶ Après redémarrage, poste le contenu du rapport Combofix.txt

=================

Repasse LopSD option 2 stp

=================

Télécharge AD-Remover ( de C_XX ) sur ton bureau

! Déconnecte toi et ferme toutes applications en cours !

▶ Double clique sur "AD-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ Double-clique sur le raccourci AD-Remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ! .

→ Poste le rapport qui apparait à la fin sur le forum.

Notes:

1- Le rapport est sauvegardé aussi sous C:\Ad-report-clean.log
2- "Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Bonjour.

Quand Combofix fais la nouvelle analyse après ce que vous m'avez dit de faire, un écran bleu apparaît je ne peux pas avoir le résultat :s

J'ai fais l'analyse de Lop SD voici le rapport :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
USER : THEOPHILE ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100120-0] 4.8.1368 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:2 Go)
D:\ (Local Disk) - NTFS - Total:150 Go (Free:25 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 20/01/2010|14:11 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[12/11/2009|18:22] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/10/2005|06:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[02/07/2007|12:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[02/07/2007|11:52] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/11/2007|16:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[16/01/2009|12:31] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[31/01/2009|22:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[02/12/2008|15:13] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[20/09/2007|06:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[15/04/2006|13:27] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[20/12/2005|19:20] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[27/02/2008|02:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Dart heck store upload
[07/01/2008|23:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
[06/02/2009|14:16] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/01/2009|12:29] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[12/02/2009|18:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[18/03/2006|17:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/10/2007|18:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[22/10/2007|22:49] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[11/05/2009|19:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Micro Application
[01/07/2009|21:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/09/2008|17:37] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[10/12/2005|02:31] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[12/02/2009|18:28] D:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[16/10/2005|06:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/10/2005|15:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[15/04/2006|15:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[17/07/2009|18:35] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[14/02/2009|10:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[27/02/2008|20:50] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/04/2006|13:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[15/04/2006|13:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[08/02/2007|15:03] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/10/2005|06:33] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[10/08/2006|22:01] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[15/11/2009|20:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[01/03/2008|19:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[18/03/2008|11:46] D:\DOCUME~1\ANNABE~1\APPLIC~1\Adobe
[27/12/2008|18:27] D:\DOCUME~1\ANNABE~1\APPLIC~1\AdobeUM
[28/02/2006|15:56] D:\DOCUME~1\ANNABE~1\APPLIC~1\Ahead
[13/07/2007|17:03] D:\DOCUME~1\ANNABE~1\APPLIC~1\Apple Computer
[13/02/2007|14:17] D:\DOCUME~1\ANNABE~1\APPLIC~1\ArcSoft
[04/12/2007|14:08] D:\DOCUME~1\ANNABE~1\APPLIC~1\Autodesk
[07/06/2009|09:13] D:\DOCUME~1\ANNABE~1\APPLIC~1\Canon
[29/01/2007|20:30] D:\DOCUME~1\ANNABE~1\APPLIC~1\CyberLink
[17/07/2008|18:29] D:\DOCUME~1\ANNABE~1\APPLIC~1\Dealio
[05/01/2010|19:51] D:\DOCUME~1\ANNABE~1\APPLIC~1\DivX
[31/10/2006|10:09] D:\DOCUME~1\ANNABE~1\APPLIC~1\Google
[02/03/2008|12:06] D:\DOCUME~1\ANNABE~1\APPLIC~1\Grisoft
[16/10/2005|15:08] D:\DOCUME~1\ANNABE~1\APPLIC~1\Identities
[17/04/2006|13:46] D:\DOCUME~1\ANNABE~1\APPLIC~1\Jasc Software Inc
[13/03/2006|09:48] D:\DOCUME~1\ANNABE~1\APPLIC~1\Leadertech
[11/12/2005|15:15] D:\DOCUME~1\ANNABE~1\APPLIC~1\Macromedia
[16/01/2009|12:28] D:\DOCUME~1\ANNABE~1\APPLIC~1\Microsoft
[27/08/2008|11:09] D:\DOCUME~1\ANNABE~1\APPLIC~1\Mozilla
[19/12/2005|18:26] D:\DOCUME~1\ANNABE~1\APPLIC~1\OD2
[30/11/2009|10:51] D:\DOCUME~1\ANNABE~1\APPLIC~1\PC Suite
[13/01/2006|16:30] D:\DOCUME~1\ANNABE~1\APPLIC~1\Real
[18/01/2010|19:11] D:\DOCUME~1\ANNABE~1\APPLIC~1\Search Settings
[13/03/2006|09:48] D:\DOCUME~1\ANNABE~1\APPLIC~1\Sonic
[29/05/2008|17:12] D:\DOCUME~1\ANNABE~1\APPLIC~1\STOIK
[25/01/2006|20:31] D:\DOCUME~1\ANNABE~1\APPLIC~1\Sun
[14/02/2007|13:50] D:\DOCUME~1\ANNABE~1\APPLIC~1\Symantec
[04/01/2006|16:40] D:\DOCUME~1\ANNABE~1\APPLIC~1\Ulead Systems
[23/01/2006|09:01] D:\DOCUME~1\ANNABE~1\APPLIC~1\WholeSecurity
[16/10/2005|06:26] D:\DOCUME~1\ANNABE~1\APPLIC~1\You've Got Pictures Screensaver
[15/07/2007|20:57] D:\DOCUME~1\ANNABE~1\APPLIC~1\ZangoToolbar

[02/07/2007|11:52] D:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
[14/07/2009|10:38] D:\DOCUME~1\CHRIST~1\APPLIC~1\DivX
[08/01/2007|10:56] D:\DOCUME~1\CHRIST~1\APPLIC~1\Google
[03/03/2008|20:00] D:\DOCUME~1\CHRIST~1\APPLIC~1\Grisoft
[16/10/2005|15:08] D:\DOCUME~1\CHRIST~1\APPLIC~1\Identities
[07/02/2006|15:13] D:\DOCUME~1\CHRIST~1\APPLIC~1\Macromedia
[16/01/2009|12:28] D:\DOCUME~1\CHRIST~1\APPLIC~1\Microsoft
[29/05/2009|15:54] D:\DOCUME~1\CHRIST~1\APPLIC~1\Mozilla
[03/07/2007|17:52] D:\DOCUME~1\CHRIST~1\APPLIC~1\OD2
[16/10/2005|06:31] D:\DOCUME~1\CHRIST~1\APPLIC~1\Real
[02/07/2007|10:46] D:\DOCUME~1\CHRIST~1\APPLIC~1\Sun
[16/10/2005|06:28] D:\DOCUME~1\CHRIST~1\APPLIC~1\Symantec
[07/02/2006|15:12] D:\DOCUME~1\CHRIST~1\APPLIC~1\WholeSecurity
[16/10/2005|06:26] D:\DOCUME~1\CHRIST~1\APPLIC~1\You've Got Pictures Screensaver
[06/06/2007|18:56] D:\DOCUME~1\CHRIST~1\APPLIC~1\ZangoToolbar

[12/11/2009|18:21] D:\DOCUME~1\COEURO~1\APPLIC~1\Adobe
[02/08/2007|21:39] D:\DOCUME~1\COEURO~1\APPLIC~1\AdobeUM
[14/12/2005|22:02] D:\DOCUME~1\COEURO~1\APPLIC~1\Ahead
[15/01/2010|18:04] D:\DOCUME~1\COEURO~1\APPLIC~1\Apple Computer
[07/01/2008|23:08] D:\DOCUME~1\COEURO~1\APPLIC~1\ArcSoft
[31/01/2009|22:47] D:\DOCUME~1\COEURO~1\APPLIC~1\AVS4YOU
[01/02/2009|17:19] D:\DOCUME~1\COEURO~1\APPLIC~1\Azureus
[07/06/2009|09:21] D:\DOCUME~1\COEURO~1\APPLIC~1\Canon
[12/11/2009|18:22] D:\DOCUME~1\COEURO~1\APPLIC~1\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1
[16/02/2006|21:33] D:\DOCUME~1\COEURO~1\APPLIC~1\Creative
[10/12/2005|21:23] D:\DOCUME~1\COEURO~1\APPLIC~1\CyberLink
[16/07/2008|23:52] D:\DOCUME~1\COEURO~1\APPLIC~1\Dealio
[01/02/2009|12:18] D:\DOCUME~1\COEURO~1\APPLIC~1\DivX
[01/11/2006|11:10] D:\DOCUME~1\COEURO~1\APPLIC~1\Google
[03/03/2008|20:06] D:\DOCUME~1\COEURO~1\APPLIC~1\Grisoft
[09/12/2005|23:38] D:\DOCUME~1\COEURO~1\APPLIC~1\Help
[16/10/2005|15:08] D:\DOCUME~1\COEURO~1\APPLIC~1\Identities
[18/03/2006|17:16] D:\DOCUME~1\COEURO~1\APPLIC~1\Jasc Software Inc
[22/09/2006|18:57] D:\DOCUME~1\COEURO~1\APPLIC~1\Leadertech
[09/12/2005|23:39] D:\DOCUME~1\COEURO~1\APPLIC~1\Macromedia
[04/12/2009|11:06] D:\DOCUME~1\COEURO~1\APPLIC~1\Microsoft
[29/08/2008|22:18] D:\DOCUME~1\COEURO~1\APPLIC~1\Mozilla
[12/02/2009|18:28] D:\DOCUME~1\COEURO~1\APPLIC~1\Nokia
[19/05/2006|20:08] D:\DOCUME~1\COEURO~1\APPLIC~1\Norman
[09/12/2005|23:18] D:\DOCUME~1\COEURO~1\APPLIC~1\OD2
[12/02/2009|18:28] D:\DOCUME~1\COEURO~1\APPLIC~1\PC Suite
[16/10/2005|06:31] D:\DOCUME~1\COEURO~1\APPLIC~1\Real
[15/04/2006|13:15] D:\DOCUME~1\COEURO~1\APPLIC~1\ScanSoft
[19/01/2010|15:23] D:\DOCUME~1\COEURO~1\APPLIC~1\Search Settings
[09/12/2005|23:09] D:\DOCUME~1\COEURO~1\APPLIC~1\Skype
[22/09/2006|18:59] D:\DOCUME~1\COEURO~1\APPLIC~1\Sonic
[18/12/2007|20:47] D:\DOCUME~1\COEURO~1\APPLIC~1\STOIK
[07/03/2006|17:22] D:\DOCUME~1\COEURO~1\APPLIC~1\Sun
[10/12/2005|01:56] D:\DOCUME~1\COEURO~1\APPLIC~1\Symantec
[08/05/2006|11:49] D:\DOCUME~1\COEURO~1\APPLIC~1\Ulead Systems
[01/04/2006|18:31] D:\DOCUME~1\COEURO~1\APPLIC~1\WholeSecurity
[16/10/2005|06:26] D:\DOCUME~1\COEURO~1\APPLIC~1\You've Got Pictures Screensaver
[09/06/2007|22:06] D:\DOCUME~1\COEURO~1\APPLIC~1\ZangoToolbar

[16/10/2005|15:08] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[12/11/2009|18:22] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[16/10/2005|06:43] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[16/10/2005|06:31] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[16/10/2005|06:28] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[16/10/2005|06:26] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver


[19/03/2006|01:25] D:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[16/10/2005|15:08] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[29/10/2007|19:55] D:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

[22/11/2009|20:18] D:\DOCUME~1\LOCALS~1.000\APPLIC~1\Microsoft

[26/02/2008|22:42] D:\DOCUME~1\LOCALS~1.001\APPLIC~1\Microsoft

[11/07/2007|23:01] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[16/10/2005|06:43] D:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

[29/10/2007|19:55] D:\DOCUME~1\NETWOR~1.000\APPLIC~1\Microsoft

[16/01/2009|12:28] D:\DOCUME~1\NETWOR~1.001\APPLIC~1\Microsoft

[26/02/2008|22:42] D:\DOCUME~1\NETWOR~1.002\APPLIC~1\Microsoft

[10/12/2005|01:13] D:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

[12/11/2009|18:50] D:\DOCUME~1\THEOPH~1\APPLIC~1\Adobe
[06/06/2009|21:22] D:\DOCUME~1\THEOPH~1\APPLIC~1\AdobeUM
[10/03/2009|20:21] D:\DOCUME~1\THEOPH~1\APPLIC~1\Ahead
[19/05/2009|18:21] D:\DOCUME~1\THEOPH~1\APPLIC~1\Apple Computer
[08/04/2009|10:55] D:\DOCUME~1\THEOPH~1\APPLIC~1\Azureus
[07/06/2009|09:02] D:\DOCUME~1\THEOPH~1\APPLIC~1\Canon
[31/03/2009|18:10] D:\DOCUME~1\THEOPH~1\APPLIC~1\Dealio
[19/06/2009|22:25] D:\DOCUME~1\THEOPH~1\APPLIC~1\DivX
[21/10/2009|19:30] D:\DOCUME~1\THEOPH~1\APPLIC~1\FreeVideoConverter
[31/03/2009|18:10] D:\DOCUME~1\THEOPH~1\APPLIC~1\Google
[25/02/2009|15:50] D:\DOCUME~1\THEOPH~1\APPLIC~1\LimeWire
[25/02/2009|20:48] D:\DOCUME~1\THEOPH~1\APPLIC~1\Macromedia
[10/11/2009|20:04] D:\DOCUME~1\THEOPH~1\APPLIC~1\Microsoft
[08/04/2009|16:02] D:\DOCUME~1\THEOPH~1\APPLIC~1\Mozilla
[10/11/2009|20:07] D:\DOCUME~1\THEOPH~1\APPLIC~1\PC Suite
[10/01/2010|16:54] D:\DOCUME~1\THEOPH~1\APPLIC~1\Real
[10/11/2009|20:03] D:\DOCUME~1\THEOPH~1\APPLIC~1\Samsung
[15/07/2008|22:19] D:\DOCUME~1\THEOPH~1\APPLIC~1\Search Settings
[21/10/2009|19:24] D:\DOCUME~1\THEOPH~1\APPLIC~1\STOIK
[09/03/2009|19:49] D:\DOCUME~1\THEOPH~1\APPLIC~1\Sun
[18/01/2010|20:56] D:\DOCUME~1\THEOPH~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/01/2010 15:02][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[20/01/2010 14:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[16/07/2009|19:34] C:\Program Files\3D Billiards
[16/10/2005|06:25] C:\Program Files\Adobe
[14/12/2005|22:01] C:\Program Files\Ahead
[26/02/2008|20:52] C:\Program Files\Alwil Software
[16/10/2005|06:26] C:\Program Files\AOL 9.0
[16/10/2005|06:26] C:\Program Files\AOL Compagnon
[15/07/2008|17:59] C:\Program Files\Apple Software Update
[31/01/2009|23:01] C:\Program Files\AVS4YOU
[15/04/2006|11:49] C:\Program Files\Canon
[31/12/2007|18:37] C:\Program Files\CCleaner
[21/04/2006|13:21] C:\Program Files\Common Files
[16/02/2006|21:42] C:\Program Files\Creative
[16/10/2005|06:35] C:\Program Files\CyberLink
[10/11/2009|20:03] C:\Program Files\DIFX
[14/01/2010|20:04] C:\Program Files\DivX
[01/04/2006|19:41] C:\Program Files\eBay
[15/01/2010|23:02] C:\Program Files\eMule
[19/01/2010|20:30] C:\Program Files\Fichiers communs
[15/01/2010|18:36] C:\Program Files\Free Video Converter
[16/10/2005|06:31] C:\Program Files\GMixon
[06/02/2009|14:21] C:\Program Files\Google
[05/05/2007|19:50] C:\Program Files\Google Video
[05/03/2008|11:28] C:\Program Files\Grisoft
[10/07/2008|12:28] C:\Program Files\Icone
[16/01/2009|12:54] C:\Program Files\Incomplete
[12/11/2009|20:04] C:\Program Files\InstallShield Installation Information
[14/01/2010|19:35] C:\Program Files\Internet Explorer
[15/07/2008|18:01] C:\Program Files\iPod
[10/12/2005|02:18] C:\Program Files\iriver
[15/07/2008|18:01] C:\Program Files\iTunes
[18/03/2006|17:16] C:\Program Files\Jasc Software Inc
[17/11/2009|20:38] C:\Program Files\Java
[31/01/2009|23:36] C:\Program Files\JOOG
[23/10/2007|22:33] C:\Program Files\Kodak
[23/10/2007|19:54] C:\Program Files\Lavasoft
[16/10/2005|06:26] C:\Program Files\Learn2.com
[10/07/2008|12:28] C:\Program Files\LETMIN
[28/08/2008|18:29] C:\Program Files\LimeWire
[10/11/2009|20:02] C:\Program Files\MarkAny
[14/02/2009|12:00] C:\Program Files\Messenger
[28/06/2009|22:33] C:\Program Files\Microsoft
[27/02/2008|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[12/12/2005|19:52] C:\Program Files\microsoft frontpage
[10/09/2008|17:37] C:\Program Files\Microsoft Office
[12/10/2006|21:45] C:\Program Files\Microsoft Référence
[13/11/2009|19:36] C:\Program Files\Microsoft Silverlight
[25/11/2009|13:13] C:\Program Files\Microsoft SQL Server Compact Edition
[24/09/2006|07:45] C:\Program Files\Microsoft.NET
[22/11/2006|14:59] C:\Program Files\Models
[14/02/2009|11:58] C:\Program Files\Movie Maker
[20/01/2010|12:40] C:\Program Files\Mozilla Firefox
[12/05/2009|11:50] C:\Program Files\MSBuild
[05/10/2008|16:52] C:\Program Files\msn
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[19/11/2006|03:01] C:\Program Files\MSXML 4.0
[15/07/2009|19:14] C:\Program Files\Navilog1
[16/10/2009|20:58] C:\Program Files\Nego
[14/02/2009|11:57] C:\Program Files\NetMeeting
[12/02/2009|18:39] C:\Program Files\Nokia
[29/10/2007|20:02] C:\Program Files\Norman
[15/01/2010|21:13] C:\Program Files\Objective Tarot
[16/12/2007|20:44] C:\Program Files\OLYMPUS
[16/08/2004|17:03] C:\Program Files\Online Services
[13/08/2009|02:02] C:\Program Files\Outlook Express
[20/05/2006|17:55] C:\Program Files\Packard Bell
[30/07/2007|12:44] C:\Program Files\PartyGaming
[10/11/2009|20:02] C:\Program Files\PC Connectivity Solution
[03/09/2008|16:59] C:\Program Files\PhotoFiltre
[15/01/2010|19:08] C:\Program Files\Program
[15/07/2008|18:00] C:\Program Files\QuickTime
[16/10/2005|06:26] C:\Program Files\Real
[12/05/2009|11:50] C:\Program Files\Reference Assemblies
[17/01/2010|00:27] C:\Program Files\RegCleaner
[22/11/2006|14:59] C:\Program Files\Resources
[31/01/2009|23:36] C:\Program Files\RM-X® Video Converter 2
[12/11/2009|20:04] C:\Program Files\Samsung
[15/04/2006|13:15] C:\Program Files\ScanSoft
[04/11/2007|19:54] C:\Program Files\Serif
[16/08/2004|17:07] C:\Program Files\Services en ligne
[16/10/2005|06:36] C:\Program Files\Sonic
[18/12/2007|20:46] C:\Program Files\STOIK Imaging
[20/11/2007|16:00] C:\Program Files\SuperCopier2
[12/04/2007|09:54] C:\Program Files\Toox
[18/12/2007|21:35] C:\Program Files\Trend Micro
[20/11/2007|16:06] C:\Program Files\Turbo Cut File
[16/10/2005|06:34] C:\Program Files\Ulead Systems
[16/08/2004|17:19] C:\Program Files\Uninstall Information
[10/12/2005|17:38] C:\Program Files\Wanadoo
[15/09/2007|20:59] C:\Program Files\Wanadoo Edition
[12/11/2009|18:22] C:\Program Files\widget_programmes
[25/11/2009|13:14] C:\Program Files\Windows Live
[28/06/2009|22:33] C:\Program Files\Windows Live SkyDrive
[16/10/2005|06:34] C:\Program Files\Windows Media Components
[14/02/2009|11:57] C:\Program Files\Windows Media Player
[14/02/2009|11:57] C:\Program Files\Windows NT
[16/08/2004|17:07] C:\Program Files\WindowsUpdate
[31/01/2006|14:05] C:\Program Files\WinRAR
[30/10/2007|18:43] C:\Program Files\Winsos
[15/11/2009|20:34] C:\Program Files\WinZip
[16/08/2004|17:11] C:\Program Files\xerox
[10/12/2005|00:38] C:\Program Files\XviD
[16/01/2010|20:11] C:\Program Files\ZHPDiag

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/08/2007|21:40] C:\Program Files\Fichiers communs\Adobe
[12/11/2009|18:22] C:\Program Files\Fichiers communs\Adobe AIR
[14/12/2005|22:01] C:\Program Files\Fichiers communs\Ahead
[16/10/2005|06:26] C:\Program Files\Fichiers communs\AOL
[16/10/2005|06:26] C:\Program Files\Fichiers communs\aolshare
[02/07/2007|12:11] C:\Program Files\Fichiers communs\Apple
[31/01/2009|23:01] C:\Program Files\Fichiers communs\AVSMedia
[20/09/2007|06:26] C:\Program Files\Fichiers communs\BOONTY Shared
[22/11/2006|14:59] C:\Program Files\Fichiers communs\Borland Shared
[24/09/2006|07:45] C:\Program Files\Fichiers communs\DESIGNER
[09/01/2008|19:39] C:\Program Files\Fichiers communs\element5 Shared
[10/12/2005|01:50] C:\Program Files\Fichiers communs\InstallShield
[18/03/2006|17:17] C:\Program Files\Fichiers communs\Jasc Software Inc
[16/10/2005|06:18] C:\Program Files\Fichiers communs\Java
[28/06/2009|22:33] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[16/12/2007|20:46] C:\Program Files\Fichiers communs\muvee Technologies
[16/10/2005|06:26] C:\Program Files\Fichiers communs\Nullsoft
[16/08/2004|16:57] C:\Program Files\Fichiers communs\ODBC
[16/10/2005|06:31] C:\Program Files\Fichiers communs\Real
[17/06/2008|20:39] C:\Program Files\Fichiers communs\ScanSoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
[16/10/2005|06:35] C:\Program Files\Fichiers communs\Sonic Shared
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[17/01/2010|00:29] C:\Program Files\Fichiers communs\SureThing Shared
[26/02/2008|23:09] C:\Program Files\Fichiers communs\Symantec Shared
[14/02/2009|11:57] C:\Program Files\Fichiers communs\System
[16/10/2005|06:34] C:\Program Files\Fichiers communs\Ulead Systems
[28/06/2009|22:22] C:\Program Files\Fichiers communs\Windows Live
[16/08/2008|22:06] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/10/2005|06:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 14:13:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
folder error: D:\DOCUME~1\THEOPH~1\LOCALS~1\APPLIC~1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

D:\DOCUME~1\THEOPH~1\Mes documents\Inventor 6.0\crack
D:\DOCUME~1\THEOPH~1\Mes documents\Inventor 6.0\crack\Patch serveur
D:\DOCUME~1\THEOPH~1\Mes documents\Inventor 6.0\crack\Patch serveur\licpath.lic.txt
D:\DOCUME~1\THEOPH~1\Mes documents\Inventor 6.0\crack\Patch serveur\mode_d_emploi.txt
D:\DOCUME~1\THEOPH~1\Mes documents\Ma musique\16-alpha_5.20-mon_crack_feat_iron_sy_and_lino.mp3
D:\DOCUME~1\THEOPH~1\Mes documents\Ma musique\alpha_5.20-crack_saison_BY_HARDCORE.mp3
D:\DOCUME~1\THEOPH~1\Mes documents\Telechargement VUZE\FOOTBALL MANAGER 2009\CRACK
D:\DOCUME~1\THEOPH~1\Mes documents\Telechargement VUZE\FOOTBALL MANAGER 2009\CRACK\fm2009-crack&patch.rar
D:\DOCUME~1\THEOPH~1\Mes documents\Telechargement VUZE\FOOTBALL_MANAGER_2009-TL\CRACK
D:\DOCUME~1\THEOPH~1\Mes documents\Telechargement VUZE\FOOTBALL_MANAGER_2009-TL\CRACK\fm2009-crack&patch.rar
D:\DOCUME~1\THEOPH~1\Recent\steam hack crack password account compte mot de passe ( Hl2 - Half-life - CS source - CS - Counter-strike - DOD - Day of defeat).txt.lnk
D:\DOCUME~1\THEOPH~1\Shared\autodesk inventor crack.zip


[F:26][D:208]-> D:\DOCUME~1\THEOPH~1\LOCALS~1\Temp
[F:90][D:0]-> D:\DOCUME~1\THEOPH~1\Cookies
[F:23][D:20]-> D:\DOCUME~1\THEOPH~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/01/2010|12:49 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 20/01/2010|14:14 - Option : [2]

--------------------\\ Fin du rapport a 14:14:33
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Re.

Et voici le rapport Ad Remover :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19.01.2010 à 21:16
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:04:25, 20/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: OLIVIER | Utilisateur actuel: THEOPHILE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: hbb3l9pw.default (THEOPHILE)
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE
(THEOPH~1, prefs.js) Extensions.enabledItems, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE\Mes documents\Mes images\Théo
(THEOPH~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
.
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
Use Search Asst: no
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6704 Octet(s) - C:\Ad-Report-CLEAN[1].log
2289 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
26 Fichier(s) - D:\DOCUME~1\THEOPH~1\LOCALS~1\Temp
13 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Ad-Remover\BACKUP
923 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 18:09:46 | 20/01/2010 - CLEAN[2]
.
============== E.O.F ==============
.
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Salut

Pour Combofix, essaye en mode sans échec stp
Pour AD-Remover, colle moi le bon rapport: 6704 Octet(s) - C:\Ad-Report-CLEAN[1].log
tu m'a collé l'autre toi: 2289 Octet(s) - C:\Ad-Report-CLEAN[2].log
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

RE.

Je vais faire l'analyse de Combofix en mode sans echec je vous envoi le rapport dans un instant ;)

Désolé pour le rapport de Ad-Remover voici le rapport 1 :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19.01.2010 à 21:16
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:20:36, 20/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: OLIVIER | Utilisateur actuel: THEOPHILE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\WINDOWS\System32\WhoisCL.exe
C:\WINDOWS\Eurobarre
D:\DOCUME~1\THEOPH~1\MENUDM~1\PROGRA~1\Eurobarre
C:\Program Files\LETMIN
C:\Program Files\PartyGaming
D:\DOCUME~1\THEOPH~1\APPLIC~1\Dealio
D:\DOCUME~1\THEOPH~1\APPLIC~1\Search Settings
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\Windows\Installer\2106ffd.msi
C:\Windows\Installer\2107004.msi
D:\Documents and Settings\ANNABELLE\Menu D‚marrer\Programmes\Adssite Games Collection
D:\Documents and Settings\COEUR OLIVIER\Application Data\Dealio
D:\Documents and Settings\ANNABELLE\Application Data\Dealio
D:\Documents and Settings\COEUR OLIVIER\Application Data\Search Settings
D:\Documents and Settings\ANNABELLE\Application Data\Search Settings
D:\Documents and Settings\COEUR OLIVIER\Application Data\ZangoToolbar
D:\Documents and Settings\ANNABELLE\Application Data\ZangoToolbar
D:\Documents and Settings\Christine\Application Data\ZangoToolbar
D:\Documents and Settings\ANNABELLE\Bureau\Everest Poker.lnk

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\AskBarDis
HKCU\software\AskBarDis
HKCU\software\Dealio
HKCU\Software\Microsoft\BUR
HKCU\Software\Microsoft\HID_Layer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\software\PartyGaming
HKLM\software\AskBarDis
HKLM\Software\Classes\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D}
HKLM\software\classes\appid\Sidebar.DLL
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Classes\Interface\{1B8DF249-91E2-4179-A57A-F8A11F9ABB3C}
HKLM\Software\Classes\Interface\{49B68757-5EFE-4C09-A528-F481F70D7A4A}
HKLM\Software\Classes\Interface\{6FE1ECBE-6690-4728-B66A-45424A4F59DA}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0292226F570267D459357AF78015E534
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\03285961954D5824C85975D955031EE8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\323D2420527EA994FB326F15D333660E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\588DFA161592E9747948BFFE475476F4
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AC3985F4D64C2245A96D31569D1BF40
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\855847FA0E25FBA46B8516389DFDD4B3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9DC2844D0E3E8924C8973C3B3BAE1F58
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\AFEB575AA30ACB243B748619F62F0782
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B072F84D5AF1BB34C980E01F5689D864
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BB1E992117B1B0B42BD2CDAEB8E749C4
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DA6F069968D91A540A1363E997581959
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DBC7F2B5594E08A4C87EF4C22971C615
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F461B8DD96FF5AA41A52D14E1D7B69C7
HKLM\software\microsoft\windows\currentversion\uninstall\AdssiteSocial
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Viewpoint
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: hbb3l9pw.default (THEOPHILE)
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE
(THEOPH~1, prefs.js) Extensions.enabledItems, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE\Mes documents\Mes images\Théo
(THEOPH~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
.
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
Use Search Asst: no
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6361 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
26 Fichier(s) - D:\DOCUME~1\THEOPH~1\LOCALS~1\Temp
11 Fichier(s) - C:\WINDOWS\Temp
10 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
923 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 14:26:24 | 20/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Ok,

j'attends le rapport Combo ...
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Je suis en mode sans échec la et voila le rapport :

ComboFix 09-04-29.06 - THEOPHILE 20/01/2010 20:18:48.5 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.784 [GMT 1:00]
Lancé depuis: D:\Documents and Settings\THEOPHILE\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: D:\Documents and Settings\THEOPHILE\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100120-1] *On-access scanning enabled* (Updated)
.
- Mode FONCTIONNALITES REDUITES -

FILE ::
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\Tasks\851EE20795C5BC97.job
C:\WINDOWS\Tasks\A6186F37918BE51B.job
C:\WINDOWS\Tasks\B8B546BA98F2F09E.job"
d:\docume~1\annabe~1\applic~1\chicst~1\HELPPEAKFORD.exe
d:\docume~1\coeuro~1\applic~1\chicst~1\HELPPEAKFORD.exe
d:\docume~1\theoph~1\applic~1\chicst~1\HELPPEAKFORD.exe
D:\Documents and Settings\ANNABELLE\abcqgw.exe
D:\Documents and Settings\ANNABELLE\aqvwku.exe
D:\Documents and Settings\ANNABELLE\bjndnx.exe
D:\Documents and Settings\ANNABELLE\btlwit.exe
D:\Documents and Settings\ANNABELLE\flgxto.exe
D:\Documents and Settings\ANNABELLE\fqqnuo.exe
D:\Documents and Settings\ANNABELLE\ftcyyc.exe
D:\Documents and Settings\ANNABELLE\gbgskm.exe
D:\Documents and Settings\ANNABELLE\iaceno.exe
D:\Documents and Settings\ANNABELLE\iqbzzj.exe
D:\Documents and Settings\ANNABELLE\ivchdd.exe
D:\Documents and Settings\ANNABELLE\jeehts.exe
D:\Documents and Settings\ANNABELLE\kbqqxy.exe
D:\Documents and Settings\ANNABELLE\kdxzox.exe
D:\Documents and Settings\ANNABELLE\ksbylf.exe
D:\Documents and Settings\ANNABELLE\mmqxau.exe
D:\Documents and Settings\ANNABELLE\mqwonk.exe
D:\Documents and Settings\ANNABELLE\mrvkch.exe
D:\Documents and Settings\ANNABELLE\mwkyin.exe
D:\Documents and Settings\ANNABELLE\nnvboz.exe
D:\Documents and Settings\ANNABELLE\nttfhq.exe
D:\Documents and Settings\ANNABELLE\nzizra.exe
D:\Documents and Settings\ANNABELLE\ohhzuc.exe
D:\Documents and Settings\ANNABELLE\qlqnzt.exe
D:\Documents and Settings\ANNABELLE\qmoakw.exe
D:\Documents and Settings\ANNABELLE\snlblj.exe
D:\Documents and Settings\ANNABELLE\tovbsm.exe
D:\Documents and Settings\ANNABELLE\twutzd.exe
D:\Documents and Settings\ANNABELLE\uzhzvf.exe
D:\Documents and Settings\ANNABELLE\vtbfcz.exe
D:\Documents and Settings\ANNABELLE\wkbwgl.exe
D:\Documents and Settings\ANNABELLE\wtjouw.exe
D:\Documents and Settings\ANNABELLE\xmxvda.exe
D:\Documents and Settings\ANNABELLE\xuovcn.exe
D:\Documents and Settings\ANNABELLE\xwyvzp.exe
D:\Documents and Settings\COEUR OLIVIER\biyfpc.exe
D:\Documents and Settings\COEUR OLIVIER\bparfp.exe
D:\Documents and Settings\COEUR OLIVIER\cfxtpw.exe
D:\Documents and Settings\COEUR OLIVIER\dmekas.exe
D:\Documents and Settings\COEUR OLIVIER\dtyuoi.exe
D:\Documents and Settings\COEUR OLIVIER\ebenxg.exe
D:\Documents and Settings\COEUR OLIVIER\eqiavl.exe
D:\Documents and Settings\COEUR OLIVIER\exxvgv.exe
D:\Documents and Settings\COEUR OLIVIER\ffrwug.exe
D:\Documents and Settings\COEUR OLIVIER\fmysdj.exe
D:\Documents and Settings\COEUR OLIVIER\guabll.exe
D:\Documents and Settings\COEUR OLIVIER\juqkgu.exe
D:\Documents and Settings\COEUR OLIVIER\kkdksw.exe
D:\Documents and Settings\COEUR OLIVIER\klrytn.exe
D:\Documents and Settings\COEUR OLIVIER\lzfxcn.exe
D:\Documents and Settings\COEUR OLIVIER\maokyc.exe
D:\Documents and Settings\COEUR OLIVIER\nrktuz.exe
D:\Documents and Settings\COEUR OLIVIER\nykniz.exe
D:\Documents and Settings\COEUR OLIVIER\olqkow.exe
D:\Documents and Settings\COEUR OLIVIER\qjhtbs.exe
D:\Documents and Settings\COEUR OLIVIER\rxcxsp.exe
D:\Documents and Settings\COEUR OLIVIER\shpeqw.exe
D:\Documents and Settings\COEUR OLIVIER\swlmvq.exe
D:\Documents and Settings\COEUR OLIVIER\tiqtlh.exe
D:\Documents and Settings\COEUR OLIVIER\ubpvzp.exe
D:\Documents and Settings\COEUR OLIVIER\uwfzej.exe
D:\Documents and Settings\COEUR OLIVIER\uyjvsc.exe
D:\Documents and Settings\COEUR OLIVIER\vpuizs.exe
D:\Documents and Settings\COEUR OLIVIER\waicwp.exe
D:\Documents and Settings\COEUR OLIVIER\zwumyl.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Application Data\Dart heck store upload
D:\Documents and Settings\All Users\Application Data\Dart heck store upload\MetaKindSize
D:\Documents and Settings\All Users\Application Data\Dart heck store upload\thatbinbind
D:\Documents and Settings\ANNABELLE\abcqgw.exe
D:\Documents and Settings\ANNABELLE\aqvwku.exe
D:\Documents and Settings\ANNABELLE\bjndnx.exe
D:\Documents and Settings\ANNABELLE\btlwit.exe
D:\Documents and Settings\ANNABELLE\flgxto.exe
D:\Documents and Settings\ANNABELLE\fqqnuo.exe
D:\Documents and Settings\ANNABELLE\ftcyyc.exe
D:\Documents and Settings\ANNABELLE\gbgskm.exe
D:\Documents and Settings\ANNABELLE\iaceno.exe
D:\Documents and Settings\ANNABELLE\iqbzzj.exe
D:\Documents and Settings\ANNABELLE\ivchdd.exe
D:\Documents and Settings\ANNABELLE\jeehts.exe
D:\Documents and Settings\ANNABELLE\kbqqxy.exe
D:\Documents and Settings\ANNABELLE\kdxzox.exe
D:\Documents and Settings\ANNABELLE\ksbylf.exe
D:\Documents and Settings\ANNABELLE\mmqxau.exe
D:\Documents and Settings\ANNABELLE\mqwonk.exe
D:\Documents and Settings\ANNABELLE\mrvkch.exe
D:\Documents and Settings\ANNABELLE\mwkyin.exe
D:\Documents and Settings\ANNABELLE\nnvboz.exe
D:\Documents and Settings\ANNABELLE\nttfhq.exe
D:\Documents and Settings\ANNABELLE\nzizra.exe
D:\Documents and Settings\ANNABELLE\ohhzuc.exe
D:\Documents and Settings\ANNABELLE\qlqnzt.exe
D:\Documents and Settings\ANNABELLE\qmoakw.exe
D:\Documents and Settings\ANNABELLE\snlblj.exe
D:\Documents and Settings\ANNABELLE\tovbsm.exe
D:\Documents and Settings\ANNABELLE\twutzd.exe
D:\Documents and Settings\ANNABELLE\uzhzvf.exe
D:\Documents and Settings\ANNABELLE\vtbfcz.exe
D:\Documents and Settings\ANNABELLE\wkbwgl.exe
D:\Documents and Settings\ANNABELLE\wtjouw.exe
D:\Documents and Settings\ANNABELLE\xmxvda.exe
D:\Documents and Settings\ANNABELLE\xuovcn.exe
D:\Documents and Settings\ANNABELLE\xwyvzp.exe
D:\Documents and Settings\COEUR OLIVIER\bparfp.exe
D:\Documents and Settings\COEUR OLIVIER\cfxtpw.exe
D:\Documents and Settings\COEUR OLIVIER\dmekas.exe
D:\Documents and Settings\COEUR OLIVIER\dtyuoi.exe
D:\Documents and Settings\COEUR OLIVIER\ebenxg.exe
D:\Documents and Settings\COEUR OLIVIER\eqiavl.exe
D:\Documents and Settings\COEUR OLIVIER\exxvgv.exe
D:\Documents and Settings\COEUR OLIVIER\ffrwug.exe
D:\Documents and Settings\COEUR OLIVIER\fmysdj.exe
D:\Documents and Settings\COEUR OLIVIER\guabll.exe
D:\Documents and Settings\COEUR OLIVIER\juqkgu.exe
D:\Documents and Settings\COEUR OLIVIER\kkdksw.exe
D:\Documents and Settings\COEUR OLIVIER\klrytn.exe
D:\Documents and Settings\COEUR OLIVIER\lzfxcn.exe
D:\Documents and Settings\COEUR OLIVIER\maokyc.exe
D:\Documents and Settings\COEUR OLIVIER\nrktuz.exe
D:\Documents and Settings\COEUR OLIVIER\nykniz.exe
D:\Documents and Settings\COEUR OLIVIER\olqkow.exe
D:\Documents and Settings\COEUR OLIVIER\qjhtbs.exe
D:\Documents and Settings\COEUR OLIVIER\rxcxsp.exe
D:\Documents and Settings\COEUR OLIVIER\shpeqw.exe
D:\Documents and Settings\COEUR OLIVIER\swlmvq.exe
D:\Documents and Settings\COEUR OLIVIER\tiqtlh.exe
D:\Documents and Settings\COEUR OLIVIER\ubpvzp.exe
D:\Documents and Settings\COEUR OLIVIER\uwfzej.exe
D:\Documents and Settings\COEUR OLIVIER\uyjvsc.exe
D:\Documents and Settings\COEUR OLIVIER\vpuizs.exe
D:\Documents and Settings\COEUR OLIVIER\waicwp.exe
D:\Documents and Settings\COEUR OLIVIER\zwumyl.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-0-13-20 au 2010-1-20 ))))))))))))))))))))))))))))))))))))
.

2010-01-20 16:49:45 . 2009-09-23 12:55:23 64288 ----a-w C:\WINDOWS\system32\drivers\Lbd.sys
2010-01-20 15:58:32 . 2010-01-20 15:58:33 0 dc-h--w D:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-20 13:18:54 . 2010-01-20 17:09:46 0 dc----w C:\Ad-Remover
2010-01-19 19:22:20 . 2010-01-19 19:30:55 0 dcs---w C:\oliv5934
2010-01-19 19:03:48 . 2009-10-25 05:11:34 77312 ----a-w C:\WINDOWS\MBR.exe
2010-01-19 19:03:47 . 2009-12-09 21:54:07 261632 ----a-w C:\WINDOWS\PEV.exe
2010-01-18 19:49:03 . 2010-01-18 19:56:11 0 dc----w C:\UsbFix
2010-01-18 11:45:50 . 2010-01-20 13:14:33 0 dc----w C:\Lop SD
2010-01-18 11:41:45 . 2010-01-18 11:44:40 0 dc----w C:\ToolBar SD
2010-01-16 23:22:47 . 2010-01-16 23:27:49 0 d-----w C:\Program Files\RegCleaner
2010-01-16 19:08:41 . 2010-01-16 19:11:09 0 d-----w C:\Program Files\ZHPDiag
2010-01-12 18:58:52 . 2010-01-19 12:05:59 829 ----a-w C:\WINDOWS\system32\h8srtkrl32mainweq.dll
2010-01-05 18:51:50 . 2010-01-05 18:51:50 0 d-----w D:\Documents and Settings\ANNABELLE\Application Data\DivX
2010-01-03 17:58:53 . 2010-01-03 17:58:53 131584 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2010-01-03 17:58:53 . 2010-01-15 20:13:38 0 d-----w C:\Program Files\Objective Tarot
2010-01-01 13:12:04 . 2010-01-10 14:29:00 849 ----a-w C:\WINDOWS\system32\krl32mainweq.dll
2010-01-01 13:10:58 . 2010-01-04 17:56:51 131 ----a-w C:\WINDOWS\system32\srcr.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 17:03:37 . 2009-11-13 18:36:00 0 d-----w C:\Program Files\Microsoft Silverlight
2010-01-20 15:58:17 . 2007-10-23 18:54:12 0 d-----w C:\Program Files\Lavasoft
2010-01-16 23:29:16 . 2005-10-16 05:32:17 0 d-----w C:\Program Files\Fichiers communs\SureThing Shared
2010-01-15 22:02:50 . 2005-12-09 23:33:28 0 d-----w C:\Program Files\eMule
2010-01-15 18:08:21 . 2006-11-22 13:59:08 0 d-----w C:\Program Files\Program
2010-01-15 17:36:49 . 2008-07-15 20:49:42 0 d-----w C:\Program Files\Free Video Converter
2010-01-14 19:04:07 . 2005-12-09 23:43:53 0 d-----w C:\Program Files\DivX
2010-01-12 11:14:52 . 2005-12-09 21:05:26 115240 ----a-w D:\Documents and Settings\COEUR OLIVIER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 20:31:00 . 2005-12-09 22:43:13 115240 ----a-w D:\Documents and Settings\THEOPHILE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 19:19:39 . 2009-11-11 21:26:20 56816 ----a-w C:\WINDOWS\system32\drivers\avgntflt.sys
2009-12-18 14:06:56 . 2005-12-10 11:45:58 115296 ----a-w D:\Documents and Settings\ANNABELLE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 09:59:02 . 2004-08-16 15:41:35 85704 ----a-w C:\WINDOWS\system32\perfc00C.dat
2009-12-10 09:59:02 . 2004-08-16 15:41:35 512356 ----a-w C:\WINDOWS\system32\perfh00C.dat
2009-11-25 12:14:23 . 2007-09-26 19:32:35 0 d-----w C:\Program Files\Windows Live
2009-11-25 12:13:56 . 2009-11-25 12:13:56 0 d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-21 15:58:49 . 2004-08-05 12:00:00 471552 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2009-10-29 05:25:37 . 2004-08-05 12:00:00 671232 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-24 15:54:36 . 2007-08-16 18:32:10 5632 -csha-w C:\Program Files\Thumbs.db
2007-02-20 11:39:38 . 2007-02-20 11:39:38 54 -c--a-w C:\Program Files\delir.gio
2006-11-22 14:00:20 . 2006-11-22 13:59:07 425236 ----a-w C:\Program Files\Uninst.isu
2006-11-22 13:59:52 . 2006-11-22 13:59:26 384 -c--a-w C:\Program Files\_unodbc.log
1998-08-13 12:29:38 . 2006-11-22 13:59:28 29696 ----a-w C:\Program Files\Uninst.dll
1998-05-27 14:13:34 . 2006-11-22 13:59:26 32256 -c--a-w C:\Program Files\_UNODBC.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 17:18:07 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 02:34:13 1695232]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 09:43:34 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 11:48:02 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 12:00:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 09:31:50 24576]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 14:37:08 286720]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-16 05:31:45 180269]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 09:00:58 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 07:30:12 729088]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 07:47:28 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 08:50:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 08:51:32 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11:35 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - C:\WINDOWS\system32\bthprops.cpl [2008-04-14 02:34:30 110592]
"SoundMan"="SOUNDMAN.EXE" - C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 16:48:32 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:33:59 15360]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 asc3550p;asc3550p; [x]
R2 nxnmas7y3aiu9;bcveServ; [x]
R3 AmdTools;AMD Special Tools Driver; [x]
R3 btnetBUs;Bluetooth PAN Bus Service;C:\WINDOWS\system32\Drivers\btnetBus.sys [2008-12-07 11:44:54 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 13:58:48 26248]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 09:01:26 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 09:01:26 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 09:01:26 121856]
S0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-07 22:39:36 20744]
S0 Lbd;Lbd;C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 12:55:23 64288]
S0 N10;iriver Internet Audio Player N10;C:\WINDOWS\system32\drivers\N10.sys [2004-03-29 16:28:24 14531]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 23:50:00 20560]
S2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 08:39:36 233472]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-20 16:27:57 1181328]
S2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 09:36:18 240512]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 10:51:26 799744]
S3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.SYS [2009-03-31 08:39:36 36608]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'

2010-01-20 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-01-20 16:29:16]

2010-01-20 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-01-20 16:29:16]

2010-01-20 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-01-20 16:29:16]

2010-01-20 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-01-20 16:29:16]

2010-01-20 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06:13 . 2010-01-20 16:29:16]

2010-01-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57:18 . 2008-04-11 15:57:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Creative Detector - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
HKLM-Run-puwou - C:\WINDOWS\system32\koujou.exe
HKLM-Run-updtr.exe - c:\windows\system32\updtr.exe
HKLM-Run-NPSStartup - (no file)
HKU-Default-Run-puwou - D:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Microsoft\mooluwamah.exe
SafeBoot-PEVSystemStart


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - D:\Documents and Settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\hbb3l9pw.default\
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Le rapport n'est pas complet ...

Ensuite :

/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.

▶ Copie le texte ci-dessous :

KillAll::

File::
C:\WINDOWS\system32\h8srtkrl32mainweq.dll
C:\WINDOWS\system32\krl32mainweq.dll
C:\WINDOWS\system32\srcr.dat

Rootkit::
C:\WINDOWS\system32\h8srtkrl32mainweq.dll


▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

▶ Sauvegarde ce fichier sous le nom de CFScript.txt

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

-> Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé /!\

▶ Après redémarrage, poste le contenu du rapport Combofix.txt

==========

Télécharge Yoog_Fix (Batch_Man) sur ton Bureau.

! Déconnecte toi d'internet ferme toutes tes applications en cours !

▶ Double-clique sur Yoog_Fix.exe, choisis 1 pour Français et valide .

▶ Un disclamer apparaît, clique sur OK , puis choisis l'option 1 ( Recherche )


▶ Attend que le scan se fasse, un rapport va s'ouvrir.

=> Poste le dans ta prochaine réponse.

Tutoriel recherche

NOTE: le rapport est à la racine de ton disque sous le nom de Yoog_Fix.txt


=========

Télécharge ZHPDiag (de Nicolas Coolman) et enregistre le sur ton Bureau.

▶ Double clique sur ZHPDiag.exe pour lancer l'installation et suis les instructions , n'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

▶ Double clique sur le raccourci ZHPDiag sur ton Bureau. (l'outil a créé 2 icônes ZHPDiag et ZHPFix)

▶ Clique sur le "Tournevis" puis sur Tous, puis décoche les cases O45 et O61.

▶ Clique sur la loupe pour lancer l'analyse.

⇒ Laisse l'outil travailler, il peut être assez long ...

▶ Une fois terminé , le rapport s'affiche : clique sur bouton "Disquette" pour sauvegarder le rapport obtenu .

Enregistre bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).

Pour le transmettre ouvre ce lien

* Clique sur Parcourir et cherche le fichier ci-dessus.

* Clique sur Ouvrir.

* Clique sur "Cliquez ici pour déposer le fichier".

* Un lien de cette forme est ajouté dans la page :

hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

Copie ce lien dans ta réponse.
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Bonjour.

Voici les 3 rapports que vous m'avez demandé :

Rapport Combofix :

ComboFix 09-04-29.06 - THEOPHILE 21/01/2010 11:32.6 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.770 [GMT 1:00]
Lancé depuis: d:\documents and settings\THEOPHILE\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\THEOPHILE\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning enabled* (Updated)
.
- Mode FONCTIONNALITES REDUITES -

FILE ::
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
.
---- Exécution préalable -------
.
d:\documents and settings\All Users\Application Data\Dart heck store upload
d:\documents and settings\All Users\Application Data\Dart heck store upload\MetaKindSize
d:\documents and settings\All Users\Application Data\Dart heck store upload\thatbinbind
d:\documents and settings\ANNABELLE\abcqgw.exe
d:\documents and settings\ANNABELLE\aqvwku.exe
d:\documents and settings\ANNABELLE\bjndnx.exe
d:\documents and settings\ANNABELLE\btlwit.exe
d:\documents and settings\ANNABELLE\flgxto.exe
d:\documents and settings\ANNABELLE\fqqnuo.exe
d:\documents and settings\ANNABELLE\ftcyyc.exe
d:\documents and settings\ANNABELLE\gbgskm.exe
d:\documents and settings\ANNABELLE\iaceno.exe
d:\documents and settings\ANNABELLE\iqbzzj.exe
d:\documents and settings\ANNABELLE\ivchdd.exe
d:\documents and settings\ANNABELLE\jeehts.exe
d:\documents and settings\ANNABELLE\kbqqxy.exe
d:\documents and settings\ANNABELLE\kdxzox.exe
d:\documents and settings\ANNABELLE\ksbylf.exe
d:\documents and settings\ANNABELLE\mmqxau.exe
d:\documents and settings\ANNABELLE\mqwonk.exe
d:\documents and settings\ANNABELLE\mrvkch.exe
d:\documents and settings\ANNABELLE\mwkyin.exe
d:\documents and settings\ANNABELLE\nnvboz.exe
d:\documents and settings\ANNABELLE\nttfhq.exe
d:\documents and settings\ANNABELLE\nzizra.exe
d:\documents and settings\ANNABELLE\ohhzuc.exe
d:\documents and settings\ANNABELLE\qlqnzt.exe
d:\documents and settings\ANNABELLE\qmoakw.exe
d:\documents and settings\ANNABELLE\snlblj.exe
d:\documents and settings\ANNABELLE\tovbsm.exe
d:\documents and settings\ANNABELLE\twutzd.exe
d:\documents and settings\ANNABELLE\uzhzvf.exe
d:\documents and settings\ANNABELLE\vtbfcz.exe
d:\documents and settings\ANNABELLE\wkbwgl.exe
d:\documents and settings\ANNABELLE\wtjouw.exe
d:\documents and settings\ANNABELLE\xmxvda.exe
d:\documents and settings\ANNABELLE\xuovcn.exe
d:\documents and settings\ANNABELLE\xwyvzp.exe
d:\documents and settings\COEUR OLIVIER\bparfp.exe
d:\documents and settings\COEUR OLIVIER\cfxtpw.exe
d:\documents and settings\COEUR OLIVIER\dmekas.exe
d:\documents and settings\COEUR OLIVIER\dtyuoi.exe
d:\documents and settings\COEUR OLIVIER\ebenxg.exe
d:\documents and settings\COEUR OLIVIER\eqiavl.exe
d:\documents and settings\COEUR OLIVIER\exxvgv.exe
d:\documents and settings\COEUR OLIVIER\ffrwug.exe
d:\documents and settings\COEUR OLIVIER\fmysdj.exe
d:\documents and settings\COEUR OLIVIER\guabll.exe
d:\documents and settings\COEUR OLIVIER\juqkgu.exe
d:\documents and settings\COEUR OLIVIER\kkdksw.exe
d:\documents and settings\COEUR OLIVIER\klrytn.exe
d:\documents and settings\COEUR OLIVIER\lzfxcn.exe
d:\documents and settings\COEUR OLIVIER\maokyc.exe
d:\documents and settings\COEUR OLIVIER\nrktuz.exe
d:\documents and settings\COEUR OLIVIER\nykniz.exe
d:\documents and settings\COEUR OLIVIER\olqkow.exe
d:\documents and settings\COEUR OLIVIER\qjhtbs.exe
d:\documents and settings\COEUR OLIVIER\rxcxsp.exe
d:\documents and settings\COEUR OLIVIER\shpeqw.exe
d:\documents and settings\COEUR OLIVIER\swlmvq.exe
d:\documents and settings\COEUR OLIVIER\tiqtlh.exe
d:\documents and settings\COEUR OLIVIER\ubpvzp.exe
d:\documents and settings\COEUR OLIVIER\uwfzej.exe
d:\documents and settings\COEUR OLIVIER\uyjvsc.exe
d:\documents and settings\COEUR OLIVIER\vpuizs.exe
d:\documents and settings\COEUR OLIVIER\waicwp.exe
d:\documents and settings\COEUR OLIVIER\zwumyl.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-0-13-21 au 2010-1-21 ))))))))))))))))))))))))))))))))))))
.

2010-01-20 16:49 . 2009-09-23 12:55 64288 ----a-w c:\windows\system32\drivers\Lbd.sys
2010-01-20 15:58 . 2010-01-20 15:58 -------- dc-h--w d:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-20 13:18 . 2010-01-20 17:09 -------- dc----w C:\Ad-Remover
2010-01-19 19:22 . 2010-01-19 19:30 -------- dcs---w C:\oliv5934
2010-01-19 19:03 . 2009-10-25 05:11 77312 ----a-w c:\windows\MBR.exe
2010-01-19 19:03 . 2009-12-09 21:54 261632 ----a-w c:\windows\PEV.exe
2010-01-18 19:49 . 2010-01-18 19:56 -------- dc----w C:\UsbFix
2010-01-18 11:45 . 2010-01-20 13:14 -------- dc----w C:\Lop SD
2010-01-18 11:41 . 2010-01-18 11:44 -------- dc----w C:\ToolBar SD
2010-01-16 23:22 . 2010-01-16 23:27 -------- d-----w c:\program files\RegCleaner
2010-01-16 19:08 . 2010-01-16 19:11 -------- d-----w c:\program files\ZHPDiag
2010-01-05 18:51 . 2010-01-05 18:51 -------- d-----w d:\documents and settings\ANNABELLE\Application Data\DivX
2010-01-03 17:58 . 2010-01-03 17:58 131584 ----a-w c:\windows\system32\SpoonUninstall.exe
2010-01-03 17:58 . 2010-01-15 20:13 -------- d-----w c:\program files\Objective Tarot

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 17:03 . 2009-11-13 18:36 -------- d-----w c:\program files\Microsoft Silverlight
2010-01-20 15:58 . 2007-10-23 18:54 -------- d-----w c:\program files\Lavasoft
2010-01-16 23:29 . 2005-10-16 05:32 -------- d-----w c:\program files\Fichiers communs\SureThing Shared
2010-01-15 22:02 . 2005-12-09 23:33 -------- d-----w c:\program files\eMule
2010-01-15 18:08 . 2006-11-22 13:59 -------- d-----w c:\program files\Program
2010-01-15 17:36 . 2008-07-15 20:49 -------- d-----w c:\program files\Free Video Converter
2010-01-14 19:04 . 2005-12-09 23:43 -------- d-----w c:\program files\DivX
2010-01-12 11:14 . 2005-12-09 21:05 115240 ----a-w d:\documents and settings\COEUR OLIVIER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-10 20:31 . 2005-12-09 22:43 115240 ----a-w d:\documents and settings\THEOPHILE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 19:19 . 2009-11-11 21:26 56816 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-12-18 14:06 . 2005-12-10 11:45 115296 ----a-w d:\documents and settings\ANNABELLE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 09:59 . 2004-08-16 15:41 85704 ----a-w c:\windows\system32\perfc00C.dat
2009-12-10 09:59 . 2004-08-16 15:41 512356 ----a-w c:\windows\system32\perfh00C.dat
2009-11-25 12:14 . 2007-09-26 19:32 -------- d-----w c:\program files\Windows Live
2009-11-25 12:13 . 2009-11-25 12:13 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w c:\windows\AppPatch\aclayers.dll
2009-10-29 05:25 . 2004-08-05 12:00 671232 ----a-w c:\windows\system32\wininet.dll
2007-09-24 15:54 . 2007-08-16 18:32 5632 -csha-w c:\program files\Thumbs.db
2007-02-20 11:39 . 2007-02-20 11:39 54 -c--a-w c:\program files\delir.gio
2006-11-22 14:00 . 2006-11-22 13:59 425236 ----a-w c:\program files\Uninst.isu
2006-11-22 13:59 . 2006-11-22 13:59 384 -c--a-w c:\program files\_unodbc.log
1998-08-13 12:29 . 2006-11-22 13:59 29696 ----a-w c:\program files\Uninst.dll
1998-05-27 14:13 . 2006-11-22 13:59 32256 -c--a-w c:\program files\_UNODBC.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-16 180269]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 729088]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"puwou"="c:\windows\system32\koujou.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"updtr.exe"="c:\windows\system32\updtr.exe" [BU]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]
"NPSStartup"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"puwou"="d:\documents and settings\LocalService.AUTORITE NT.000\Application Data\Microsoft\mooluwamah.exe" [BU]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection; [x]
R2 asc3550p;asc3550p; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-20 1181328]
R2 nxnmas7y3aiu9;bcveServ; [x]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-05-27 799744]
R3 AmdTools;AMD Special Tools Driver; [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S0 N10;iriver Internet Audio Player N10;c:\windows\system32\drivers\N10.sys [2004-03-29 14531]

.
Contenu du dossier 'Tâches planifiées'

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:29]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:29]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:29]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:29]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:29]

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - d:\documents and settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\hbb3l9pw.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 11:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(216)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\savedump.exe
.
**************************************************************************
.
Heure de fin: 2010-01-21 11:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-21 10:37
ComboFix2.txt 2008-03-05 17:52
ComboFix3.txt 2008-03-05 17:45

Avant-CF: 3 741 257 728 octets libres
Après-CF: 3 745 112 064 octets libres

332 --- E O F --- 2010-01-20 16:28

Rapport Ad-Remover :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19.01.2010 à 21:16
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:04:25, 20/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: OLIVIER | Utilisateur actuel: THEOPHILE
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.7 [fr] *
.
Nom du profil: hbb3l9pw.default (THEOPHILE)
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE
(THEOPH~1, prefs.js) Extensions.enabledItems, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
.
(THEOPH~1, prefs.js) Browser.download.lastDir, D:\Documents and Settings\THEOPHILE\Mes documents\Mes images\Théo
(THEOPH~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
.
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Use Custom Search URL: 1 (0x1)
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
Use Search Asst: no
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6704 Octet(s) - C:\Ad-Report-CLEAN[1].log
2289 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
26 Fichier(s) - D:\DOCUME~1\THEOPH~1\LOCALS~1\Temp
13 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
18 Fichier(s) - C:\Ad-Remover\BACKUP
923 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 18:09:46 | 20/01/2010 - CLEAN[2]
.
============== E.O.F ==============
.

Rapport Yoog-fix :

Yoog_Fix 3.0.1 de Batch_Man | THEOPHILE (Administrateur)
Debut a 12:25 le 21/01/2010
Microsoft Windows XP Édition familiale(5.1.2600)

AMD Athlon(tm) 64 Processor 3400+
Ram : 1023,4 Mo
Fail-safe with network boot

Antivirus: avast! antivirus 4.8.1368 [VPS 100121-0] 4.8.1368 (Activated)
Lancé de "D:\Documents and Settings\THEOPHILE\Bureau\Yoog_Fix.bat"

C:\ [Fixed] - NTFS - (Total:30710 Mo/Free:3568 Mo)
D:\ [Fixed] - NTFS - (Total:153903 Mo/Free:1669 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Option [1] 2 3 Recherche / Suppression

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]


------------[Suspects]

[--a------ + 11/05/2005 12:49 + 198144] C:\WINDOWS\system32\_psisdecd.dll
[--a------ + 14/04/2008 03:33 + 363520] C:\WINDOWS\system32\psisdecd.dll


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse de Firefox]


------------[Analyse de Firefox]


Mozilla Firefox 3.5.7 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: D:\Documents and Settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\7wpugwb0.default
Path: D:\Documents and Settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\hbb3l9pw.default

[ANNABELLE\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=vmn"
[COEUR OLIVIER\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=vmn"
[COEUR OLIVIER\..\prefs.js] browser.search.selectedEngine: "Yahoo"

------------[Extensions Firefox]

[ANNABELLE] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[COEUR OLIVIER] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[THEOPHILE] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant

{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

------------[Mozilla Plugins]

Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87

Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 7.7.0.43

Vendor = Apple Inc.
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0

Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8081.0709

Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5

Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Version = 6.0.11.2088

Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
Version = 1.0.2.2146

Vendor = RealNetworks
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
Version = 6.0.12.1069

Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
XPTPath = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
ProductName = Viewpoint Media Player
Vendor = Viewpoint Corporation
Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe Flash Player
Vendor = Adobe Systems Inc.
Version = 9.0.115.0


------------[Plugins de recherche]

[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
[Program Files] yahoo.xml = https://search.yahoo.com/

------------[Listing de dossiers]

[12/01/2010 12:02 | 23512 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[12/01/2010 12:02 | 137176 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[06/11/2008 17:33 | 1332224 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[11/12/2008 01:33 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[20/03/2008 17:21 | 1446440 bytes] C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[12/01/2010 12:02 | 64984 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 18:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

Internet Explorer : 6.0.2900.5512

L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKLM\..\Main.Window Title =
L1 = HKCU\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKCU\..\Main.Search Page = https://www.google.com/?gws_rd=ssl
L1 = HKCU\..\Main.Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Search Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKCU\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKCU\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-19\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-20\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
NavigationFailure = res://shdoclc.dll/navcancl.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm

--------[Browser Helper Object]

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=3.0
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=3.0
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=3.0
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=3.0
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Google Dictionary Compression sdch

--------[SearchScopes]

[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes],@DefaultScope={F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\${searchCLSID}],@DisplayName=@ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{F7C482E8-E688-473B-B6BB-38C7E89A446B}],@DisplayName=Yahoo! Search
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{FBD7190F-3B59-46F6-A597-F90B8A87C3A7}],@DisplayName=Dealio
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7C482E8-E688-473B-B6BB-38C7E89A446B}],@DisplayName=Yahoo! Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBD7190F-3B59-46F6-A597-F90B8A87C3A7}],@DisplayName=Dealio

--------[Extensions]

@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

--------[Clé Run]


------------[Autres infections]




»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Autres rapports]


[21/01/2010 12:27] C:\Yoog_Fix\Logs\Rapport_21_01_2010_n2.txt - (Choix 1 : Recherche / Suppression)

-------------------------->>

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_21_01_2010_2.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com


+--------------[Fin à 12h 27min]
Voila merci d'avance .
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
157
Re,

- Fais ce qui demandé dans le rapport YoogFix :

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_21_01_2010_2.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com


- Colle moi l'autre rapport Yoog_Fix: C:\Yoog_Fix\Logs\Rapport_21_01_2010_n2.txt

- + le rapport ZHPDiag comme demandé stp.
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

RE.

Je n'arrive pa a uploader le fichier car dans Backup_21_01_2010_2 il n'y a aucun fichier !

voici le rapport C:\Yoog_Fix\Logs\Rapport_21_01_2010_n2.txt :

Yoog_Fix 3.0.1 de Batch_Man | THEOPHILE (Administrateur)
Debut a 12:25 le 21/01/2010
Microsoft Windows XP Édition familiale(5.1.2600)

AMD Athlon(tm) 64 Processor 3400+
Ram : 1023,4 Mo
Fail-safe with network boot

Antivirus: avast! antivirus 4.8.1368 [VPS 100121-0] 4.8.1368 (Activated)
Lancé de "D:\Documents and Settings\THEOPHILE\Bureau\Yoog_Fix.bat"

C:\ [Fixed] - NTFS - (Total:30710 Mo/Free:3568 Mo)
D:\ [Fixed] - NTFS - (Total:153903 Mo/Free:1669 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Option [1] 2 3 Recherche / Suppression

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]


------------[Suspects]

[--a------ + 11/05/2005 12:49 + 198144] C:\WINDOWS\system32\_psisdecd.dll
[--a------ + 14/04/2008 03:33 + 363520] C:\WINDOWS\system32\psisdecd.dll


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse de Firefox]


------------[Analyse de Firefox]


Mozilla Firefox 3.5.7 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: D:\Documents and Settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\7wpugwb0.default
Path: D:\Documents and Settings\THEOPHILE\Application Data\Mozilla\Firefox\Profiles\hbb3l9pw.default

[ANNABELLE\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=vmn"
[COEUR OLIVIER\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=vmn"
[COEUR OLIVIER\..\prefs.js] browser.search.selectedEngine: "Yahoo"

------------[Extensions Firefox]

[ANNABELLE] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[COEUR OLIVIER] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[THEOPHILE] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant

{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

------------[Mozilla Plugins]

Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87

Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 7.7.0.43

Vendor = Apple Inc.
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0

Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8081.0709

Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5

Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Version = 6.0.11.2088

Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
Version = 1.0.2.2146

Vendor = RealNetworks
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
Version = 6.0.12.1069

Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
XPTPath = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
ProductName = Viewpoint Media Player
Vendor = Viewpoint Corporation
Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe Flash Player
Vendor = Adobe Systems Inc.
Version = 9.0.115.0


------------[Plugins de recherche]

[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
[Program Files] yahoo.xml = https://search.yahoo.com/

------------[Listing de dossiers]

[12/01/2010 12:02 | 23512 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[12/01/2010 12:02 | 137176 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[06/11/2008 17:33 | 1332224 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[11/12/2008 01:33 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[20/03/2008 17:21 | 1446440 bytes] C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[12/01/2010 12:02 | 64984 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 18:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[20/06/2009 23:11 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

Internet Explorer : 6.0.2900.5512

L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKLM\..\Main.Window Title =
L1 = HKCU\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKCU\..\Main.Search Page = https://www.google.com/?gws_rd=ssl
L1 = HKCU\..\Main.Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Search Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Main.Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKCU\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKCU\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-19\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-20\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1694146165-2628061020-2127861650-1007\..\Search.SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
NavigationFailure = res://shdoclc.dll/navcancl.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm

--------[Browser Helper Object]

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=3.0
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=3.0
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=3.0
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=3.0
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Google Dictionary Compression sdch

--------[SearchScopes]

[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes],@DefaultScope={F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\${searchCLSID}],@DisplayName=@ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{F7C482E8-E688-473B-B6BB-38C7E89A446B}],@DisplayName=Yahoo! Search
[HKEY_USERS\S-1-5-21-1694146165-2628061020-2127861650-1007\..\SearchScopes\{FBD7190F-3B59-46F6-A597-F90B8A87C3A7}],@DisplayName=Dealio
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F77DF10B-15F0-4D7B-8EC7-955FF6E594A2}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7C482E8-E688-473B-B6BB-38C7E89A446B}],@DisplayName=Yahoo! Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBD7190F-3B59-46F6-A597-F90B8A87C3A7}],@DisplayName=Dealio

--------[Extensions]

@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

--------[Clé Run]


------------[Autres infections]




»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Autres rapports]


[21/01/2010 12:27] C:\Yoog_Fix\Logs\Rapport_21_01_2010_n2.txt - (Choix 1 : Recherche / Suppression)

-------------------------->>

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_21_01_2010_2.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com


+--------------[Fin à 12h 27min]
Messages postés
43
Date d'inscription
samedi 16 janvier 2010
Statut
Membre
Dernière intervention
23 octobre 2013

Voici le rapport ZHPDIag :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijvoAOyiD.txt