Redirection automatique sites publicitaires

ci-joint rapport:
ZHPFix v1.12.305 by Nicolas Coolman - Rapport de suppression du 23/02/2010 10:19:23
Fichier Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
O41 - Driver: (oko6) . (.WiseCleaner.com - Applet Messenger Manager Roxio Control Prot.) - C:\WINDOWS\system32\drivers\oko6.sys => Clé supprimée avec succès

Valeur du Registre :
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld16.exe => Valeur supprimée avec succès

Elément de données du Registre :
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe ylvr.dwo vamai => Donnée supprimée avec succès

Dossier :
(Néant)

Fichier :
c:\windows\ld16.exe => Fichier absent
c:\windows\478905b7-cf84-42d3-b378-7896691e777c.xml => Supprimé et mis en quarantaine
c:\windows\system32\ylvr.dwo => Supprimé et mis en quarantaine
c:\windows\010112010146111103.xxe => Supprimé et mis en quarantaine
c:\windows\rdr_1266591595.exe => Supprimé et mis en quarantaine
c:\windows\rdr_1266591026.exe => Supprimé et mis en quarantaine
c:\windows\fdgg34353edfgdfdf => Supprimé et mis en quarantaine
c:\windows\system32\oko6.dll => Supprimé et mis en quarantaine
c:\windows\system32\drivers\oko6.sys => Supprimé et mis en quarantaine
c:\windows\010112010146114101.xxe => Supprimé et mis en quarantaine
c:\windows\01011201014650115.xxe => Supprimé et mis en quarantaine
c:\windows\bk23567.dat => Supprimé et mis en quarantaine
c:\windows\system32\drivers\oko6.sys => Fichier absent

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 1
Elément de données du Registre : 1
Dossier : 0
Fichier : 13
Logiciel : 0
Autre : 0


End of the scan








et ci-joint le dernier rapport zhpdiag:

http://www.cijoint.fr/cjlink.php?file=cj201002/cijVBrtgK5.txt

j'ai une erreur 732 quand j'installe la mise à jour et donc ca marche pas...

c'est bon erreur résolue, je poste le rapport dès qu'il est émis.

rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3779
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/02/2010 13:06:02
mbam-log-2010-02-23 (13-06-02).txt

Type de recherche: Examen rapide
Eléments examinés: 168232
Temps écoulé: 6 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\okosrv (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OKO6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OKOSRV (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\okogrp (Worm.KoobFace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe ylvr.dwo vamai) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\oko6.dll (Worm.KoobFace) -> Quarantined and deleted successfully.


et nouveau rapport zhpdiag sur: http://www.cijoint.fr/cjlink.php?file=cj201002/cijThk2Ccr.txt

Ci-joint rapport combofix
http://www.cijoint.fr/cjlink.php?file=cj201002/cijPvUu7eb.txt

http://www.cijoint.fr/cjlink.php?file=cj201002/cijmejOqaO.txt

ci dessus dernier rapport

rapport:
ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 23/02/2010 18:28:12
Fichier d'export Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan




et pour le rapport usbfix:

############################## | UsbFix V6.097 |

User : a.dilena () # CAO6
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:31:13 | 23/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
FW : Bitdefender Firewall[ Enabled ]8.0

C:\ -> Disque fixe local # 100 Go (84,56 Go free) [System] # NTFS
D:\ -> Disque fixe local # 365,76 Go (365,03 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,97 Go (716,5 Mo free) [ANTO] # FAT
G:\ -> Connexion réseau
H:\ -> Disque amovible # 473,36 Mo (138,03 Mo free) [USB 512MO] # FAT32
K:\ -> Connexion réseau
U:\ -> Connexion réseau
V:\ -> Connexion réseau
W:\ -> Connexion réseau

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Management Agent\bdemagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

F:\msvcr71.dll

################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Vaccin |

# F:\autorun.inf -> Dossier créé par Flash_Disinfector (sUBs).

################## | ! Fin du rapport # UsbFix V6.097 ! |

Bonjour,

Ci-joint rapport usbfix:

############################## | UsbFix V6.097 |

User : a.dilena () # CAO6
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 08:48:10 | 24/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
FW : Bitdefender Firewall[ Enabled ]8.0

C:\ -> Disque fixe local # 100 Go (84,5 Go free) [System] # NTFS
D:\ -> Disque fixe local # 365,76 Go (365,03 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,97 Go (716,5 Mo free) [ANTO] # FAT
G:\ -> Connexion réseau
H:\ -> Disque amovible # 473,36 Mo (138,03 Mo free) [USB 512MO] # FAT32
K:\ -> Connexion réseau
U:\ -> Connexion réseau
V:\ -> Connexion réseau
W:\ -> Connexion réseau

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Management Agent\bdemagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1330369797-3111183984-3373151456-1124
Supprimé ! D:\Recycler\S-1-5-21-1330369797-3111183984-3373151456-1124
Supprimé ! D:\Recycler\S-1-5-21-1362248124-2690391108-375141483-1167
Supprimé ! D:\Recycler\S-1-5-21-2884176715-4091880198-1690577209-500
Supprimé ! F:\msvcr71.dll

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing des fichiers présent |

[23/10/2009 09:21|--a------|16] C:\asdict.dat
[24/08/2004 10:04|--a------|0] C:\AUTOEXEC.BAT
[09/12/2009 09:19|--a------|212] C:\Boot.bak
[23/02/2010 14:28|-rahs----|282] C:\boot.ini
[05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[03/08/2004 23:00|--a------|263488] C:\cmldr
[23/02/2010 14:32|--a------|13935] C:\ComboFix.txt
[24/08/2004 10:04|--a------|0] C:\CONFIG.SYS
[24/08/2004 10:04|-rahs----|0] C:\IO.SYS
[24/08/2004 10:04|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[27/08/2008 16:09|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[24/02/2010 08:50|--a------|3423] C:\UsbFix.txt
[23/02/2010 10:19|--a------|40772] C:\ZHPExportRegistry-23-02-2010-10-19-23.txt
[02/12/2007 12:00|--a------|797948714] F:\Autocad 2008 fra.rar
[14/01/2010 16:44|--a------|230] H:\Wienerberger - Choisissez votre tuile.URL
[18/12/2009 11:29|--ahs----|1277952] H:\SIV491.tmp
[14/01/2010 17:37|--a------|60] H:\Disegni dwg - blocchi cad.URL
[19/02/2010 15:40|--a------|119851] H:\enrochement_03.jpg
[19/02/2010 15:46|--a------|296555] H:\dsc00813pa6.jpg
[19/02/2010 15:47|--a------|293364] H:\dsc00855ij8.jpg

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par Flash_Disinfector (sUBs).
# H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SACMA.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.097 ! |






et ci-joint rapport zhddiag: http://www.cijoint.fr/cjlink.php?file=cj201002/cijxcx6AI9.txt

Rapport AD -R:

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:14:12, 24/02/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: CAO6 | Utilisateur actuel: a.dilena
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

.
HKLM\software\Poker 770
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: 7iag1ekw.default (a.dilena)
.
(ADILEN~1.SAC, prefs.js) Browser.download.lastDir, F:
(ADILEN~1.SAC, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
(ADILEN~1.SAC, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,bkmrksync@nokia.com:1.0.0.723,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: da9f61b677b1ca01
Start Page Redirect Cache AcceptLangs: fr
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2286 Octet(s) - C:\Ad-Report-SCAN[1].log
.
7 Fichier(s) - C:\DOCUME~1\ADILEN~1.SAC\LOCALS~1\Temp
7 Fichier(s) - C:\WINDOWS\Temp
107 Fichier(s) - C:\WINDOWS\Prefetch
.
2 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 9:16:53 | 24/02/2010 - SCAN[1]
.
============== E.O.F ==============
.

Rapport zhpfix:

ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 24/02/2010 09:27:22
Fichier Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan






rapport ad-r:

======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:30:52, 24/02/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: CAO6 | Utilisateur actuel: a.dilena
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
HKLM\software\Poker 770
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: 7iag1ekw.default (a.dilena)
.
(ADILEN~1.SAC, prefs.js) Browser.download.lastDir, F:
(ADILEN~1.SAC, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
(ADILEN~1.SAC, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,bkmrksync@nokia.com:1.0.0.723,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: da9f61b677b1ca01
Start Page Redirect Cache AcceptLangs: fr
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2537 Octet(s) - C:\Ad-Report-CLEAN[1].log
2627 Octet(s) - C:\Ad-Report-SCAN[1].log
.
6 Fichier(s) - C:\DOCUME~1\ADILEN~1.SAC\LOCALS~1\Temp
9 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 9:33:58 | 24/02/2010 - CLEAN[1]
.
============== E.O.F ==============
.


et enfin rapport zhpdiag: http://www.cijoint.fr/cjlink.php?file=cj201002/cijqVWU4ZX.txt

nouveau rapport apres instal de la nouvelle version

http://www.cijoint.fr/cjlink.php?file=cj201002/cijEiEKK3Z.txt

nouveau rapport::
ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 24/02/2010 10:01:26
Fichier d'export Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan

Oui oui, comme on fait depuis les début:
lancement zhpfix
H
je copie et colle seulement les ligne en O64 et toutes les autres de ton document cijoint
ok
déconnection et désactivation des anti virus et firewall,...
nettoyer
et le logiciel ne cherche pas, il sort direct le rapport vierge...

ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 24/02/2010 10:10:49
Fichier d'export Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan

en fait quand je copie colle, les accents sont supprimés et remplacé par des caractères spéciaux, ca peut venir de là?

ci-joint imprim écran:
http://www.cijoint.fr/cjlink.php?file=cj201002/cij7gv882Y.jpg

oui tout est ok

cependant toujours le même soucis:
ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 24/02/2010 11:19:40
Fichier d'export Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan

ben le rapport que je viens de poster est celui fait avec les accents...

:(

ci-joint rapport avec la cible du lien sous:

ZHPFix v1.12.306 by Nicolas Coolman - Rapport de suppression du 24/02/2010 11:41:14
Fichier d'export Registre :
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
(Néant)

Elément de données du Registre :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 0
Dossier : 0
Fichier : 0
Logiciel : 0
Autre : 0


End of the scan



et le rapport zhpdiag: http://www.cijoint.fr/cjlink.php?file=cj201002/cijRbXEaFA.txt

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named 02e14605 was found to stop!
Unable to stop service 02e14605!
Error: No service named 02e14f77 was found to stop!
Unable to stop service 02e14f77!
Error: No service named 02e4e10b was found to stop!
Unable to stop service 02e4e10b!
Error: No service named 06c41312 was found to stop!
Unable to stop service 06c41312!
Error: No service named 0871c568 was found to stop!
Unable to stop service 0871c568!
Error: No service named 0a686c46 was found to stop!
Unable to stop service 0a686c46!
Error: No service named 0bd71412 was found to stop!
Unable to stop service 0bd71412!
Error: No service named 168a5805 was found to stop!
Unable to stop service 168a5805!
Error: No service named 22be5dfc was found to stop!
Unable to stop service 22be5dfc!
Error: No service named 2558efdf was found to stop!
Unable to stop service 2558efdf!
Error: No service named 2cec6d5c was found to stop!
Unable to stop service 2cec6d5c!
Error: No service named 32985f48 was found to stop!
Unable to stop service 32985f48!
Error: No service named 3af8ac41 was found to stop!
Unable to stop service 3af8ac41!
Error: No service named 41176a70 was found to stop!
Unable to stop service 41176a70!
Error: No service named 4182c7f0 was found to stop!
Unable to stop service 4182c7f0!
Error: No service named 42a078be was found to stop!
Unable to stop service 42a078be!
Error: No service named 45f0730c was found to stop!
Unable to stop service 45f0730c!
Error: No service named 46fd06f8 was found to stop!
Unable to stop service 46fd06f8!
Error: No service named 4e07c02d was found to stop!
Unable to stop service 4e07c02d!
Error: No service named 4f02e10b was found to stop!
Unable to stop service 4f02e10b!
Error: No service named 503c58a6 was found to stop!
Unable to stop service 503c58a6!
Error: No service named 50c0db92 was found to stop!
Unable to stop service 50c0db92!
Error: No service named 52de2ba5 was found to stop!
Unable to stop service 52de2ba5!
Error: No service named 5893fbe0 was found to stop!
Unable to stop service 5893fbe0!
Error: No service named 5b520818 was found to stop!
Unable to stop service 5b520818!
Error: No service named 5c75b902 was found to stop!
Unable to stop service 5c75b902!
Error: No service named 5df8a5c4 was found to stop!
Unable to stop service 5df8a5c4!
Error: No service named 60182955 was found to stop!
Unable to stop service 60182955!
Error: No service named 6807c012 was found to stop!
Unable to stop service 6807c012!
Error: No service named 6977ee5c was found to stop!
Unable to stop service 6977ee5c!
Error: No service named 6b7ed840 was found to stop!
Unable to stop service 6b7ed840!
Error: No service named 6d36a078 was found to stop!
Unable to stop service 6d36a078!
Error: No service named 7046fd5f was found to stop!
Unable to stop service 7046fd5f!
Error: No service named 7196fd75 was found to stop!
Unable to stop service 7196fd75!
Error: No service named 74697736 was found to stop!
Unable to stop service 74697736!
Error: No service named 750ea6c4 was found to stop!
Unable to stop service 750ea6c4!
Error: No service named 7e9d3366 was found to stop!
Unable to stop service 7e9d3366!
Error: No service named 82301787 was found to stop!
Unable to stop service 82301787!
Error: No service named 8d96059c was found to stop!
Unable to stop service 8d96059c!
Error: No service named 910b419c was found to stop!
Unable to stop service 910b419c!
Error: No service named 934e49d9 was found to stop!
Unable to stop service 934e49d9!
Error: No service named 96fd75b9 was found to stop!
Unable to stop service 96fd75b9!
Error: No service named 97747437 was found to stop!
Unable to stop service 97747437!
Error: No service named a5746d5c was found to stop!
Unable to stop service a5746d5c!
Error: No service named a7942e2f was found to stop!
Unable to stop service a7942e2f!
Error: No service named a7942e2f was found to stop!
Unable to stop service a7942e2f!
Error: No service named adcbd42d was found to stop!
Unable to stop service adcbd42d!
Error: No service named adcbd42d was found to stop!
Unable to stop service adcbd42d!
Error: No service named b117794a was found to stop!
Unable to stop service b117794a!
Error: No service named be30f0be was found to stop!
Unable to stop service be30f0be!
Error: No service named be83e9ea was found to stop!
Unable to stop service be83e9ea!
Error: No service named bf137bef was found to stop!
Unable to stop service bf137bef!
Error: No service named bf13ec4f was found to stop!
Unable to stop service bf13ec4f!
Error: No service named c0a60511 was found to stop!
Unable to stop service c0a60511!
Error: No service named c44217f0 was found to stop!
Unable to stop service c44217f0!
Error: No service named d5080c85 was found to stop!
Unable to stop service d5080c85!
Error: No service named d928882c was found to stop!
Unable to stop service d928882c!
Error: No service named e03c58a6 was found to stop!
Unable to stop service e03c58a6!
Error: No service named e14f02e4 was found to stop!
Unable to stop service e14f02e4!
Error: No service named ec0e8068 was found to stop!
Unable to stop service ec0e8068!
Error: No service named ec2cec4f was found to stop!
Unable to stop service ec2cec4f!
Error: No service named ec2cec4f was found to stop!
Unable to stop service ec2cec4f!
Error: No service named f84fa078 was found to stop!
Unable to stop service f84fa078!
Error: No service named fa1775b9 was found to stop!
Unable to stop service fa1775b9!
Error: No service named fada4303 was found to stop!
Unable to stop service fada4303!
Error: No service named fae916a9 was found to stop!
Unable to stop service fae916a9!
Error: No service named fafad6a6 was found to stop!
Unable to stop service fafad6a6!
Error: No service named fb2d700b was found to stop!
Unable to stop service fb2d700b!
Error: No service named fcd2b7ef was found to stop!
Unable to stop service fcd2b7ef!
Error: No service named fe4a2ce6 was found to stop!
Unable to stop service fe4a2ce6!
========== FILES ==========
C:\UsbFix_Upload_Me_SACMA.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: a.dilena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 97694571 bytes
->Java cache emptied: 32429624 bytes
->FireFox cache emptied: 101283280 bytes

User: a.dilena.SACMA
->Temp folder emptied: 754944 bytes
->Temporary Internet Files folder emptied: 10956612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58793962 bytes

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrateur.SACMA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrateur@sacma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 267173 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 161319950 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2676224 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 445,00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02242010_120616

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat moved successfully.

Registry entries deleted on Reboot...





et rapport zhpdiag: http://www.cijoint.fr/cjlink.php?file=cj201002/cij80TJyFw.txt

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named 02e14605 was found to stop!
Unable to stop service 02e14605!
Error: No service named 02e14f77 was found to stop!
Unable to stop service 02e14f77!
Error: No service named 02e4e10b was found to stop!
Unable to stop service 02e4e10b!
Error: No service named 06c41312 was found to stop!
Unable to stop service 06c41312!
Error: No service named 0871c568 was found to stop!
Unable to stop service 0871c568!
Error: No service named 0a686c46 was found to stop!
Unable to stop service 0a686c46!
Error: No service named 0bd71412 was found to stop!
Unable to stop service 0bd71412!
Error: No service named 168a5805 was found to stop!
Unable to stop service 168a5805!
Error: No service named 22be5dfc was found to stop!
Unable to stop service 22be5dfc!
Error: No service named 2558efdf was found to stop!
Unable to stop service 2558efdf!
Error: No service named 2cec6d5c was found to stop!
Unable to stop service 2cec6d5c!
Error: No service named 32985f48 was found to stop!
Unable to stop service 32985f48!
Error: No service named 3af8ac41 was found to stop!
Unable to stop service 3af8ac41!
Error: No service named 41176a70 was found to stop!
Unable to stop service 41176a70!
Error: No service named 4182c7f0 was found to stop!
Unable to stop service 4182c7f0!
Error: No service named 42a078be was found to stop!
Unable to stop service 42a078be!
Error: No service named 45f0730c was found to stop!
Unable to stop service 45f0730c!
Error: No service named 46fd06f8 was found to stop!
Unable to stop service 46fd06f8!
Error: No service named 4e07c02d was found to stop!
Unable to stop service 4e07c02d!
Error: No service named 4f02e10b was found to stop!
Unable to stop service 4f02e10b!
Error: No service named 503c58a6 was found to stop!
Unable to stop service 503c58a6!
Error: No service named 50c0db92 was found to stop!
Unable to stop service 50c0db92!
Error: No service named 52de2ba5 was found to stop!
Unable to stop service 52de2ba5!
Error: No service named 5893fbe0 was found to stop!
Unable to stop service 5893fbe0!
Error: No service named 5b520818 was found to stop!
Unable to stop service 5b520818!
Error: No service named 5c75b902 was found to stop!
Unable to stop service 5c75b902!
Error: No service named 5df8a5c4 was found to stop!
Unable to stop service 5df8a5c4!
Error: No service named 60182955 was found to stop!
Unable to stop service 60182955!
Error: No service named 6807c012 was found to stop!
Unable to stop service 6807c012!
Error: No service named 6977ee5c was found to stop!
Unable to stop service 6977ee5c!
Error: No service named 6b7ed840 was found to stop!
Unable to stop service 6b7ed840!
Error: No service named 6d36a078 was found to stop!
Unable to stop service 6d36a078!
Error: No service named 7046fd5f was found to stop!
Unable to stop service 7046fd5f!
Error: No service named 7196fd75 was found to stop!
Unable to stop service 7196fd75!
Error: No service named 74697736 was found to stop!
Unable to stop service 74697736!
Error: No service named 750ea6c4 was found to stop!
Unable to stop service 750ea6c4!
Error: No service named 7e9d3366 was found to stop!
Unable to stop service 7e9d3366!
Error: No service named 82301787 was found to stop!
Unable to stop service 82301787!
Error: No service named 8d96059c was found to stop!
Unable to stop service 8d96059c!
Error: No service named 910b419c was found to stop!
Unable to stop service 910b419c!
Error: No service named 934e49d9 was found to stop!
Unable to stop service 934e49d9!
Error: No service named 96fd75b9 was found to stop!
Unable to stop service 96fd75b9!
Error: No service named 97747437 was found to stop!
Unable to stop service 97747437!
Error: No service named a5746d5c was found to stop!
Unable to stop service a5746d5c!
Error: No service named a7942e2f was found to stop!
Unable to stop service a7942e2f!
Error: No service named a7942e2f was found to stop!
Unable to stop service a7942e2f!
Error: No service named adcbd42d was found to stop!
Unable to stop service adcbd42d!
Error: No service named adcbd42d was found to stop!
Unable to stop service adcbd42d!
Error: No service named b117794a was found to stop!
Unable to stop service b117794a!
Error: No service named be30f0be was found to stop!
Unable to stop service be30f0be!
Error: No service named be83e9ea was found to stop!
Unable to stop service be83e9ea!
Error: No service named bf137bef was found to stop!
Unable to stop service bf137bef!
Error: No service named bf13ec4f was found to stop!
Unable to stop service bf13ec4f!
Error: No service named c0a60511 was found to stop!
Unable to stop service c0a60511!
Error: No service named c44217f0 was found to stop!
Unable to stop service c44217f0!
Error: No service named d5080c85 was found to stop!
Unable to stop service d5080c85!
Error: No service named d928882c was found to stop!
Unable to stop service d928882c!
Error: No service named e03c58a6 was found to stop!
Unable to stop service e03c58a6!
Error: No service named e14f02e4 was found to stop!
Unable to stop service e14f02e4!
Error: No service named ec0e8068 was found to stop!
Unable to stop service ec0e8068!
Error: No service named ec2cec4f was found to stop!
Unable to stop service ec2cec4f!
Error: No service named ec2cec4f was found to stop!
Unable to stop service ec2cec4f!
Error: No service named f84fa078 was found to stop!
Unable to stop service f84fa078!
Error: No service named fa1775b9 was found to stop!
Unable to stop service fa1775b9!
Error: No service named fada4303 was found to stop!
Unable to stop service fada4303!
Error: No service named fae916a9 was found to stop!
Unable to stop service fae916a9!
Error: No service named fafad6a6 was found to stop!
Unable to stop service fafad6a6!
Error: No service named fb2d700b was found to stop!
Unable to stop service fb2d700b!
Error: No service named fcd2b7ef was found to stop!
Unable to stop service fcd2b7ef!
Error: No service named fe4a2ce6 was found to stop!
Unable to stop service fe4a2ce6!
========== FILES ==========
C:\UsbFix_Upload_Me_SACMA.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: a.dilena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 97694571 bytes
->Java cache emptied: 32429624 bytes
->FireFox cache emptied: 101283280 bytes

User: a.dilena.SACMA
->Temp folder emptied: 754944 bytes
->Temporary Internet Files folder emptied: 10956612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58793962 bytes

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrateur.SACMA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrateur@sacma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 267173 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 161319950 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2676224 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 445,00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02242010_120616

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat moved successfully.

Registry entries deleted on Reboot...





et rapport zhpdiag: http://www.cijoint.fr/cjlink.php?file=cj201002/cij80TJyFw.txt

ComboFix 10-02-23.04 - a.dilena 24/02/2010 12:29:00.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2543 [GMT 1:00]
Lancé depuis: c:\documents and settings\a.dilena.SACMA\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\a.dilena.SACMA\Bureau\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_02E14605
-------\Legacy_02E14F77
-------\Legacy_02E4E10B
-------\Legacy_06C41312
-------\Legacy_0871C568
-------\Legacy_0A686C46
-------\Legacy_0BD71412
-------\Legacy_168A5805
-------\Legacy_22BE5DFC
-------\Legacy_2558EFDF
-------\Legacy_2CEC6D5C
-------\Legacy_32985F48
-------\Legacy_3AF8AC41
-------\Legacy_41176A70
-------\Legacy_4182C7F0
-------\Legacy_42A078BE
-------\Legacy_45F0730C
-------\Legacy_46FD06F8
-------\Legacy_4E07C02D
-------\Legacy_4F02E10B
-------\Legacy_503C58A6
-------\Legacy_50C0DB92
-------\Legacy_52DE2BA5
-------\Legacy_5893FBE0
-------\Legacy_5B520818
-------\Legacy_5C75B902
-------\Legacy_5DF8A5C4
-------\Legacy_60182955
-------\Legacy_6807C012
-------\Legacy_6977EE5C
-------\Legacy_6B7ED840
-------\Legacy_6D36A078
-------\Legacy_7046FD5F
-------\Legacy_7196FD75
-------\Legacy_74697736
-------\Legacy_750EA6C4
-------\Legacy_7E9D3366
-------\Legacy_82301787
-------\Legacy_8D96059C
-------\Legacy_910B419C
-------\Legacy_934E49D9
-------\Legacy_96FD75B9
-------\Legacy_97747437
-------\Legacy_A5746D5C
-------\Legacy_A7942E2F
-------\Legacy_ADCBD42D
-------\Legacy_B117794A
-------\Legacy_BE30F0BE
-------\Legacy_BE83E9EA
-------\Legacy_BF137BEF
-------\Legacy_BF13EC4F
-------\Legacy_C0A60511
-------\Legacy_C44217F0
-------\Legacy_D5080C85
-------\Legacy_D928882C
-------\Legacy_E03C58A6
-------\Legacy_E14F02E4
-------\Legacy_EC0E8068
-------\Legacy_EC2CEC4F
-------\Legacy_F84FA078
-------\Legacy_FA1775B9
-------\Legacy_FADA4303
-------\Legacy_FAE916A9
-------\Legacy_FAFAD6A6
-------\Legacy_FB2D700B
-------\Legacy_FCD2B7EF
-------\Legacy_FE4A2CE6


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-24 au 2010-02-24 ))))))))))))))))))))))))))))))))))))
.

2010-02-24 11:06 . 2010-02-24 11:06 -------- d-----w- C:\_OTM
2010-02-24 08:48 . 2010-02-24 09:00 -------- d-----w- c:\program files\ZHPDiag
2010-02-24 08:14 . 2010-02-24 08:33 -------- d-----w- C:\Ad-Remover
2010-02-23 17:30 . 2010-02-24 07:50 -------- d-----w- C:\UsbFix
2010-02-23 10:58 . 2010-02-23 10:58 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Application Data\Malwarebytes
2010-02-23 10:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 10:58 . 2010-02-23 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 10:58 . 2010-02-23 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 10:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 09:28 . 2010-02-23 09:28 -------- d-----w- c:\program files\CCleaner
2010-02-22 15:42 . 2010-02-22 15:42 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Application Data\Nseries
2010-02-22 15:42 . 2010-02-22 15:42 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Local Settings\Application Data\Nokia
2010-02-19 15:41 . 2010-02-19 15:42 -------- d-----w- c:\windows\BDOSCAN8
2010-02-19 15:07 . 2010-02-19 15:07 -------- d-----w- c:\program files\Enigma Software Group
2010-02-19 14:42 . 2010-02-22 14:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 14:42 . 2010-02-22 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-01 18:35 . 2010-02-01 18:35 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Application Data\STOIK
2010-02-01 18:35 . 2010-02-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-01 18:35 . 2010-02-01 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 12:44 . 2010-02-01 12:44 -------- d-----w- c:\program files\Fichiers communs\PCSuite
2010-02-01 12:43 . 2010-02-01 12:43 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-01 12:43 . 2009-10-06 10:56 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-02-01 12:43 . 2009-10-06 10:56 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-02-01 12:43 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-02-01 12:43 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-02-01 12:43 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-01 12:43 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-01 12:43 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-01 12:43 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-02-01 12:43 . 2010-02-01 12:40 34503960 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_fre.exe
2010-02-01 12:42 . 2010-02-01 12:42 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-01 12:42 . 2010-02-01 12:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-01 12:42 . 2010-02-01 12:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-01 12:42 . 2010-02-01 12:42 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 11:06 . 2004-08-24 08:38 85644 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-24 11:06 . 2004-08-24 08:38 513498 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-23 11:54 . 2009-08-28 15:18 735320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-22 16:11 . 2009-12-14 09:53 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Application Data\PC Suite
2010-02-22 16:10 . 2010-02-22 16:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-19 16:01 . 2009-04-23 13:29 -------- d-----w- c:\program files\Webtarot
2010-02-19 15:57 . 2008-07-07 07:04 -------- d-----w- c:\program files\Google
2010-02-19 13:52 . 2007-07-28 02:05 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-02-15 09:22 . 2010-02-15 09:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-02-15 09:22 . 2010-02-15 09:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-02-15 09:22 . 2009-09-08 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-15 09:05 . 2010-01-22 15:32 -------- d-----w- c:\documents and settings\a.dilena.SACMA\Application Data\Nokia
2010-02-10 15:08 . 2007-07-28 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-01 12:44 . 2009-09-08 17:36 -------- d-----w- c:\program files\Fichiers communs\Nokia
2010-02-01 12:44 . 2009-09-08 17:23 -------- d-----w- c:\program files\Nokia
2010-02-01 12:40 . 2009-09-08 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-31 16:50 . 2004-08-24 08:37 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-24 08:37 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-24 08:57 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 08:38 . 2009-09-16 13:24 104016 ----a-w- c:\documents and settings\a.dilena.SACMA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 07:09 . 2004-08-24 08:37 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:08 . 2004-08-24 08:37 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:08 . 2004-08-04 00:48 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-24 08:37 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:13 . 2004-08-24 08:37 1297920 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-08-04 00:54 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:08 . 2004-08-24 08:37 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08 . 2004-08-24 08:37 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:08 . 2004-08-24 08:37 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08 . 2004-08-04 00:54 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-10-19 323584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2009-10-19 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 BitDefender Management Agent;BitDefender Management Agent;c:\program files\Fichiers communs\BitDefender\BitDefender Management Agent\bdemagent.exe [04/06/2009 13:14 536576]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [20/02/2008 15:38 97928]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/02/2010 13:43 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/02/2010 13:43 8320]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - 4130B9FA
*Deregistered* - 4130b9fa

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-12-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 21:18]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
TCP: {AEF2CABF-2380-4877-8AA2-D6F43F9F7686} = 192.168.1.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\a.dilena.SACMA\Application Data\Mozilla\Firefox\Profiles\7iag1ekw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-02-24 12:36:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-24 11:36
ComboFix2.txt 2010-02-23 13:32

Avant-CF: 90 934 599 680 octets libres
Après-CF: 90 782 158 848 octets libres

- - End Of File - - D66D50DC1C5903B5158B3E4CA6D8B10D

http://www.cijoint.fr/cjlink.php?file=cj201002/cijlbinuux.txt