AIDEZ MOI SVP ! Hadopi est ds mon PC ! !Fermé

Question

Bonjour, 
Antivir m'avertissait que mon PC était infecté et que je refuse l'acces ou que je supprime, une nouvelle fenêtre s'ouvrait toujours. 
J'ai donc forcé pour éteindre et en rallumant, surprise : une fenêtre intitulée : VIOLATION DE DROITS D'AUTEUR, avec quelques noms de fichiers qui auraient été téléchargées depuis mon PC... 
ils me laissent deux choix : 1 : Passer au tribunal ! 
                                            2 : Arranger mon cas en ordre de preessai ( en payant) 
Bien sûr, c'est pas Sarko ! y a plusieurs langues dispos... 
 En tous les cas, je ne peux rien faire d'autre , à part ctrl, alt suppr.... 

Help 

Configuration: Windows Vista / Internet Explorer 7.0

gen-hackman · Accepted Answer

bonsoir :

cctrl + alt + supp

termine le processus : Apmanager

ensuite onglet fichier , tape : explorer et valide

ensuite tu peux utiliser les outils une fois le bureau reapparu

Utilisateur anonyme · Answer

bonjour 

sa sen l'arnaque 


Téléchargez MalwareByte's Anti-Malware       

http://www.malwarebytes.org/mbam/program/mbam-setup.exe       

. Enregistres le sur le bureau       
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.       
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour       
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte       
. Une fois la mise à jour terminé       
. Rend-toi dans l'onglet, Recherche       
. Sélectionnes Exécuter un examen complet (examen assez long)       
. Cliques sur Rechercher       
. Le scan démarre.       
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.       
. Cliques sur Ok pour poursuivre.       
. Si des malwares ont été détectés, clique sur Afficher les résultats       
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.       
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.       
. Rends toi dans l'onglet rapport/log       
. Tu cliques dessus pour l'afficher, une fois affiché       
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous       
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse       
. tu cliques droit dans le cadre de la reponse et coller       


Si tu as besoin d'aide regarde ces tutoriels :       
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/       
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

gen-hackman · Answer

dans le gestionnaire des taches , en haut à gauche , onglet fichier

selectionne nouvelle tache , tape : Explorer et valide

gen-hackman · Answer

ok on va faire autrement :

demarrer/executer , puis tapes regedit et valide

deplie tout ce qui suit et rejoins cette clé :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

clique sur Run et colonne de droite clique droit sur : ApManager.exe et supprime , ensuite redemarre ton pc

gen-hackman · Answer

si MBAM tourne c'est bon

gen-hackman · Answer

ok à lire le rapport...

gen-hackman · Answer

pas mal !!^^

xapan31 · Answer

Voilà le rapport, acec au moins une trentaine de fichiers infectés ! : 


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/04/2010 09:39:04
mbam-log-2010-04-30 (09-39-04).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|M:\|)
Elément(s) analysé(s): 245054
Temps écoulé: 1 heure(s), 35 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\armanager (Trojan.FraudTool) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Rogue.APManager) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\uninstall.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\xsocamnwer.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\stpec7af.exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\nesxmcowar.tmp (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\012345OP\stp4e89e[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\012345OP\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4LQJ0LMF\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\4LQJ0LMF\stpd32fb[1].exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\OXAB81E3\stpec7af[1].exe (Trojan.FraudTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089758.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089759.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089760.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089761.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089762.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089763.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089764.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0089765.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP464\A0093765.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\oxemwracns.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

gen-hackman · Answer

bonjour :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

&#9654 Télécharge List_Kill'em et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

&#9830 Executer Shortcut
&#9830 Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

xapan31 · Answer

Mais si je désactive  ANTIVIR], je na serai plus protégé ? Comment savoir si j'ai un parefeu ?

gen-hackman · Answer

toute facon si tu es infecté l'antivirus ne te sert a rien vu qu il ne te dit rien

xapan31 · Answer

Ok donc après il faudra trouver un anivirus qui fonctionne...

gen-hackman · Answer

https://forums.commentcamarche.net/forum/affich-17560655-aidez-moi-svp-hadopi-est-ds-mon-pc#24

xapan31 · Answer

ok!

xapan31 · Answer

J'arrive pas à le poster. Au dessus de l'encart, on me demande d'activer javascript

xapan31 · Answer

Et pourquoi, on me dit d'activer java script alors que c'est activé ! ! !

Maintenant, une fenêtre vient d'apparaître  :  


Warning! Your computer is at risk of malware attacks. 

 

 We recommend you to check your system immediately. Press OK to start the process now

Puis ça veut me faire télécharger une application...

gen-hackman · Answer

le rapport n'est pas complet

gen-hackman · Answer

ok la suite : Present !! : C:\Documents and Settings\HP_Propri'taire\Application Data\Search Settings Present !! : C:\Documents and Settings\HP_Propri'taire\Bureau\ARManager.lnk Present !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\afl.log Present !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\url.txt Present !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\WAY.gif Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\apatch.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\AskInstallChecker.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\DWPUpgradeInstaller.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Free-YouTube-to-MP3-Converter.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzmsi01.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzscr01.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\IE8-Setup-Full-XP.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Install.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\pylA4.tmp.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\setup_wm.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\utt295.tmp.exe Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpqscr01.dat Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzscr01.exe.dat Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Perflib_Perfdata_3f0.dat Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Perflib_Perfdata_7d4.dat Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\gtapi.dll Present !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\msvbvm60.dll ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Present !! : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" Present !! : "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings" Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}" Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe" Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" Present !! : "HKLM\Software\Search Settings" Present !! : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc} Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} Present !! : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440} Present !! : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Present !! : HKCR\GenericAskToolbar.ToolbarWnd Present !! : HKCR\GenericAskToolbar.ToolbarWnd.1 Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\SearchSettings.BHO Present !! : HKCR\SearchSettings.BHO.1 Present !! : HKCR\secfile Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} Present !! : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Present !! : HKCU\Software\AppDataLow\AskBarDis Present !! : HKCU\software\appdatalow\AskHomepage Present !! : HKCU\software\appdatalow\AskToolbarInfo Present !! : HKCU\Software\AppDataLow\Software\Dealio Present !! : HKCU\software\Ask.com Present !! : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Present !! : HKLM\software\classes\appid\GenericAskToolbar.DLL Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Present !! : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Present !! : HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1 Present !! : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF Present !! : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Present !! : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Present !! : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Present !! : HKLM\Software\Classes\SearchSettings.BHO Present !! : HKLM\Software\Classes\SearchSettings.BHO.1 Present !! : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Present !! : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Present !! : HKLM\Software\Dealio Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Present !! : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-30 12:20:59 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe >>UNKNOWN [0x8619BBF8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> 0x8619bbf8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] FirstRunDisabled REG_DWORD 1 (0x1) AntiVirusOverride REG_DWORD 1 (0x1) FirewallOverride REG_DWORD 1 (0x1) AntiVirusDisableNotify REG_DWORD 0 (0x0) FirewallDisableNotify REG_DWORD 0 (0x0) UpdatesDisableNotify REG_DWORD 0 (0x0) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ End of scan : 12:21:02,51

gen-hackman · Answer

&#9654 Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

&#9654 colle le contenu dans ta reponse

xapan31 · Answer

Voilà le contenu du fichier kill'em.txt : 

Kill'em by g3n-h@ckm@n 1.7.2.5 
 
User : HP_Propriétaire (Administrateurs) 
Update on 29/04/2010 by g3n-h@ckm@n ::::: 21.00
Start at: 17:31:55 | 30/04/2010

AMD Turion(tm) 64 Mobile Technology ML-34
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
AV : avast! antivirus 4.8.1169 [VPS 080329-0] 4.8.1169 [ (!) Disabled | (!) Outdated ]

C:\ -> Disque fixe local | 273,29 Go (11,28 Go free) [HP_PAVILION] | NTFS
D:\ -> Disque fixe local | 6,15 Go (634,18 Mo free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible | 1,86 Go (257,15 Mo free) [CLÉ USB] | FAT32
M:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
 
¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Program Files\Ask.com 
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js 
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js 
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\extensions\searchsettings@spigot.com 
Quarantined & Deleted !! : C:\Program Files\Search Settings 
Quarantined & Deleted !! : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} 
Quarantined & Deleted !! : C:\WINDOWS\struct~.ini 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll 
Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX 
Quarantined & Deleted !! : C:\WINDOWS\Temp\is107.tmp 
Quarantined & Deleted !! : C:\WINDOWS\Temp\is109.tmp 
Quarantined & Deleted !! : C:\WINDOWS\Temp\SEP6.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Application Data\waver_2.95.dat 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Application Data\Dealio 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Application Data\Search Settings 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Bureau\ARManager.lnk 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\afl.log 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\url.txt 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\Local Settings\Temp\WAY.gif 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\apatch.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\AskInstallChecker.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\DWPUpgradeInstaller.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Free-YouTube-to-MP3-Converter.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzmsi01.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzscr01.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\IE8-Setup-Full-XP.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Install.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\pylA4.tmp.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\setup_wm.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\utt295.tmp.exe 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpqscr01.dat 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\hpzscr01.exe.dat 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Perflib_Perfdata_3f0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\Perflib_Perfdata_7d4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\gtapi.dll 
Quarantined & Deleted !! : C:\Documents and Settings\HP_Propri'taire\LOCAL Settings\Temp\msvbvm60.dll 
 
=======
Hosts :
=======

127.0.0.1       localhost   

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings  
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}  
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"  
Deleted : "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"  
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"  
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"  
Deleted : "HKLM\Software\Search Settings"  
Deleted : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}  
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}  
Deleted : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}  
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : HKCR\GenericAskToolbar.ToolbarWnd  
Deleted : HKCR\GenericAskToolbar.ToolbarWnd.1  
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\SearchSettings.BHO  
Deleted : HKCR\SearchSettings.BHO.1  
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}  
Deleted : HKCU\Software\AppDataLow\AskBarDis  
Deleted : HKCU\software\appdatalow\AskHomepage  
Deleted : HKCU\software\appdatalow\AskToolbarInfo  
Deleted : HKCU\Software\AppDataLow\Software\Dealio  
Deleted : HKCU\software\Ask.com  
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}  
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL  
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF  
Deleted : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}  
Deleted : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}  
Deleted : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}  
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}  
Deleted : HKLM\Software\Dealio  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF  
Deleted : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}  
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.com/?gws_rd=ssl
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirstRunDisabled	REG_DWORD      	1 (0x1) 
AntiVirusOverride	REG_DWORD      	1 (0x1) 
FirewallOverride	REG_DWORD      	1 (0x1) 
AntiVirusDisableNotify	REG_DWORD      	0 (0x0) 
FirewallDisableNotify	REG_DWORD      	0 (0x0) 
UpdatesDisableNotify	REG_DWORD      	0 (0x0) 
 
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

&#9654 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

&#9654 Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis "option clean " et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

gen-hackman · Answer

no souci

xapan31 · Answer

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 30/04/10 à 18:40
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:22:32 le 30/04/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP(TM)  Service Pack 3 - X86
Nom du PC: NOM-EB85C523610
Utilisateur actuel: HP_Propriétaire
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: *Application Updater*
.
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\AskSearch
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\ASKSUTBLOG
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Del_AskHPRFF.VBS
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\HP_Propriétaire\Application Data\Dealio
C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\m0uc9fdh.default\extensions	oolbar@ask.com
C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\m0uc9fdh.default\searchplugins\ask.xml
C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\m0uc9fdh.default\searchplugins\askcom.xml
C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\FireFox\Profiles\m0uc9fdh.default\searchplugins\web-search.xml
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\AskToolbar
C:\Program Files\Application Updater
C:\Program Files\Dealio Toolbar
C:\Program Files\Mozilla FireFox\extensions\dealio@mybrowserbar.com
C:\Program Files\Viewpoint
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
.
HKCU\Software\AppDataLow\Software\Dealio
HKCU\Software\AskToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Search Settings
HKLM\Software\Application Updater
HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Freeze.com
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettingsRes409.dll
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.download.dir: C:\Documents and Settings\HP_PropriÃ©taire\Bureau
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.download.lastDir: C:\Documents and Settings\HP_PropriÃ©taire\Bureau
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.search.defaultenginename: Yahoo
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.search.defaulturl: hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.search.selectedEngine: Yahoo
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.startup.homepage: hxxp://google.fr
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
.
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.cbid", "UG");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.first-launch-url", "hxxp://www.avast.com/go.php?verb=register-home&lang=fre");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.l", "dis");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1272613483285");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.locale", "fr_FR");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.o", "15158");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.asktb.r", "2");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.enabledItems", "toolbar@ask.com:3.5.1.110,dealio@mybrowserbar.com:4.0.2,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3,illimitux@illimitux.net:3.2,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655,{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3,{5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1,{71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3,radiobar@toolbar:1.0.0,firefox@tvunetworks.com:2,5,2,2,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3");
TROUVÉ: C:\Documents and Settings\HP_Propriétaire\..\m0uc9fdh.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q={searchTerms}&crm=1");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Search_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.google.com/
Use Custom Search URL: 1
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 9404 Octet(s)
.
Fin à: 19:30:52, 30/04/2010
.
============== E.O.F - SCAN[1] ==============

gen-hackman · Answer

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant tous les utilisateurs

&#9654 règle age du fichier sur "60 jours"

&#9654 dans la moitié gauche , mets tout sur "tous"

ne modifie pas ceci : 

"fichiers créés" et "fichiers Modifiés" 

&#9654Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

xapan31 · Answer

Bonjour, 

Ci-joint le fichier OTL.Txt :

http://www.cijoint.fr/cjlink.php?file=cj201005/cijY0lJnR1.txt

Et là Extras.Txt : 

http://www.cijoint.fr/cjlink.php?file=cj201005/cij6VKdNv4.txt

gen-hackman · Answer

hello

je t avais demandé de faire le nettoyage avec AD-Remover.....:)

xapan31 · Answer

Salut !

Ce n'est pas ce que j'ai fait ci-dessus ? le 30/04 à 19h32
Ou je l'ai mal fait ?

gen-hackman · Answer

non lol ^^ :

============== ÉLÉMENT(S) TROUVÉ(S) ==============

xapan31 · Answer

Tu veux que je le refasse ?!

gen-hackman · Answer

clic sur "nettoyer" cette fois-ci ^^

xapan31 · Answer

ok c'est nettoyé !

http://www.cijoint.fr/cjlink.php?file=cj201005/cijNnFAR1c.txt

gen-hackman · Answer

bien

refais OTL du coup ;)

xapan31 · Answer

Alors on refait tout : 
Ci-joint le rapport OTL.txt

http://www.cijoint.fr/cjlink.php?file=cj201005/cijMce8qWY.txt

et extras.txt : 

 http://www.cijoint.fr/cjlink.php?file=cj201005/cij95pn75n.txt

merci

gen-hackman · Answer

&#9654 clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
F - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
O2 - BHO: (no name) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - No CLSID value found.
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll File not found
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll File not found
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O4 - HKLM..\Run: [CleanUp]  File not found
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [UUSeeMediaCenter] C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe (UUSEE)
O8 - Extra context menu item: Ê¹ÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: Ê¹ÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm ()
O9 - Extra Button: ºÜ¿ìÊÓÆµËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} -  File not found
O9 - Extra 'Tools' menuitem : ºÜ¿ìÊÓÆµËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} -  File not found
O9 - Extra Button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O37 - HKU\S-1-5-21-1836618439-4001610098-3585374981-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"LVCOMSX"=-
"QuickTime Task"
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe"=-
"C:\Program Files\Bonjour\mDNSResponder.exe"=-
"C:\Program Files\Messenger\msmsgs.exe"=-
"C:\Program Files\eMule\emule.exe"=-
"C:\Program Files\Zattoo\zattood.exe"=-
"C:\Program Files\Sipru\sipru.exe"=-
"C:\Program Files
euf Talk
euf Talk.exe"=-
"C:\Program Files\FlashGet\flashget.exe"=-
"C:\Documents and Settings\HP_Propriétaire\Bureau\U96.exe"=-
"C:\Program Files\uusee\UUSeePlayer.exe"=-
"C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}"=-
"UUSEE"=-
"UUSEE_base"=-

:Files
C:\Program Files\Fichiers communs\uusee
C:\Program Files\uusee
C:\Documents and Settings\HP_Propriétaire\Application Data\AddressBar
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager
C:\WINDOWS\struct~.ini
C:\Documents and Settings\All Users\Bureau\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk.url
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\RIiYj0K8
C:\Documents and Settings\All Users\Application Data\RIiYj0K8
C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur "Correction" pour lancer la suppression.


&#9654 Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

xapan31 · Answer

Je ne trouve pas : exécuter en tant qu'administrateur

il n' a que ! exécuter en tant que .... puis fenêtre s'ouvre : exécuter, puis fenêtre s'ouvre me demandant quel compte utilisateur je veux utiliser pour exécuter ce programme : soit 1 : l'utilisateur actuel ; soit 2 : l'utilisateur suivant.

je choisis 1 et je tombe sr la fenêtre d'ODT : mais je ne vois pas Customs Scans/Fixes

gen-hackman · Answer

heu...sous Personnalisation pardon....(c'est pour la version anglaise ^^)

gen-hackman · Answer

regarde si tu as ceci :

C:\_OTL\Moved files\la_date_et_l_heure.txt

gen-hackman · Answer

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\ ________________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur ▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix Avant d'utiliser ComboFix : ______________________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

xapan31 · Answer

ComboFix 10-05-03.01 - HP_Propriétaire 03/05/2010  21:10:25.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.958.511 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1169 [VPS 080329-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\CleanUp
c:\program files\CleanUp\Cleanup.cnt
c:\program files\CleanUp\Cleanup.exe
c:\program files\CleanUp\Cleanup.hlp
c:\program files\CleanUp\License.txt
c:\program files\CleanUp\Readme.txt
c:\program files\CleanUp\Uninst.isu
c:\program files\WindowsUpdate
c:ecycler\S-1-5-21-3140146184-1055027112-137672706-1008
c:\windows\struct~.ini
D:\Autorun.inf

Une copie infectée de c:\windows\system32\drivers\BTHidMgr.sys a été trouvée et désinfectée 
Copie restaurée à partir de - Kitty had a snack :p 
.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-03 au 2010-05-03  ))))))))))))))))))))))))))))))))))))
.

2010-05-03 14:43 . 2010-05-03 14:43	--------	d-----w-	C:\_OTL
2010-04-30 17:22 . 2010-05-03 11:40	--------	d-----w-	C:\Ad-Remover
2010-04-30 14:04 . 2010-04-30 15:31	--------	d-----w-	C:\Kill'em
2010-04-30 09:03 . 2010-04-30 16:44	--------	d-----w-	c:\program files\List_Kill'em
2010-04-29 22:38 . 2010-04-29 22:38	--------	d-----r-	c:\documents and settings\LocalService\Favoris
2010-04-29 21:40 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-04-29 21:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:39 . 2010-04-29 21:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-29 21:39 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-29 19:25 . 2008-04-13 09:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-04-29 19:25 . 2008-04-13 09:40	34688	----a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-29 19:24 . 2008-04-13 09:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-04-29 19:24 . 2008-04-13 09:41	8576	----a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-04-29 19:20 . 2008-04-13 09:41	8192	----a-w-	c:\windows\system32\drivers\changer.sys
2010-04-29 19:20 . 2008-04-13 09:41	8192	----a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-27 19:34 . 2010-04-27 19:34	755096	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-24 12:09 . 2010-05-03 09:26	--------	d-----w-	c:\program files\Fichiers communs\uusee
2010-04-24 12:09 . 2010-05-03 09:26	--------	d-----w-	c:\program files\uusee
2010-04-24 12:06 . 2010-04-24 12:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\TVU Networks
2010-04-24 12:06 . 2010-04-24 12:06	--------	d-----w-	c:\program files\TVUPlayer
2010-04-09 07:41 . 2010-04-09 07:41	--------	d-----w-	c:\program files\Bonnepaire
2010-04-09 07:37 . 2010-04-09 07:37	--------	d-----w-	C:\BZSOFT
2010-04-09 07:16 . 2010-04-09 07:16	--------	d-----w-	c:\program files\Tetris
2010-04-08 22:48 . 2010-04-08 22:48	49152	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components
prpffbrowserrecordext.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimwmp.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimswf.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimrp.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimqt.dll
2010-04-08 22:48 . 2010-04-08 22:48	40960	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hookpchromebrowserrecordhelper.dll
2010-04-08 22:48 . 2010-04-08 22:48	341600	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IEpbrowserrecordplugin.dll
2010-04-08 22:48 . 2010-04-08 22:48	308808	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Commonpmainbrowserrecordplugin.dll
2010-04-08 22:48 . 2010-04-08 22:48	14848	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
2010-04-08 12:17 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-04-03 19:34 . 2010-04-03 19:34	516480	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-03 19:34 . 2010-04-03 19:34	17632	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 17:03 . 2004-11-23 14:26	85984	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-30 17:03 . 2004-11-23 14:26	512624	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-24 17:10 . 2009-08-15 16:57	--------	d-----w-	c:\program files\TVAnts
2010-04-08 22:48 . 2006-06-20 09:15	--------	d-----w-	c:\program files\Real
2010-04-08 22:39 . 2009-09-25 23:12	--------	d-----w-	c:\program files\WinHTTrack
2010-03-10 06:16 . 2004-08-05 11:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-06 20:34 . 2010-03-06 20:34	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-03-06 20:34 . 2010-03-06 20:34	95024	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-06 20:34 . 2010-03-06 20:34	566608	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-06 20:34 . 2010-03-06 21:29	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-03-06 20:34 . 2010-03-06 20:34	1230160	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2006-09-23 15:19 . 2006-09-23 15:19	7168	--sha-w-	c:\program files\Thumbs.db
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2010-04-08 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\TVAnts\Tvants.exe"=
"c:\Program Files\BitTorrent\bittorrent.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\adslTV\adsltv.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Pvm\Piano virtuel midi.exe"=
"c:\Program Files\TVUPlayer\TVUPlayer.exe"=
"c:\Program Files\uusee\UUSeePlayer.exe"=
"c:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/03/2010 22:34 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/04/2008 02:55 75856]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/08/2009 02:12 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 02:55 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17:52 1284840]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [20/06/2006 11:00 468768]
S2 gupdate1ca1e7bfea441ce;Service Google Update (gupdate1ca1e7bfea441ce);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2009 16:15 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 20:00 243056]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/10/2007 23:13 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:34]

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16 19:53]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:15]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:15]

2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1836618439-4001610098-3585374981-1008.job
- c:\program files\Real\RealUpgradeealupgrade.exe [2010-02-24 20:09]

2010-04-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1836618439-4001610098-3585374981-1008.job
- c:\program files\Real\RealUpgradeealupgrade.exe [2010-02-24 20:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ê¹ÓÃUUSee¼ÓËÙ²¥·Å - c:\program files\uusee\geturltoplay.htm
IE: Ê¹ÓÃUUSeeÏÂÔØ - c:\program files\uusee\geturltodown.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
IE: {{998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe
Trusted Zone: justin.tv\fr
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\m0uc9fdh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\m0uc9fdh.default\extensionsadiobar@toolbar\components	oolbarhomewmp.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player
pdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542
pCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\VLCessaitvsurpc\VLC
pvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
.txt=
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 21:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-05-03  21:21:57
ComboFix-quarantined-files.txt  2010-05-03 19:21

Avant-CF: 17 020 497 920 octets libres
Après-CF: 20 504 047 616 octets libres

- - End Of File - - 580B2627A49FA6D46BC41C7EC3660DBD

xapan31 · Answer

ComboFix 10-05-03.01 - HP_Propriétaire 03/05/2010  21:10:25.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.958.511 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1169 [VPS 080329-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\CleanUp
c:\program files\CleanUp\Cleanup.cnt
c:\program files\CleanUp\Cleanup.exe
c:\program files\CleanUp\Cleanup.hlp
c:\program files\CleanUp\License.txt
c:\program files\CleanUp\Readme.txt
c:\program files\CleanUp\Uninst.isu
c:\program files\WindowsUpdate
c:ecycler\S-1-5-21-3140146184-1055027112-137672706-1008
c:\windows\struct~.ini
D:\Autorun.inf

Une copie infectée de c:\windows\system32\drivers\BTHidMgr.sys a été trouvée et désinfectée 
Copie restaurée à partir de - Kitty had a snack :p 
.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-03 au 2010-05-03  ))))))))))))))))))))))))))))))))))))
.

2010-05-03 14:43 . 2010-05-03 14:43	--------	d-----w-	C:\_OTL
2010-04-30 17:22 . 2010-05-03 11:40	--------	d-----w-	C:\Ad-Remover
2010-04-30 14:04 . 2010-04-30 15:31	--------	d-----w-	C:\Kill'em
2010-04-30 09:03 . 2010-04-30 16:44	--------	d-----w-	c:\program files\List_Kill'em
2010-04-29 22:38 . 2010-04-29 22:38	--------	d-----r-	c:\documents and settings\LocalService\Favoris
2010-04-29 21:40 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39 . 2010-04-29 21:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:39 . 2010-04-29 21:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-29 21:39 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-29 19:25 . 2008-04-13 09:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-04-29 19:25 . 2008-04-13 09:40	34688	----a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-29 19:24 . 2008-04-13 09:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-04-29 19:24 . 2008-04-13 09:41	8576	----a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-04-29 19:20 . 2008-04-13 09:41	8192	----a-w-	c:\windows\system32\drivers\changer.sys
2010-04-29 19:20 . 2008-04-13 09:41	8192	----a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-27 19:34 . 2010-04-27 19:34	755096	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-24 12:09 . 2010-05-03 09:26	--------	d-----w-	c:\program files\Fichiers communs\uusee
2010-04-24 12:09 . 2010-05-03 09:26	--------	d-----w-	c:\program files\uusee
2010-04-24 12:06 . 2010-04-24 12:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\TVU Networks
2010-04-24 12:06 . 2010-04-24 12:06	--------	d-----w-	c:\program files\TVUPlayer
2010-04-09 07:41 . 2010-04-09 07:41	--------	d-----w-	c:\program files\Bonnepaire
2010-04-09 07:37 . 2010-04-09 07:37	--------	d-----w-	C:\BZSOFT
2010-04-09 07:16 . 2010-04-09 07:16	--------	d-----w-	c:\program files\Tetris
2010-04-08 22:48 . 2010-04-08 22:48	49152	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components
prpffbrowserrecordext.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimwmp.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimswf.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimrp.dll
2010-04-08 22:48 . 2010-04-08 22:48	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShimspnpshimqt.dll
2010-04-08 22:48 . 2010-04-08 22:48	40960	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hookpchromebrowserrecordhelper.dll
2010-04-08 22:48 . 2010-04-08 22:48	341600	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IEpbrowserrecordplugin.dll
2010-04-08 22:48 . 2010-04-08 22:48	308808	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Commonpmainbrowserrecordplugin.dll
2010-04-08 22:48 . 2010-04-08 22:48	14848	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
2010-04-08 12:17 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-04-03 19:34 . 2010-04-03 19:34	516480	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerAddin.dll
2010-04-03 19:34 . 2010-04-03 19:34	17632	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 17:03 . 2004-11-23 14:26	85984	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-30 17:03 . 2004-11-23 14:26	512624	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-24 17:10 . 2009-08-15 16:57	--------	d-----w-	c:\program files\TVAnts
2010-04-08 22:48 . 2006-06-20 09:15	--------	d-----w-	c:\program files\Real
2010-04-08 22:39 . 2009-09-25 23:12	--------	d-----w-	c:\program files\WinHTTrack
2010-03-10 06:16 . 2004-08-05 11:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-06 20:34 . 2010-03-06 20:34	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-03-06 20:34 . 2010-03-06 20:34	95024	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-06 20:34 . 2010-03-06 20:34	566608	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-06 20:34 . 2010-03-06 21:29	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-03-06 20:34 . 2010-03-06 20:34	1230160	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2006-09-23 15:19 . 2006-09-23 15:19	7168	--sha-w-	c:\program files\Thumbs.db
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2010-04-08 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\TVAnts\Tvants.exe"=
"c:\Program Files\BitTorrent\bittorrent.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\adslTV\adsltv.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Pvm\Piano virtuel midi.exe"=
"c:\Program Files\TVUPlayer\TVUPlayer.exe"=
"c:\Program Files\uusee\UUSeePlayer.exe"=
"c:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/03/2010 22:34 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/04/2008 02:55 75856]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/08/2009 02:12 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 02:55 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17:52 1284840]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [20/06/2006 11:00 468768]
S2 gupdate1ca1e7bfea441ce;Service Google Update (gupdate1ca1e7bfea441ce);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2009 16:15 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 20:00 243056]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/10/2007 23:13 642560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:34]

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16 19:53]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:15]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 14:15]

2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1836618439-4001610098-3585374981-1008.job
- c:\program files\Real\RealUpgradeealupgrade.exe [2010-02-24 20:09]

2010-04-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1836618439-4001610098-3585374981-1008.job
- c:\program files\Real\RealUpgradeealupgrade.exe [2010-02-24 20:09]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ê¹ÓÃUUSee¼ÓËÙ²¥·Å - c:\program files\uusee\geturltoplay.htm
IE: Ê¹ÓÃUUSeeÏÂÔØ - c:\program files\uusee\geturltodown.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel
IE: {{998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe
Trusted Zone: justin.tv\fr
FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\m0uc9fdh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\m0uc9fdh.default\extensionsadiobar@toolbar\components	oolbarhomewmp.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player
pdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542
pCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\VLCessaitvsurpc\VLC
pvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associations de fichier -------
.
.txt=
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 21:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-05-03  21:21:57
ComboFix-quarantined-files.txt  2010-05-03 19:21

Avant-CF: 17 020 497 920 octets libres
Après-CF: 20 504 047 616 octets libres

- - End Of File - - 580B2627A49FA6D46BC41C7EC3660DBD

xapan31 · Answer

Voilà le rapport de combofix : 

http://www.cijoint.fr/cjlink.php?file=cj201005/cijW5r5kr0.txt

gen-hackman · Answer

tu peux mettre Malwarebytes à jour et refaire un scan complet stp ?

xapan31 · Answer

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4063

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/05/2010 01:07:48
mbam-log-2010-05-04 (01-07-48).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 239781
Temps écoulé: 1 heure(s), 33 minute(s), 56 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages (Rogue.ARManager) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\apmanager.exe (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP466\A0095287.exe (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\files (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\settings.ini (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\wallpaper.jpg (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Czech.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Danish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Dutch.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\English.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\French.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\German.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Italian.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Portuguese.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Slovak.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages\Spanish.lng (Rogue.ARManager) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Application Data\ARManager\languages	emplate.lng (Rogue.ARManager) -> Quarantined and deleted successfully.

gen-hackman · Answer

tu as la possibilité de desinstaller ceci :?

c:\program files\uusee

xapan31 · Answer

c:\program files\uusee  désinstallé

gen-hackman · Answer

il etait à toi ce programme ?

gen-hackman · Answer

ok ben moyen le programme hein !!

des soucis persistants ?

si oui précise bien

gen-hackman · Answer

et tu as redemarré depuis ?

gen-hackman · Answer

refais OTL stp ?

xapan31 · Answer

OTL : http://www.cijoint.fr/cjlink.php?file=cj201005/cijnqfmLHn.txt

Extra : http://www.cijoint.fr/cjlink.php?file=cj201005/cijqSyj2mk.txt

gen-hackman · Answer

? clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer. 


?Copie la liste qui se trouve en gras ci-dessous, 

? colle-la dans la zone sous Personnalisation : 

 
:processes 
explorer.exe 
iexplore.exe 
firefox.exe 
msnmsgr.exe 
Teatimer.exe 

:OTL 
O2 - BHO: (no name) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - No CLSID value found. 
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found. 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll File not found 
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. 
O4 - HKLM..\Run: [UUSeeMediaCenter] C:\PROGRA~1\FICHIE~1\uusee\UUSeeMediaCenter.exe File not found 

:files 
C:\Program Files\Fichiers communs\uusee 
C:\Documents and Settings\HP_Propriétaire\Application Data\AddressBar 
C:\Program Files\uusee 
C:\Documents and Settings\All Users\Bureau\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk.url 
C:\WINDOWS\struct~.ini 
C:\Documents and Settings\All Users\Application Data\RIiYj0K8 
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\RIiYj0K8 
C:\Documents and Settings\All Users\Bureau\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk.url 


:commands 
[emptytemp] 
[start explorer] 
[reboot] 


? Clique sur "Correction" pour lancer la suppression. 


? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage. 

?G3?-?@¢??@?(TM)©®?

AIDEZ MOI SVP ! Hadopi est ds mon PC ! !

51 réponses

Newsletters