Probleme de virus Win32 !!

Résolu
Alice -  
 Alice -
Bonjour.... Depuis ce matin, lorsque j'allume mon ordi, j'ai une énorme fenêtre "YOUR SYSTEM IS INFECTED" qui apparait...
J'ai fais un scan avast qui m'a trouvé tout plein de virus de type "Win32 malware gen"
Avast les a mis en quarantaine, mais des que je refais un scan, ils sont de nouveaux là...
J'ai vu quelque part qu'il fallait télécharger Hijackthis, je l'ai fais, j'ai fais un scan, j'ai le rapport, mais je n'y comprends vraiment rien.... Si quelqu'un peut m'aider, je lui en serait TRÈS TRÈS TRÈS reconnaissante...

39 réponses

  • 1
  • 2
Résumé de la discussion

Une alerte YOUR SYSTEM IS INFECTED s'affiche au démarrage et Avast détecte des Win32 malware gen qui réapparaissent après chaque balayage, et l'utilisateur ne comprend pas le rapport HijackThis. Plusieurs conseils visent à éliminer les barres d'outils malveillantes et à prévenir leur réinstallation, notamment désinstaller les toolbars indésirables, puis utiliser Ad-Remover sur le bureau et suivre le nettoyage jusqu'au rapport. En parallèle, l'échange évoque Kill'em pour produire des rapports et suggère des mesures de maintenance comme Malwarebytes, mises à jour système et logiciels, sauvegardes externes, et prudence avec les téléchargements et le P2P. Des recommandations complémentaires insistent enfin sur l'usage d'extensions de sécurité et sur le changement des mots de passe, tout en rappelant d'éviter EoRezo et les téléchargements suspects.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonsoir
    pourrai tu poster le rapport
    0
  2. Alice
     
    Voilà le rapport

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:51:06, on 02/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [syncman] c:\windows\system32\wuaucldt.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [syncman] c:\documents and settings\hp_administrateur\wuaucldt.exe
    O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.buy-security-essentials.com
    O15 - Trusted Zone: http://*.download-soft-package.com
    O15 - Trusted Zone: http://*.download-software-package.com
    O15 - Trusted Zone: http://*.get-key-se10.com
    O15 - Trusted Zone: http://*.is-software-download.com
    O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
    O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O18 - Protocol: bw+0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {2F6CF6BA-808C-44B3-BE2C-9DB7239912C8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  3. Utilisateur anonyme
     
    Télécharge malwarebytes' anti-malware
    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
    Enregistre le sur le bureau
    Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
    Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    Il va se mettre à jour une fois faite
    Va dans l'onglet recherche
    Sélectionne exécuter un examen complet
    Clique sur rechercher
    Le scan démarre
    A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
    Clique sur afficher les résultats pour afficher les objets trouvés
    Clique sur OK pour pousuivre
    Si des malwares ont été détectés, cliquer sur afficher les résultats
    Sélectionne tout (ou laisser coché)
    Clique sur supprimer la sélection
    Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
    copie dans la quarantaine
    Malewarebytes va ouvrir le bloc-note et y copier le rapport
    Redémarre le PC
    Une fois redémarré, double-clique sur Malewarebytes
    Va dans l'onglet rapport/log
    Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
    bloc-note puis sur sélectionner tout
    Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
    Clic droit dans le cadre de la réponse et coller
    0
  4. Alice
     
    Voilà, j'ai fais tout ce que tu m'a dis, désolé ca a pris beaucoup de temps...

    et voici le rapport malwarebytes:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Version de la base de données: 4060

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    03/05/2010 01:29:01
    mbam-log-2010-05-03 (01-29-01).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 251055
    Temps écoulé: 1 heure(s), 33 minute(s), 12 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 9
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP399\A0052014.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP399\A0052015.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP399\A0052016.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP505\A0069617.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\41.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ES15.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\gfvzsv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4UJFAWQ5\firewall[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RRRP1AGV\SetupSE2010[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\CA.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Alice
     
    Bonjour;

    As tu compris le rapport ? ce matin, j'ai refais un scan avast, et 5 menaces ont été trouvées ... toujours win32, malwares et rootkits... J'attends ta reponse, hier c'était très clair, je t'en en remercie.
    0
  7. Utilisateur anonyme
     
    Bonjour
    C:\WINDOWS\Temp\CA.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    Tu as un rootkit TDSS, qu'il va falloir éradiquer

    Attention, cet outil n'est pas à utiliser à la légère, et doit
    être recommandé que par une personne formée à cet outil

    Imprime la procédure

    Télécharge ComboFix de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    tutoriel pour bien utiliser l'outil
    http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

    /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
    ---> Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
    Surtout, accepte d'installer la console de récupération
    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  8. Alice
     
    Alors, tout ne s'est pas déroulé comme tu m'avais indiqué... dés que j'ai telechargé combofix, il s'est installé et s'est "emballé" tout seul, je n'ai cliqué sur rien, il a redemarré plusieurs fois, il n'y a pas eu le message pour la console de recuperation... Bref, il a tout de meme effectué un "autoscan" et voici le rapport:

    ComboFix 10-05-02.03 - HP_Administrateur 03/05/2010 15:51:33.1.2 - x86
    Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\Téléchargements\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\jna8309575987874914522.tmp
    c:\documents and settings\HP_Administrateur\Local Settings\Temp\IadHide5.dll
    c:\documents and settings\HP_Administrateur\Local Settings\Temp\jna8309575987874914522.tmp
    c:\program files\WindowsUpdate
    c:\windows\system32\fjhdyfhsn.bat
    D:\Autorun.inf

    Une copie infectée de c:\windows\system32\drivers\afd.sys a été trouvée et désinfectée
    Copie restaurée à partir de - Kitty had a snack :p
    c:\windows\system32\drivers\cdrom.sys était absent
    Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\cdrom.sys

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-03 au 2010-05-03 ))))))))))))))))))))))))))))))))))))
    .

    2010-05-03 14:04 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-05-02 21:28 . 2010-05-02 21:28 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
    2010-05-02 21:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-02 21:26 . 2010-05-02 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-02 21:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-02 21:26 . 2010-05-02 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-02 20:21 . 2010-05-02 20:21 -------- d-----w- c:\program files\Trend Micro
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
    2010-05-01 21:32 . 2010-05-01 10:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2010-05-01 10:13 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-05-01 10:13 . 2010-05-01 10:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-01 10:09 . 2010-05-01 10:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
    2010-05-01 10:09 . 2010-05-01 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-01 10:04 . 2010-05-01 10:04 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-28 04:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-04-25 15:33 . 2010-04-25 15:53 128347 ----a-w- c:\windows\hpoins11.dat
    2010-04-25 15:26 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
    2010-04-25 15:25 . 2006-05-05 23:17 11634 ----a-w- c:\windows\hpomdl11.dat
    2010-04-21 05:10 . 2009-08-13 15:20 512000 ------w- c:\windows\system32\dllcache\jscript.dll
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr-fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\l2schemas
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\bits
    2010-04-20 13:05 . 2010-04-20 13:05 -------- d-----w- c:\windows\system32\FRA
    2010-04-20 13:05 . 2006-03-09 06:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
    2010-04-20 12:59 . 2010-04-20 13:07 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
    2010-04-09 15:54 . 2010-04-09 15:55 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 14:10 . 2010-02-19 20:27 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\LimeWire
    2010-05-02 11:04 . 2010-05-02 11:04 0 ----a-w- c:\windows\system32\drivers\aec.sys.bak
    2010-05-01 22:03 . 2010-05-01 22:03 16 ----a-w- c:\documents and settings\LocalService\Application Data\wzmjhy.dat
    2010-05-01 10:10 . 2006-04-01 16:00 -------- d-----w- c:\program files\Lavasoft
    2010-04-30 22:10 . 2010-04-30 22:10 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wzmjhy.dat
    2010-04-29 11:45 . 2010-02-19 20:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Intelli-studio
    2010-04-25 15:45 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\HP
    2010-04-25 15:45 . 2005-01-02 04:45 -------- d-----w- c:\program files\HP
    2010-04-25 15:41 . 2005-01-02 04:56 -------- d-----w- c:\program files\Hewlett-Packard
    2010-04-20 15:01 . 2006-04-01 17:45 79208 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 14:03 . 2005-10-10 19:39 64484 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-20 14:03 . 2005-10-10 19:39 446566 ----a-w- c:\windows\system32\perfh00C.dat
    2010-04-20 13:22 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared
    2010-04-14 16:47 . 2010-02-19 09:30 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-14 16:47 . 2010-02-19 09:30 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-14 16:35 . 2010-02-19 09:30 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-14 16:35 . 2010-02-19 09:30 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-14 16:31 . 2010-02-19 09:30 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-14 16:31 . 2010-02-19 09:30 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-14 16:31 . 2010-02-19 09:30 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-14 16:31 . 2010-02-19 09:30 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-14 16:30 . 2010-02-19 09:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-14 14:30 . 2005-01-02 05:08 -------- d-----w- c:\program files\Google
    2010-04-02 11:18 . 2006-04-01 15:34 -------- d-----w- c:\program files\Firefox
    2010-03-09 11:10 . 2004-08-10 19:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-26 05:42 . 2004-08-10 19:00 671232 ----a-w- c:\windows\system32\wininet.dll
    2010-02-26 05:42 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-19 20:24 . 2010-02-19 20:24 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-16 19:06 . 2004-08-10 19:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:06 . 2004-08-10 19:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-05-19 36864]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus1.exe" [2006-04-22 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 180269]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\HP_Administrateur\Menu D'marrer\Programmes\D'marrage\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    Barre d''tat systSme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-2 57344]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-19 196608]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27/07/2006 19:16 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27/07/2006 19:16 5248]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 12:13 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2010 11:30 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2010 11:30 19024]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 11:03 1285864]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2005 06:41 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2005 06:40 468768]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2010 19:12 135664]
    S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02/01/2005 06:40 449920]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/02/2007 17:21 682232]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 10:12]

    2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

    2010-05-02 c:\windows\Tasks\WebReg psc C3100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 03:09]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.ustart.org
    mStart Page = hxxp://www.ustart.org
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\akl7iuwj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
    AddRemove-Works2005Setup - c:\program files\Microsoft Works Suite 2005\Setup\Launcher.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 16:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DIOB.tmp

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(976)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(4784)
    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-05-03 16:24:32 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-05-03 14:24

    Avant-CF: 177 899 614 208 octets libres
    Après-CF: 179 869 925 376 octets libres

    Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=,1,2,4,5
    - - End Of File - - 716F769B02EFD1EACD57C3AD3938CBF8
    0
  9. Utilisateur anonyme
     
    ComboFix a fait déjà du bon travail
    il a remplacé un fichier patché, et restauré un autre fichier qui était manquant
    Effectivement, y'a du rootkit, il reste des traces à nettoyer avec une manip spéciale que je dois préparer

    J'ai oublié de te dire de vider la quarantaine de Malwarebytes qui avait
    trouvé tout un pannel de nuisibles
    0
  10. Utilisateur anonyme
     
    Attention, ce script a été spécialement conçu pour Alice. Il ne faut
    en aucun cas le transporter sur un autre ordinateur, ce qui pourrai l'endommager

    Surtout, garde tes protections désactivées, sinon, désactive les

    Ouvre le bloc-notes, et copie/colle dans le bloc-note ce qui est en gras ci-dessous:

    KillAll::

    File::
    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DIOB.tmp
    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll


    Enregistre ce fichier sur ton bureau et pas ailleurs sous le nom de CFScript.txt
    Quitte le bloc-notes
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
    comme ceci
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
    0
  11. Alice
     
    Merci encore pour ton aide.

    Voici le rapport:

    ComboFix 10-05-02.03 - HP_Administrateur 04/05/2010 4:18.2.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.229 [GMT 2:00]
    Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-04 au 2010-05-04 ))))))))))))))))))))))))))))))))))))
    .

    2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Help
    2010-05-03 16:33 . 2010-05-03 16:33 -------- d-----w- c:\program files\Sophos
    2010-05-03 14:04 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-05-03 14:04 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
    2010-05-02 21:28 . 2010-05-02 21:28 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
    2010-05-02 21:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-02 21:26 . 2010-05-02 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-02 21:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-02 21:26 . 2010-05-02 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-02 20:21 . 2010-05-02 20:21 -------- d-----w- c:\program files\Trend Micro
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
    2010-05-01 21:32 . 2010-05-01 10:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2010-05-01 10:13 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-05-01 10:13 . 2010-05-01 10:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-01 10:09 . 2010-05-01 10:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
    2010-05-01 10:09 . 2010-05-01 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-01 10:04 . 2010-05-01 10:04 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-28 04:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-04-25 15:33 . 2010-04-25 15:53 128347 ----a-w- c:\windows\hpoins11.dat
    2010-04-25 15:26 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
    2010-04-25 15:25 . 2006-05-05 23:17 11634 ----a-w- c:\windows\hpomdl11.dat
    2010-04-21 05:10 . 2009-08-13 15:20 512000 ------w- c:\windows\system32\dllcache\jscript.dll
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr-fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\l2schemas
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\bits
    2010-04-20 13:05 . 2010-04-20 13:05 -------- d-----w- c:\windows\system32\FRA
    2010-04-20 13:05 . 2006-03-09 06:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
    2010-04-20 12:59 . 2010-04-20 13:07 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
    2010-04-09 15:54 . 2010-04-09 15:55 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-04 02:28 . 2010-02-19 20:27 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\LimeWire
    2010-05-02 11:04 . 2010-05-02 11:04 0 ----a-w- c:\windows\system32\drivers\aec.sys.bak
    2010-05-01 22:03 . 2010-05-01 22:03 16 ----a-w- c:\documents and settings\LocalService\Application Data\wzmjhy.dat
    2010-05-01 10:10 . 2006-04-01 16:00 -------- d-----w- c:\program files\Lavasoft
    2010-04-30 22:10 . 2010-04-30 22:10 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wzmjhy.dat
    2010-04-29 11:45 . 2010-02-19 20:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Intelli-studio
    2010-04-25 15:45 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\HP
    2010-04-25 15:45 . 2005-01-02 04:45 -------- d-----w- c:\program files\HP
    2010-04-25 15:41 . 2005-01-02 04:56 -------- d-----w- c:\program files\Hewlett-Packard
    2010-04-20 15:01 . 2006-04-01 17:45 79208 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 14:03 . 2005-10-10 19:39 64484 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-20 14:03 . 2005-10-10 19:39 446566 ----a-w- c:\windows\system32\perfh00C.dat
    2010-04-20 13:22 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared
    2010-04-14 16:47 . 2010-02-19 09:30 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-14 16:47 . 2010-02-19 09:30 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-14 16:35 . 2010-02-19 09:30 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-14 16:35 . 2010-02-19 09:30 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-14 16:31 . 2010-02-19 09:30 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-14 16:31 . 2010-02-19 09:30 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-14 16:31 . 2010-02-19 09:30 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-14 16:31 . 2010-02-19 09:30 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-14 16:30 . 2010-02-19 09:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-14 14:30 . 2005-01-02 05:08 -------- d-----w- c:\program files\Google
    2010-04-02 11:18 . 2006-04-01 15:34 -------- d-----w- c:\program files\Firefox
    2010-03-09 11:10 . 2004-08-10 19:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-26 05:42 . 2004-08-10 19:00 671232 ----a-w- c:\windows\system32\wininet.dll
    2010-02-26 05:42 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-19 20:24 . 2010-02-19 20:24 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-16 19:06 . 2004-08-10 19:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:06 . 2004-08-10 19:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-05-19 36864]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus1.exe" [2006-04-22 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 180269]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\HP_Administrateur\Menu D'marrer\Programmes\D'marrage\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    Barre d''tat systSme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-2 57344]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-19 196608]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27/07/2006 19:16 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27/07/2006 19:16 5248]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 12:13 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2010 11:30 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2010 11:30 19024]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 11:03 1285864]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2005 06:41 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2005 06:40 468768]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2010 19:12 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [02/05/2010 23:27 38224]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\52.tmp --> c:\windows\system32\52.tmp [?]
    S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02/01/2005 06:40 449920]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/02/2007 17:21 682232]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 10:12]

    2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

    2010-05-02 c:\windows\Tasks\WebReg psc C3100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 03:09]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.ustart.org
    mStart Page = hxxp://www.ustart.org
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\akl7iuwj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-04 04:28
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\52.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(972)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(5404)
    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-05-04 04:39:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-05-04 02:39
    ComboFix2.txt 2010-05-03 14:24

    Avant-CF: 183 666 581 504 octets libres
    Après-CF: 183 675 232 256 octets libres

    Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=,1,2,4,5
    - - End Of File - - FA4AB083D6E8C65E7A639BBBD9A52996
    0
  12. Utilisateur anonyme
     
    Bonjour
    Tu vas recommencer

    Télécharge CFScript.zip sur ton bureau
    http://sd-1.archive-host.com/membres/up/203669918515832581/CFScript.zip

    Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination

    * Un fichier CFScript.txt se trouve à l'intérieur et se place sur le Bureau.
    * Surtout, garde tes protections désactivées, sinon, désactive les
    * Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
    comme ceci
    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
    0
  13. Alice
     
    Voilà le second rapport comme tu m'a demandé.

    ComboFix 10-05-02.03 - HP_Administrateur 04/05/2010 17:20:38.3.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.247 [GMT 2:00]
    Lancé depuis: c:\documents and settings\HP_Administrateur\Mes documents\Téléchargements\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DIOB.tmp"
    "c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-04 au 2010-05-04 ))))))))))))))))))))))))))))))))))))
    .

    2010-05-03 17:16 . 2010-05-03 17:16 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Help
    2010-05-03 16:33 . 2010-05-03 16:33 -------- d-----w- c:\program files\Sophos
    2010-05-03 14:04 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-05-03 14:04 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
    2010-05-02 21:28 . 2010-05-02 21:28 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
    2010-05-02 21:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-02 21:26 . 2010-05-02 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-02 21:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-02 21:26 . 2010-05-02 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-02 20:21 . 2010-05-02 20:21 -------- d-----w- c:\program files\Trend Micro
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-05-02 09:55 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
    2010-05-01 21:32 . 2010-05-01 10:12 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2010-05-01 10:13 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-05-01 10:13 . 2010-05-01 10:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-01 10:09 . 2010-05-01 10:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
    2010-05-01 10:09 . 2010-05-01 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-01 10:04 . 2010-05-01 10:04 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-04-28 04:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-04-25 15:33 . 2010-04-25 15:53 128347 ----a-w- c:\windows\hpoins11.dat
    2010-04-25 15:26 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
    2010-04-25 15:26 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
    2010-04-25 15:25 . 2006-05-05 23:17 11634 ----a-w- c:\windows\hpomdl11.dat
    2010-04-21 05:10 . 2009-08-13 15:20 512000 ------w- c:\windows\system32\dllcache\jscript.dll
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr-fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\l2schemas
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\fr
    2010-04-20 13:35 . 2010-04-20 13:35 -------- d-----w- c:\windows\system32\bits
    2010-04-20 13:05 . 2010-04-20 13:05 -------- d-----w- c:\windows\system32\FRA
    2010-04-20 13:05 . 2006-03-09 06:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe
    2010-04-20 12:59 . 2010-04-20 13:07 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\U3
    2010-04-09 15:54 . 2010-04-09 15:55 -------- d-----w- c:\program files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-04 15:31 . 2010-02-19 20:27 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\LimeWire
    2010-05-02 11:04 . 2010-05-02 11:04 0 ----a-w- c:\windows\system32\drivers\aec.sys.bak
    2010-05-01 22:03 . 2010-05-01 22:03 16 ----a-w- c:\documents and settings\LocalService\Application Data\wzmjhy.dat
    2010-05-01 10:10 . 2006-04-01 16:00 -------- d-----w- c:\program files\Lavasoft
    2010-04-30 22:10 . 2010-04-30 22:10 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wzmjhy.dat
    2010-04-29 11:45 . 2010-02-19 20:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Intelli-studio
    2010-04-25 15:45 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\HP
    2010-04-25 15:45 . 2005-01-02 04:45 -------- d-----w- c:\program files\HP
    2010-04-25 15:41 . 2005-01-02 04:56 -------- d-----w- c:\program files\Hewlett-Packard
    2010-04-20 15:01 . 2006-04-01 17:45 79208 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 14:03 . 2005-10-10 19:39 64484 ----a-w- c:\windows\system32\perfc00C.dat
    2010-04-20 14:03 . 2005-10-10 19:39 446566 ----a-w- c:\windows\system32\perfh00C.dat
    2010-04-20 13:22 . 2005-01-02 04:46 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared
    2010-04-14 16:47 . 2010-02-19 09:30 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-14 16:47 . 2010-02-19 09:30 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-14 16:35 . 2010-02-19 09:30 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-04-14 16:35 . 2010-02-19 09:30 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-14 16:31 . 2010-02-19 09:30 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-14 16:31 . 2010-02-19 09:30 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-14 16:31 . 2010-02-19 09:30 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-14 16:31 . 2010-02-19 09:30 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-14 16:30 . 2010-02-19 09:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-14 14:30 . 2005-01-02 05:08 -------- d-----w- c:\program files\Google
    2010-04-02 11:18 . 2006-04-01 15:34 -------- d-----w- c:\program files\Firefox
    2010-03-09 11:10 . 2004-08-10 19:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-26 05:42 . 2004-08-10 19:00 671232 ----a-w- c:\windows\system32\wininet.dll
    2010-02-26 05:42 . 2004-08-10 19:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-02-24 13:11 . 2004-08-10 19:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-19 20:24 . 2010-02-19 20:24 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-16 19:06 . 2004-08-10 19:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:06 . 2004-08-10 19:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:34 . 2004-08-10 19:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-10 19:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-05-19 36864]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus1.exe" [2006-04-22 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-19 149280]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 180269]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
    "SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    c:\documents and settings\HP_Administrateur\Menu D'marrer\Programmes\D'marrage\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    Barre d''tat systSme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-2 57344]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-19 196608]

    c:\documents and settings\Default User\Menu D'marrer\Programmes\D'marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [27/07/2006 19:16 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [27/07/2006 19:16 5248]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 12:13 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/02/2010 11:30 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/02/2010 11:30 19024]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 11:03 1285864]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2005 06:41 2799488]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2005 06:40 468768]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2010 19:12 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [02/05/2010 23:27 38224]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\52.tmp --> c:\windows\system32\52.tmp [?]
    S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [02/01/2005 06:40 449920]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/02/2007 17:21 682232]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 10:12]

    2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 17:12]

    2010-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

    2010-05-02 c:\windows\Tasks\WebReg psc C3100 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 03:09]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.ustart.org
    mStart Page = hxxp://www.ustart.org
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\akl7iuwj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - plugin: c:\program files\Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
    c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-04 17:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\52.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(972)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(5640)
    c:\windows\system32\eappprxy.dll
    c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-05-04 17:43:22 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-05-04 15:43
    ComboFix2.txt 2010-05-04 02:39
    ComboFix3.txt 2010-05-03 14:24

    Avant-CF: 183 605 329 920 octets libres
    Après-CF: 183 613 485 056 octets libres

    Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=,1,2,4,5
    - - End Of File - - E5DA484D1B83D14833AD5B013E85BAC4
    0
  14. Utilisateur anonyme
     
    Tu as une toolbar néfaste Ask
    Les toolbars ne servent à rien. Certaines sont néfastes et espionnent ta navigation
    Certaines sont inutiles, elles ne font qu'alourdir la navigation
    Soit vigilent lorsque tu installes ou met à jour un logiciel gratuit
    Lit bien les instructions, et décoche la case sur les suppléments qu'on te propose
    telle que les barres d'outil comme Ask, Kiwee, Search Setting, Crawler, Daemon
    (à ne pas confondre avec le logiciel Daemon), Dealio, VMN, Fast Browser Search qui sont les plus fréquentes et néfastes
    Les toolbars, c'est pas obligatoire
    Je vais te donner ceci en passant, c'est à lire
    https://forum.malekal.com/viewtopic.php?f=45&t=6173

    Télécharge Ad-Remover sur ton bureau:
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
    https://www.androidworld.fr/

    /!\ Ferme toutes tes applications ouvertes. /!\

    Double clique sur le fichier que tu viens de télécharger, à l'écran qui apparait, clique sur Nettoyer.
    Laisse travailler l'outil.
    Poste le rapport qui s'affiche à l'écran quand l'analyse est terminée.
    Il est sauvegardé dans C:\Ad-Remover-CLEAN[1].txt
    0
  15. Alice
     
    Merci pour tout tes conseils. Penses tu que mon P.C est "sain", en tout cas, plus qu'il ne l'était au debut ?

    Voilà le rapport ad remover:

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 01/05/10 à 19:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 22:08:50 le 04/05/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
    Nom du PC: ATTI
    Utilisateur actuel: HP_Administrateur
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\akl7iuwj.default\extensions\toolbar@ask.com
    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\AskToolbar
    C:\Program Files\Ask.com
    C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\AppDataLow\AskToolbarInfo
    HKCU\Software\Ask.com
    HKCU\Software\AskToolbar
    HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
    HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
    HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
    .
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.2pre (fr) *
    .
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\Mes images
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.search.defaultenginename: Google
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.search.selectedEngine: Google
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr
    C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.2
    .
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.cbid", "HS");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&alwb=y");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.l", "dis");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1272823959893");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.locale", "en_US");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.o", "15753");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.options-lang", "en");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.options-locale", "UK");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.r", "6");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.asktb.to", "15885");
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\akl7iuwj.default\prefs.js - user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,toolbar@ask.com:3.6.6.117,jqs@sun.com:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2");
    .
    * Internet Explorer Version 6.0.2900.5512 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\Ad-Remover\Quarantine: 1 Fichier(s)
    C:\Ad-Remover\Backup: 13 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 6818 Octet(s)
    .
    Fin à: 22:16:52, 04/05/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    0
  16. Utilisateur anonyme
     
    C'est bien mieux
    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

    ? Télécharge List_Kill'em et enregistre le sur ton bureau
    http://sd-1.archive-host.com/...
    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    Une fois terminée , clic sur "terminer" et le programme se lancera seul

    Choisis l'option Search

    Une icône blanche et noire va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
    Une autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.

    ? laisse travailler l'outil

    A l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

    ? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
    0
  17. Alice
     
    List'em by g3n-h@ckm@n 1.7.3.0

    User : HP_Administrateur (Administrateurs)
    Update on 04/05/2010 by g3n-h@ckm@n ::::: 04.50
    Start at: 22:41:47 | 04/05/2010

    Intel(R) Pentium(R) D CPU 2.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : avast! Antivirus 5.0.83886587 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 225,87 Go (170,88 Go free) [HP_PAVILION] | NTFS
    D:\ -> Disque fixe local | 7 Go (2,06 Go free) [HP_RECOVERY] | FAT32
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    L:\ -> Disque amovible

    Boot: Normal
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\List_Kill'em\pv.exe

    ======================
    Keys "Run"
    ======================

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    MessengerPlus3 REG_SZ "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
    ftutil2 REG_SZ rundll32.exe ftutil2.dll,SetWriteCacheMode
    AlwaysReady Power Message APP REG_SZ ARPWRMSG.EXE
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
    RTHDCPL REG_SZ RTHDCPL.EXE
    IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
    HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
    Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    KBD REG_SZ C:\HP\KBD\KBD.EXE
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    avast5 REG_SZ C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    SNPSTD2 REG_SZ C:\WINDOWS\vsnpstd2.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
    DisableRegistryTools REG_DWORD 0 (0x0)

    ===============

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 323 (0x143)
    NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
    NoDrives REG_DWORD 0 (0x0)

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
    NoDriveTypeAutoRun REG_DWORD 323 (0x143)
    NoDrives REG_DWORD 0 (0x0)

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    ===============

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultUserName REG_SZ HP_Administrateur
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ HP_Administrateur
    AltDefaultDomainName REG_SZ ATTI
    DefaultDomainName REG_SZ ATTI
    AutoAdminLogon REG_SZ 0
    ChangePasswordUseKerberos REG_DWORD 1 (0x1)
    0
  18. Alice
     
    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
    C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe REG_SZ C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
    C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
    C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    ===============
    ActivX controls
    ===============

    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

    ==============
    BHO :
    ======

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ===
    DNS
    ===

    DNS Server Search Order: 16.81.3.243
    DNS Server Search Order: 16.118.3.243
    Description: Wireless LAN PCI 802.11 a/b/g adapter WN5401A - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1
    Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2482883E-014B-4579-972A-BF3317300B01}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE03D22A-70DF-4A94-9169-209D8353ACF2}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2482883E-014B-4579-972A-BF3317300B01}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE03D22A-70DF-4A94-9169-209D8353ACF2}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{2482883E-014B-4579-972A-BF3317300B01}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{2482883E-014B-4579-972A-BF3317300B01}: NameServer=194.117.200.10,194.117.200.15
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE03D22A-70DF-4A94-9169-209D8353ACF2}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    ================
    Internet Explorer :
    ================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr
    Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
    Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm

    ========
    Services
    ========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3 ( OK = 3 )
    EapHost : 0x3 ( OK = 2 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    ========
    Safemode
    ========

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

    =========
    Atapi.sys
    =========

    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    C:\WINDOWS\ERDNT\cache\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\system32\drivers\atapi.sys :
    MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
    SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

    C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys :
    MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
    SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

    Référence :
    ==========

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
    Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

    =======
    Drive :
    =======

    D'fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    226 Go total, 171 Go libre (75%), 14% fragment' (fragmentation du fichier 29%)

    Vous devriez d'fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Documents and Settings\LocalService\Application Data\wzmjhy.dat
    Present !! : C:\WINDOWS\003068_.tmp
    Present !! : C:\WINDOWS\DUMP2e14.tmp
    Present !! : C:\WINDOWS\DUMP317f.tmp
    Present !! : C:\WINDOWS\DUMP31ce.tmp
    Present !! : C:\WINDOWS\DUMP3354.tmp
    Present !! : C:\WINDOWS\DUMP375b.tmp
    Present !! : C:\WINDOWS\DUMP3c3d.tmp
    Present !! : C:\WINDOWS\DUMP7213.tmp
    Present !! : C:\WINDOWS\DUMP7222.tmp
    Present !! : C:\WINDOWS\DUMP7270.tmp
    Present !! : C:\WINDOWS\DUMP72de.tmp
    Present !! : C:\WINDOWS\DUMP72df.tmp
    Present !! : C:\WINDOWS\DUMP733c.tmp
    Present !! : C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    Present !! : C:\WINDOWS\Fonts\GRGAREF.TTF
    Present !! : C:\WINDOWS\kb913800.exe
    Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_InstantShareJPG.log
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    Present !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\HP_Administrateur\LOCAL Settings\Temp\Perflib_Perfdata_2e4.dat
    Present !! : C:\Documents and Settings\HP_Administrateur\LOCAL Settings\Temp\Perflib_Perfdata_58c.dat
    Present !! : C:\Documents and Settings\HP_Administrateur\LOCAL Settings\Temp\IadHide5.dll

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : HKEY_USERS\S-1-5-21-3823090183-2926167141-2296028189-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
    Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_MEMSWEEP2
    Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-04 22:52:32
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    kernel: MBR read successfully
    user & kernel MBR OK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    FirewallDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 0 (0x0)
    FirewallOverride REG_DWORD 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 22:52:33,17
    0
  19. Alice
     
    Désolé, j'ai du le copier/coller en deux fois, ca ne marchait pas sinon...
    0
  20. Utilisateur anonyme
     
    C'est bon
    ? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ? choisis l'Option Clean

    Ton PC va redemarrer,

    Laisse travailler l'outil.

    En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ? Colle le contenu dans ta réponse
    0
  21. Alice
     
    Kill'em by g3n-h@ckm@n 1.7.3.0

    User : HP_Administrateur (Administrateurs)
    Update on 04/05/2010 by g3n-h@ckm@n ::::: 04.50
    Start at: 23:19:24 | 04/05/2010

    Intel(R) Pentium(R) D CPU 2.80GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : avast! Antivirus 5.0.83886587 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 225,87 Go (170,89 Go free) [HP_PAVILION] | NTFS
    D:\ -> Disque fixe local | 7 Go (2,06 Go free) [HP_RECOVERY] | FAT32
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\List_Kill'em\pv.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Documents and Settings\LocalService\Application Data\wzmjhy.dat
    Quarantined & Deleted !! : C:\WINDOWS\003068_.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP2e14.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP317f.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP31ce.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP3354.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP375b.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP3c3d.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP7213.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP7222.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP7270.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP72de.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP72df.tmp
    Quarantined & Deleted !! : C:\WINDOWS\DUMP733c.tmp
    Quarantined & Deleted !! : C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    Quarantined & Deleted !! : C:\WINDOWS\Fonts\GRGAREF.TTF
    Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe

    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_HP_ISRegionListUpdatelog_HPSU.log
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\Application Data\PatchUpdate_InstantShareJPG.log
    Quarantined & Deleted !! : C:\Documents and Settings\HP_Administrateur\LOCAL Settings\Temp\IadHide5.dll

    =======
    Hosts :
    =======

    127.0.0.1 localhost

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
    Deleted : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
    =================
    Internet Explorer
    =================

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
    Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.com/?gws_rd=ssl
    Local Page REG_SZ C:\WINDOWS\system32\blank.htm
    Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ===============
    Security Center
    ===============

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    FirstRunDisabled REG_DWORD 1 (0x1)
    AntiVirusDisableNotify REG_DWORD 0 (0x0)
    FirewallDisableNotify REG_DWORD 0 (0x0)
    UpdatesDisableNotify REG_DWORD 0 (0x0)
    AntiVirusOverride REG_DWORD 1 (0x1)
    FirewallOverride REG_DWORD 1 (0x1)

    ========
    Services
    =========

    Ndisuio : Start = 3
    EapHost : Start = 2
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    anti-ver blaster : OK
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  • 1
  • 2