Virus impossible a supprimer

SOS -  
 SOS -
Salut tout le monde,

mon probleme c'est que depuis hier je suis infecté par un virus qui fait bugger mon ordinateur et qui le fait ramer et donc je dois le redemarrer tout le temps meme aprés malware et combofix le virus est toujours present ...à l'aide, je desespere

merci de votre cooperation

25 réponses

  • 1
  • 2
Résumé de la discussion

Le souci central est qu'un ordinateur semble infecté par un virus qui le fait ramer et nécessite des redémarrages répétés, malgré des tentatives avec des outils comme Combofix et d'autres scans. Plusieurs propositions visent à vérifier le système avec des scans spécialisés et des rapports détaillés : Nod32 Online Scanner, GMER pour rootkits, et des outils complémentaires comme RSIT ou Ad-Remover. En pratique, il faut lancer ces outils en mode administrateur, désactiver temporairement la protection en temps réel et compiler les rapports (log.txt, Ad-report, GMER) pour les partager avec précision. Certaines observations montrent aussi que l’absence de lignes rouges lors des scans peut nécessiter des vérifications complémentaires et une évaluation du comportement système après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Poste ton rapport de Combofix dans ta prochaine réponse.

    @++ :)
    0
    1. SOS
       
      salut merci de m'aider

      combofix n'a pas fait de rapport au moment ou il devait le faire l'ecran est devenu bleu en m'indiquant que windows avait fermé pour ne pas nuire a la machine, je suis parti dans qoobox et le rapport n'y est pas present non plus...
      0
  2. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut

    On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n'est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l'analyse

    Utilise cjoint.com pour poster en lien tes rapports :
    https://www.cjoint.com/

    - Clique sur Parcourir pour aller chercher le rapport C:\rsit\log.txt
    - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

    - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

    Et fais la même chose avec l'autre rapport C:\rsit\info.txt

    @++ :)
    0
    1. SOS
       
      re

      https://www.cjoint.com/?fdwrS5TAce ==>voila le lien de info.txt


      https://www.cjoint.com/?fdwroMSbJq ==>voila le lien de log.txt


      De plus jai bien regardé avec combofix c'est exactement au moment ou c'est ecrit suppression des fichiers que l'ecran bleu apparait et on peut lire windows a arrété afin de prevenir tout dommage et en dessous il y avait ecrit "O_Pool_header" quelque chose comme ca en tt cas...c'est peut etre le virus en question


      merci de ton aide ;)
      0
  3. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Télécharge AD-Remover sur ton Bureau. (Merci à C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Miroir:
    https://www.androidworld.fr/

    /!\ Ferme toutes applications en cours /!\

    /!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    (Vista/7 - Faire un clique droit sur l'icône AD-Remover située sur ton Bureau et choisir exécuter en tant qu'administrateur.)
    - Sur la page, clique sur le bouton « Scanner »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    -----

    Télécharge Gmer et enregistre-le sur ton bureau.
    http://www2.gmer.net/download.php

    - Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
    - Clique sur le bouton "Scan" sur la droite.

    - Lorsque le scan est terminé, clic sur "Copy".
    - Ouvre le bloc-note et clic sur le Menu Edition / Coller
    - Le rapport doit alors apparaître.

    - Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

    @++ :)
    0
    1. SOS
       
      .
      ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
      .
      Mis à jour par C_XX le 01/05/10 à 19:50
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 22:41:13 le 03/05/2010 | Mode normal | Option: SCAN
      Exécuté de: C:\Ad-Remover\ADR.exe
      SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
      Nom du PC: BOUDIAF
      Utilisateur actuel: Sofiane
      .
      ============== ÉLÉMENT(S) TROUVÉ(S) ==============
      .
      Service: *Application Updater*
      .
      C:\Documents and Settings\All Users\Application Data\Viewpoint
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
      C:\Documents and Settings\HelpAssistant\Application Data\Desktopicon
      C:\Documents and Settings\HelpAssistant\Application Data\EoRezo
      C:\Documents and Settings\HelpAssistant\Application Data\Viewpoint
      C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Invité\Application Data\EoRezo
      C:\Documents and Settings\Invité\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Sana\Application Data\EoRezo
      C:\Documents and Settings\Sana\Application Data\ItsLabel
      C:\Documents and Settings\Sana\Application Data\Viewpoint
      C:\Documents and Settings\Sana\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Sofiane\Application Data\DesktopIcon
      C:\Documents and Settings\Sofiane\Application Data\Viewpoint
      C:\Program Files\Application Updater
      C:\Program Files\Ask.com
      C:\Program Files\Dealio Toolbar
      C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
      C:\Program Files\Viewpoint
      C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
      .
      HKCU\Software\AppDataLow\AskToolbarInfo
      HKCU\Software\AppDataLow\Software\Dealio
      HKCU\Software\Ask.com
      HKCU\Software\AskToolbar
      HKCU\Software\Live-Player
      HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Application Updater
      HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
      HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
      HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
      HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
      HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
      HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
      HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
      HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
      HKLM\Software\Live-Player
      HKLM\Software\MetaStream
      HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
      HKLM\Software\Viewpoint
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome.manifest
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\install.rdf
      .
      .
      ============== SCAN ADDITIONNEL ==============
      .
      * Mozilla FireFox Version 3.6.3 (fr) *
      .
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sofiane\\Mes documents\\Mes images
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.search.defaultenginename: Ask.com
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.startup.homepage: hxxp://fr.ask.com?o=15788&l=dis
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sofiane\\Mes documents\\Mes images
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.search.defaultenginename: Ask.com
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.startup.homepage: hxxp://fr.ask.com?o=15788&l=dis
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.11
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage: hxxp://lo.st#home
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Invité\\Mes documents\\Téléchargements
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.11
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage: hxxp://lo.st#home
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Invité\\Mes documents\\Téléchargements
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sana\\Mes documents\\Mes images
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.8
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.startup.homepage: hxxp://y.lo.st
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sana\\Mes documents
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      .
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://fr.ask.com?o=15788&l=dis");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.cbid", "HQ");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.l", "dis");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1272294788521");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.locale", "fr_FR");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.o", "15785");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.asktb.r", "2");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=OCfSJyhHfYqUvWGt6IzCRA");
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdEnabled", true);
      TROUVÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
      .
      * Internet Explorer Version 8.0.6001.18702 *
      .
      [HKCU\Software\Microsoft\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Do404Search: 0x01000000
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Show_ToolBar: yes
      Start Page: hxxp://fr.ask.com?o=15788&l=dis
      Use Custom Search URL: 1
      Use Search Asst: no
      .
      [HKLM\Software\Microsoft\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.msn.com/
      .
      [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      Blank: res://mshtml.dll/blank.htm
      .
      ========================================
      .
      C:\Ad-Remover\Quarantine: 0 Fichier(s)
      C:\Ad-Remover\Backup: 1 Fichier(s)
      .
      C:\Ad-Report-SCAN[1].txt - 16126 Octet(s)
      .
      Fin à: 22:53:22, 03/05/2010
      .
      ============== E.O.F - SCAN[1] ==============




      voila le rapport de ad-remover pour gmer impossible de faire un rapport car quand je veux executer l'application mon ecran devient tout de suite bleu comme pour combofix
      0
  4. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    /!\ Ferme toutes applications en cours /!\

    /!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    (Vista/7 - Faire un clique droit sur l'icône AD-Remover située sur ton Bureau et choisir exécuter en tant qu'administrateur.)
    - Sur la page, clique sur le bouton « Nettoyer »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Essai Combofix en Mode sans échec, voir aussi avec Gmer en MSE

    @++ :)
    0
    1. SOS
       
      tu peux m'expliquer comment j'utilise combofix en mode sans echec ? je suis assez nul en informatique...
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Pour démarrer en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle (Sofiane) et non la session Administrateur.

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Pour Gmer, même procédure.

    @++ :)
    0
    1. SOS
       
      combofix a marché en mode sans echec mais impossible de poster son rapport je ne sais pas pourquoi
      0
    2. SOS
       
      jle poste en plusieurs fois :



      ComboFix 10-05-03.05 - Sofiane 04/05/2010 13:47:54.8.2 - x86 NETWORK
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.585 [GMT 2:00]
      Lancé depuis: c:\documents and settings\Sofiane\Bureau\Cmb.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Sofiane\Application Data\Desktopicon
      c:\documents and settings\Sofiane\Application Data\Desktopicon\config.ini
      c:\program files\Dealio Toolbar
      c:\program files\Dealio Toolbar\FF\chrome.manifest
      c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
      c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
      c:\program files\Dealio Toolbar\FF\chrome\content\login.js
      c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
      c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
      c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
      c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
      c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
      c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
      c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
      c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
      c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
      c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
      c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
      c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
      c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
      c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
      c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
      c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
      c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
      c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
      c:\program files\Dealio Toolbar\FF\components\config.ini
      c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
      c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
      c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
      c:\program files\Dealio Toolbar\FF\install.rdf
      c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
      c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
      c:\program files\Dealio Toolbar\Res\amazon.gif
      c:\program files\Dealio Toolbar\Res\apple.gif
      c:\program files\Dealio Toolbar\Res\barnes.gif
      c:\program files\Dealio Toolbar\Res\bestbuy.gif
      c:\program files\Dealio Toolbar\Res\dealio_logo.gif
      c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
      c:\program files\Dealio Toolbar\Res\ebay.gif
      c:\program files\Dealio Toolbar\Res\icon_settings.gif
      c:\program files\Dealio Toolbar\Res\macys.gif
      c:\program files\Dealio Toolbar\Res\newegg.gif
      c:\program files\Dealio Toolbar\Res\overstock.gif
      c:\program files\Dealio Toolbar\Res\search-button-hover.gif
      c:\program files\Dealio Toolbar\Res\search-button.gif
      c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
      c:\program files\Dealio Toolbar\Res\search-chevron.gif
      c:\program files\Dealio Toolbar\Res\search_amazon.gif
      c:\program files\Dealio Toolbar\Res\search_dealio.gif
      c:\program files\Dealio Toolbar\Res\search_ebay.gif
      c:\program files\Dealio Toolbar\Res\search_yahoo.gif
      c:\program files\Dealio Toolbar\Res\target.gif
      c:\program files\Dealio Toolbar\Res\walmart.gif
      c:\program files\Dealio Toolbar\Res\widgets.xml
      c:\program files\Dealio Toolbar\WidgiHelper.exe
      c:\program files\WindowsUpdate
      c:\windows\system32\srcr.dat

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-04 au 2010-05-04 ))))))))))))))))))))))))))))))))))))
      .

      2010-05-03 21:14 . 2010-05-03 21:15 -------- d-----w- C:\tdsskiller
      2010-05-03 20:41 . 2010-05-03 20:53 -------- d-----w- C:\Ad-Remover
      2010-05-03 18:29 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-05-03 18:29 . 2010-05-03 18:29 -------- d-----w- c:\program files\Panda Security
      2010-05-02 21:27 . 2010-05-02 21:27 -------- d-----w- C:\rsit
      2010-05-02 20:49 . 2010-05-02 20:49 54016 ----a-w- c:\windows\system32\drivers\lsvtm.sys
      2010-05-02 19:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-02 19:15 . 2010-05-02 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-02 19:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-05-02 18:29 . 2010-05-02 19:05 -------- d---a-w- C:\Navilog1
      2010-05-02 18:29 . 2010-05-02 19:03 -------- d-----w- c:\program files\navilog1
      2010-05-02 18:01 . 2010-05-02 18:49 -------- d-----w- C:\ToolBar SD
      2010-05-02 15:56 . 2010-05-03 15:06 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\temp
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
      2010-05-02 15:53 . 2010-05-02 16:10 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.moovida
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
      2010-05-02 12:28 . 2010-03-26 08:33 1496064 ----a-w- c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      2010-05-02 12:28 . 2010-03-26 08:33 43008 ----a-w- c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
      2010-05-02 12:28 . 2010-03-26 08:33 339456 ----a-w- c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
      2010-05-02 12:28 . 2010-03-26 08:32 346112 ----a-w- c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
      2010-04-26 20:56 . 2010-04-26 20:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2010-04-26 09:23 . 2010-04-26 09:23 -------- d-----w- c:\program files\Ask.com
      2010-04-17 21:58 . 2010-05-02 15:13 820440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
      2010-04-17 20:25 . 2010-04-17 20:25 8854 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 53248 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut1_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 53248 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut11_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 10134 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\ARPPRODUCTICON.exe
      2010-04-17 20:10 . 2010-04-17 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\dllcache\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
      2010-04-12 20:39 . 2002-06-19 22:00 32256 ----a-w- c:\windows\system32\escwiad.dll
      2010-04-12 20:39 . 2002-06-19 22:00 22528 ----a-w- c:\windows\system32\esccmd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 47104 ----a-w- c:\windows\system32\escimgd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 33280 ----a-w- c:\windows\system32\esccm.dll
      2010-04-12 20:39 . 2001-11-14 22:00 32256 ----a-w- c:\windows\system32\escwiab.dll
      2010-04-12 20:39 . 2001-11-14 22:00 27648 ----a-w- c:\windows\system32\escimg.dll
      2010-04-12 20:39 . 2002-01-30 22:00 126976 ----a-w- c:\windows\system32\Esint23.dll
      2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\program files\iPod
      2010-04-12 13:36 . 2010-04-12 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-04-12 13:21 . 2010-04-12 13:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
      2010-04-12 13:08 . 2010-04-12 13:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
      0
    3. SOS
       
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-03 14:56 . 2008-07-25 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
      2010-05-02 21:27 . 2008-10-19 16:47 -------- d-----w- c:\program files\Trend Micro
      2010-05-02 18:57 . 2008-05-11 10:42 -------- d-----w- c:\documents and settings\Sofiane\Application Data\uTorrent
      2010-05-01 18:05 . 2008-05-11 10:42 -------- d-----w- c:\program files\uTorrent
      2010-04-29 13:18 . 2009-12-10 18:43 -------- d-----w- c:\program files\Free Video Converter
      2010-04-28 10:59 . 2010-04-28 10:59 789 ----a-w- c:\program files\Raccourci vers HiJackThis.lnk
      2010-04-26 20:57 . 2009-06-22 13:35 -------- d-----w- c:\program files\Windows Live
      2010-04-26 09:25 . 2010-01-01 16:20 -------- d-----w- c:\program files\ImgBurn
      2010-04-22 15:40 . 2010-03-27 12:37 439816 ----a-w- c:\documents and settings\Sofiane\Application Data\Real\Update\setup3.10\setup.exe
      2010-04-17 20:10 . 2008-08-02 14:26 -------- d-----w- c:\program files\Micro Application
      2010-04-17 14:21 . 2008-05-11 18:56 -------- d-----w- c:\program files\Google
      2010-04-14 11:20 . 2008-05-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2010-04-12 20:39 . 2006-05-21 03:55 -------- d--h--w- c:\program files\InstallShield Installation Information
      2010-04-12 13:37 . 2009-11-30 23:01 -------- d-----w- c:\program files\iTunes
      2010-04-12 13:36 . 2009-04-11 08:09 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-04-12 13:27 . 2009-04-11 08:11 -------- d-----w- c:\program files\Bonjour
      2010-04-12 13:13 . 2009-11-30 22:42 -------- d-----w- c:\program files\Safari
      2010-04-09 22:41 . 2010-01-24 20:35 -------- d-----w- c:\program files\Messenger Plus! Live
      2010-04-03 13:00 . 2009-02-16 11:36 -------- d-----w- c:\program files\CCleaner
      2010-03-30 15:18 . 2009-11-30 23:03 75792 ---ha-w- c:\windows\system32\mlfcache.dat
      2010-03-28 11:21 . 2006-05-20 20:02 86622 ----a-w- c:\windows\system32\perfc00C.dat
      2010-03-28 11:21 . 2006-05-20 20:02 514962 ----a-w- c:\windows\system32\perfh00C.dat
      2010-03-14 20:53 . 2009-11-13 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
      2010-03-10 06:16 . 2004-08-05 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
      2010-02-25 06:17 . 2005-07-03 02:16 916480 ----a-w- c:\windows\system32\wininet.dll
      2010-02-24 17:24 . 2009-08-26 18:19 98104 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
      2010-02-24 13:11 . 2005-01-19 04:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2010-02-16 19:06 . 2005-09-29 18:28 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
      2010-02-16 19:06 . 2005-09-29 18:28 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2010-02-12 10:03 . 2010-03-21 21:41 293376 ------w- c:\windows\system32\browserchoice.exe
      2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-02-12 04:34 . 2004-08-05 05:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
      2010-02-11 12:02 . 2004-08-05 05:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

      [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
      2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
      "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160]
      "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
      WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2008-5-10 721408]
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "c:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
      "c:\\Program Files\\Hercules\\Classic Link\\Station2.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "18021:TCP"= 18021:TCP:BitComet 18021 TCP
      "18021:UDP"= 18021:UDP:BitComet 18021 UDP
      "18001:TCP"= 18001:TCP:BitComet 18001 TCP
      "18001:UDP"= 18001:UDP:BitComet 18001 UDP
      "65533:TCP"= 65533:TCP:Services
      "52344:TCP"= 52344:TCP:Services
      "8847:TCP"= 8847:TCP:Services
      "8848:TCP"= 8848:TCP:Services
      "3389:TCP"= 3389:TCP:Remote Desktop
      "7868:TCP"= 7868:TCP:Services
      "7869:TCP"= 7869:TCP:Services
      "5571:TCP"= 5571:TCP:Services
      "9642:TCP"= 9642:TCP:Services
      "4790:TCP"= 4790:TCP:Services
      "8080:TCP"= 8080:TCP:Services
      "6384:TCP"= 6384:TCP:Services
      "6385:TCP"= 6385:TCP:Services
      "1868:TCP"= 1868:TCP:Services
      "2236:TCP"= 2236:TCP:Services

      R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [05/02/2005 09:00 85888]
      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [03/05/2010 20:29 28552]
      S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2010 15:16 108289]
      S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
      S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/08/2009 22:11 233472]
      S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 23:29 135664]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [20/09/2009 00:22 98432]
      S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/08/2009 22:11 36608]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
      S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [10/08/2009 22:11 90112]
      S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [10/08/2009 22:11 14976]
      S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [10/08/2009 22:11 121856]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

      2010-05-04 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 08:47]

      2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
      - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]

      2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{EA792E68-90A3-42D3-8F03-B602173DF34B}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
      .
      0
    4. SOS
       
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://fr.ask.com?o=15788&l=dis
      uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      mWindow Title =
      uInternet Settings,ProxyOverride = local;*.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
      TCP: {AE37FE06-5406-4CFF-B038-CAA9986D4684} = 80.10.246.2,80.10.146.129
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      FF - ProfilePath - c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.startup.homepage - hxxp://fr.ask.com?o=15788&l=dis
      FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      FF - component: c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin8.dll
      FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- PARAMETRES FIREFOX ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
      BHO-{258B6340-40C0-37EB-9E09-E259061FE549} - (no file)
      Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
      WebBrowser-{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - (no file)
      HKLM-Run-NPSStartup - (no file)



      **************************************************************************
      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés:

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-2261729735-2498202468-3724448963-1006\Software\SecuROM\License information*]
      "datasecu"=hex:d8,0e,22,f9,ab,7b,1b,60,74,d5,5b,ce,c8,df,5f,7b,d9,1f,20,bb,e9,
      97,25,e3,ef,93,c6,f0,95,dd,51,bc,a5,98,50,ca,26,73,dd,60,75,25,a5,ea,0d,e2,\
      "rkeysecu"=hex:ff,5e,ef,21,07,54,25,77,5e,85,2e,c5,79,63,46,a6
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(864)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2010-05-04 14:01:53
      ComboFix-quarantined-files.txt 2010-05-04 12:01

      Avant-CF: 4 716 322 816 octets libres
      Après-CF: 4 983 644 160 octets libres

      - - End Of File - - EA39A1A58A9248F4621E276A84A05105
      0
  7. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Faire un scan de ce fichier lsvtm.sys ici :

    https://www.virustotal.com/gui/

    Clique sur Parcourir et copie/colle ceci :
    c:\windows\system32\drivers\lsvtm.sys
    Après tu clique sur Envoyer le fichier et attendre le résultat de l'analyse.

    Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
    Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.

    Poste le résultat au complet

    Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

    @++ :)
    0
    1. SOS
       
      salut salut voila le rapport avec virustotal



      Antivirus Version Dernière mise à jour Résultat
      a-squared 4.5.0.50 2010.05.05 -
      AhnLab-V3 2010.05.05.00 2010.05.05 -
      AntiVir 8.2.1.224 2010.05.04 -
      Antiy-AVL 2.0.3.7 2010.04.30 -
      Authentium 5.2.0.5 2010.05.05 -
      Avast 4.8.1351.0 2010.05.04 -
      Avast5 5.0.332.0 2010.05.04 -
      AVG 9.0.0.787 2010.05.04 -
      BitDefender 7.2 2010.05.05 -
      CAT-QuickHeal 10.00 2010.05.04 -
      ClamAV 0.96.0.3-git 2010.05.05 -
      Comodo 4768 2010.05.05 -
      DrWeb 5.0.2.03300 2010.05.05 -
      eSafe 7.0.17.0 2010.05.03 Win32.TrojanHorse
      eTrust-Vet 35.2.7468 2010.05.04 -
      F-Prot 4.5.1.85 2010.05.05 -
      F-Secure 9.0.15370.0 2010.05.05 -
      Fortinet 4.0.14.0 2010.05.03 -
      GData 21 2010.05.05 -
      Ikarus T3.1.1.84.0 2010.05.05 -
      Jiangmin 13.0.900 2010.05.04 -
      Kaspersky 7.0.0.125 2010.05.05 -
      McAfee 5.400.0.1158 2010.05.05 -
      McAfee-GW-Edition 2010.1 2010.05.04 -
      Microsoft 1.5703 2010.05.04 -
      NOD32 5086 2010.05.04 -
      Norman 6.04.12 2010.05.04 -
      nProtect 2010-05-04.01 2010.05.04 -
      Panda 10.0.2.7 2010.05.04 -
      PCTools 7.0.3.5 2010.05.04 -
      Prevx 3.0 2010.05.05 -
      Rising 22.46.02.01 2010.05.05 -
      Sophos 4.53.0 2010.05.05 -
      Sunbelt 6262 2010.05.05 -
      Symantec 20091.2.0.41 2010.05.05 -
      TheHacker 6.5.2.0.275 2010.05.03 -
      TrendMicro 9.120.0.1004 2010.05.05 -
      TrendMicro-HouseCall 9.120.0.1004 2010.05.05 -
      VBA32 3.12.12.4 2010.05.04 -
      ViRobot 2010.5.4.2303 2010.05.05 -
      VirusBuster 5.0.27.0 2010.05.04 -
      0
  8. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Via Ajout/Suppression de programmes désinstalle la Ask Toolbar

    Supprime si encore présent : C:\Program Files\Ask.com

    - Clique sur le menu démarrer/Exécuter, tape notepad à l'invite de commande et OK.

    - Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

    KillAll::

    Driver::
    lsvtm

    File::
    c:\windows\system32\drivers\lsvtm.sys

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18021:TCP"=-
    "18021:UDP"=-
    "18001:TCP"=-
    "18001:UDP"=-
    "65533:TCP"=-
    "52344:TCP"=-
    "8847:TCP"=-
    "8848:TCP"=-
    "3389:TCP"=-
    "7868:TCP"=-
    "7869:TCP"=-
    "5571:TCP"=-
    "9642:TCP"=-
    "4790:TCP"=-
    "8080:TCP"=-
    "6384:TCP"=-
    "6385:TCP"=-
    "1868:TCP"=-
    "2236:TCP"=-


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l'icône est un lion) :

    http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @++ :)
    0
    1. SOS
       
      ComboFix 10-05-04.06 - Sofiane 05/05/2010 18:22:47.9.2 - x86 NETWORK
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.577 [GMT 2:00]
      Lancé depuis: c:\documents and settings\Sofiane\Bureau\Cmb.exe
      Commutateurs utilisés :: c:\documents and settings\Sofiane\Bureau\CFScript.txt
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

      FILE ::
      "c:\windows\system32\drivers\lsvtm.sys"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\lsvtm.sys

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-05 au 2010-05-05 ))))))))))))))))))))))))))))))))))))
      .

      2010-05-04 11:44 . 2010-05-04 12:01 -------- d-----w- C:\Cmb
      2010-05-03 21:14 . 2010-05-03 21:15 -------- d-----w- C:\tdsskiller
      2010-05-03 20:41 . 2010-05-03 20:53 -------- d-----w- C:\Ad-Remover
      2010-05-03 18:29 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-05-03 18:29 . 2010-05-03 18:29 -------- d-----w- c:\program files\Panda Security
      2010-05-02 21:27 . 2010-05-02 21:27 -------- d-----w- C:\rsit
      2010-05-02 19:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-02 19:15 . 2010-05-02 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-02 19:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-05-02 18:29 . 2010-05-02 19:05 -------- d---a-w- C:\Navilog1
      2010-05-02 18:29 . 2010-05-02 19:03 -------- d-----w- c:\program files\navilog1
      2010-05-02 18:01 . 2010-05-02 18:49 -------- d-----w- C:\ToolBar SD
      2010-05-02 15:56 . 2010-05-03 15:06 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\temp
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
      2010-05-02 15:53 . 2010-05-02 16:10 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.moovida
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
      2010-04-26 20:56 . 2010-04-26 20:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2010-04-17 21:58 . 2010-05-02 15:13 820440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
      2010-04-17 20:10 . 2010-04-17 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\dllcache\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
      2010-04-12 20:39 . 2002-06-19 22:00 32256 ----a-w- c:\windows\system32\escwiad.dll
      2010-04-12 20:39 . 2002-06-19 22:00 22528 ----a-w- c:\windows\system32\esccmd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 47104 ----a-w- c:\windows\system32\escimgd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 33280 ----a-w- c:\windows\system32\esccm.dll
      2010-04-12 20:39 . 2001-11-14 22:00 32256 ----a-w- c:\windows\system32\escwiab.dll
      2010-04-12 20:39 . 2001-11-14 22:00 27648 ----a-w- c:\windows\system32\escimg.dll
      2010-04-12 20:39 . 2002-01-30 22:00 126976 ----a-w- c:\windows\system32\Esint23.dll
      2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\program files\iPod
      2010-04-12 13:36 . 2010-04-12 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-04 17:13 . 2008-07-25 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
      2010-05-04 12:40 . 2008-05-11 10:42 -------- d-----w- c:\documents and settings\Sofiane\Application Data\uTorrent
      2010-05-02 21:27 . 2008-10-19 16:47 -------- d-----w- c:\program files\Trend Micro
      2010-05-01 18:05 . 2008-05-11 10:42 -------- d-----w- c:\program files\uTorrent
      2010-04-29 13:18 . 2009-12-10 18:43 -------- d-----w- c:\program files\Free Video Converter
      2010-04-28 10:59 . 2010-04-28 10:59 789 ----a-w- c:\program files\Raccourci vers HiJackThis.lnk
      2010-04-26 20:57 . 2009-06-22 13:35 -------- d-----w- c:\program files\Windows Live
      2010-04-26 09:25 . 2010-01-01 16:20 -------- d-----w- c:\program files\ImgBurn
      2010-04-17 20:10 . 2008-08-02 14:26 -------- d-----w- c:\program files\Micro Application
      2010-04-17 14:21 . 2008-05-11 18:56 -------- d-----w- c:\program files\Google
      2010-04-14 11:20 . 2008-05-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2010-04-12 20:39 . 2006-05-21 03:55 -------- d--h--w- c:\program files\InstallShield Installation Information
      2010-04-12 13:37 . 2009-11-30 23:01 -------- d-----w- c:\program files\iTunes
      2010-04-12 13:36 . 2009-04-11 08:09 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-04-12 13:27 . 2009-04-11 08:11 -------- d-----w- c:\program files\Bonjour
      2010-04-12 13:13 . 2009-11-30 22:42 -------- d-----w- c:\program files\Safari
      2010-04-09 22:41 . 2010-01-24 20:35 -------- d-----w- c:\program files\Messenger Plus! Live
      2010-04-03 13:00 . 2009-02-16 11:36 -------- d-----w- c:\program files\CCleaner
      2010-03-30 15:18 . 2009-11-30 23:03 75792 ---ha-w- c:\windows\system32\mlfcache.dat
      2010-03-28 11:21 . 2006-05-20 20:02 86622 ----a-w- c:\windows\system32\perfc00C.dat
      2010-03-28 11:21 . 2006-05-20 20:02 514962 ----a-w- c:\windows\system32\perfh00C.dat
      2010-03-14 20:53 . 2009-11-13 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
      2010-03-10 06:16 . 2004-08-05 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
      2010-02-25 06:17 . 2005-07-03 02:16 916480 ----a-w- c:\windows\system32\wininet.dll
      2010-02-24 17:24 . 2009-08-26 18:19 98104 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
      2010-02-24 13:11 . 2005-01-19 04:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2010-02-16 19:06 . 2005-09-29 18:28 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
      2010-02-16 19:06 . 2005-09-29 18:28 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2010-02-12 10:03 . 2010-03-21 21:41 293376 ------w- c:\windows\system32\browserchoice.exe
      2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-02-12 04:34 . 2004-08-05 05:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
      2010-02-11 12:02 . 2004-08-05 05:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
      .
      0
    2. SOS
       
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
      "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160]
      "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
      WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2008-5-10 721408]
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "c:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
      "c:\\Program Files\\Hercules\\Classic Link\\Station2.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "2431:TCP"= 2431:TCP:Services
      "3362:TCP"= 3362:TCP:Services
      "3306:TCP"= 3306:TCP:Services
      "5112:TCP"= 5112:TCP:Services
      "7886:TCP"= 7886:TCP:Services
      "7887:TCP"= 7887:TCP:Services
      "3300:TCP"= 3300:TCP:Services
      "5100:TCP"= 5100:TCP:Services
      "5379:TCP"= 5379:TCP:Services
      "9258:TCP"= 9258:TCP:Services
      "3389:TCP"= 3389:TCP:Remote Desktop

      R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [05/02/2005 09:00 85888]
      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [03/05/2010 20:29 28552]
      S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2010 15:16 108289]
      S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]
      S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/08/2009 22:11 233472]
      S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 23:29 135664]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [20/09/2009 00:22 98432]
      S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/08/2009 22:11 36608]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
      S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [10/08/2009 22:11 90112]
      S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [10/08/2009 22:11 14976]
      S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [10/08/2009 22:11 121856]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

      2010-05-05 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 08:47]

      2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{EA792E68-90A3-42D3-8F03-B602173DF34B}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://fr.ask.com?o=15788&l=dis
      uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      mWindow Title =
      uInternet Settings,ProxyOverride = local;*.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
      TCP: {AE37FE06-5406-4CFF-B038-CAA9986D4684} = 80.10.246.2,80.10.146.129
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      FF - ProfilePath - c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - prefs.js: browser.startup.homepage - hxxp://fr.ask.com?o=15788&l=dis
      FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      FF - component: c:\documents and settings\Sofiane\Application Data\Mozilla\Firefox\Profiles\a4t6ygw2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7.dll
      FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin8.dll
      FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- PARAMETRES FIREFOX ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
      .
      0
    3. SOS
       
      - - - - ORPHELINS SUPPRIMES - - - -

      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-05-05 18:34
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83929440]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xf76d3f28
      \Driver\ACPI -> ACPI.sys @ 0xf7625cb8
      \Driver\atapi -> atapi.sys @ 0xf75dd852
      IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
      SecurityProcedure -> ntoskrnl.exe @ 0x805df529
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
      SecurityProcedure -> ntoskrnl.exe @ 0x805df529
      NDIS: -> SendCompleteHandler -> 0x0
      PacketIndicateHandler -> 0x0
      SendHandler -> 0x0
      user & kernel MBR OK

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-2261729735-2498202468-3724448963-1006\Software\SecuROM\License information*]
      "datasecu"=hex:d8,0e,22,f9,ab,7b,1b,60,74,d5,5b,ce,c8,df,5f,7b,d9,1f,20,bb,e9,
      97,25,e3,ef,93,c6,f0,95,dd,51,bc,a5,98,50,ca,26,73,dd,60,75,25,a5,ea,0d,e2,\
      "rkeysecu"=hex:ff,5e,ef,21,07,54,25,77,5e,85,2e,c5,79,63,46,a6
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(868)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'explorer.exe'(676)
      c:\windows\system32\eappprxy.dll
      .
      Heure de fin: 2010-05-05 18:43:41 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-05-05 16:43
      ComboFix2.txt 2010-05-04 12:01

      Avant-CF: 12 586 717 184 octets libres
      Après-CF: 12 507 107 328 octets libres

      - - End Of File - - 6B5C22369CD20A37019924018D0FE428
      0
  9. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
    http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

    - Quitte les applications en cours afin de ne pas interrompre le scan.
    - Faire un double clique sur OTL.exe présent sur le bureau pour lancer le programme
    - Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport minimal". Fais de même avec "Tous les utilisateurs".
    - Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

    Ne modifie pas les autres paramètres!

    Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

    netsvcs
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.exe
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    c:\$recycle.bin\*.* /s


    - Clique sur le bouton Analyse.
    - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

    Utilise cjoint.com pour poster en lien tes rapports :
    https://www.cjoint.com/

    - Clique sur Parcourir pour aller chercher le rapport
    - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

    - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

    @++ :)
    0
  10. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Télécharge MBR par (GMER) sur ton Bureau :

    http://www2.gmer.net/mbr/mbr.exe

    - Désactive tous les programmes de protection (antivirus, antispyware etc.)
    https://forum.pcastuces.com/default.asp

    - Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
    - Poste le rapport mbr.log qui apparaît.

    @++ :)
    0
    1. SOS
       
      je ne sais pas si c'est normal mais le rapport est trés court :

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      kernel: MBR read successfully
      user & kernel MBR OK
      0
  11. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    OK c'est bon pour ce rapport, en relisant le poste tu as oublié l'option nettoyer de AD-Remover, poste le rapport :
    https://forums.commentcamarche.net/forum/affich-17608395-virus-impossible-a-supprimer#7

    @++ :)
    0
    1. SOS
       
      re voila le rapport


      .
      ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
      .
      Mis à jour par C_XX le 01/05/10 à 19:50
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 19:54:13 le 06/05/2010 | Mode normal | Option: CLEAN
      Exécuté de: C:\Ad-Remover\ADR.exe
      SE: Microsoft® Windows XP(TM) Service Pack 3 - X86
      Nom du PC: BOUDIAF
      Utilisateur actuel: Sofiane
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .
      .
      C:\Documents and Settings\All Users\Application Data\Viewpoint
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
      C:\Documents and Settings\HelpAssistant\Application Data\Desktopicon
      C:\Documents and Settings\HelpAssistant\Application Data\EoRezo
      C:\Documents and Settings\HelpAssistant\Application Data\Viewpoint
      C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Invité\Application Data\EoRezo
      C:\Documents and Settings\Invité\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Sana\Application Data\EoRezo
      C:\Documents and Settings\Sana\Application Data\ItsLabel
      C:\Documents and Settings\Sana\Application Data\Viewpoint
      C:\Documents and Settings\Sana\Local Settings\Application Data\AskToolbar
      C:\Documents and Settings\Sofiane\Application Data\Viewpoint
      C:\Program Files\Application Updater
      C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
      C:\Program Files\Viewpoint

      (!) -- Fichiers temporaires supprimés.
      .
      HKCU\Software\AppDataLow\Software\Dealio
      HKLM\Software\Application Updater
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
      HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
      HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
      HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
      HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
      HKLM\Software\MetaStream
      HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
      HKLM\Software\Viewpoint
      HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
      .
      (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
      .
      ============== SCAN ADDITIONNEL ==============
      .
      * Mozilla FireFox Version Impossible d'obtenir la version *
      .
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sofiane\\Mes documents\\Mes images
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.search.defaultenginename: Ask.com
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.startup.homepage: hxxp://fr.ask.com?o=15788&l=dis
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sofiane\\Mes documents\\Mes images
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.search.defaultenginename: Ask.com
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.startup.homepage: hxxp://fr.ask.com?o=15788&l=dis
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\HelpAssistant\..\a4t6ygw2.default\prefs.js - keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.11
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage: hxxp://lo.st#home
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Invité\\Mes documents\\Téléchargements
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\HelpAssistant\..\u93ws6is.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.defaultenginename: Google
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.search.selectedEngine: Google
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.11
      C:\Documents and Settings\Invité\..\u93ws6is.default\Invalidprefs.js - browser.startup.homepage: hxxp://lo.st#home
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Invité\\Mes documents\\Téléchargements
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Invité\..\u93ws6is.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sana\\Mes documents\\Mes images
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.8
      C:\Documents and Settings\Sana\..\nh4azdym.default\Invalidprefs.js - browser.startup.homepage: hxxp://y.lo.st
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Sana\\Mes documents
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.search.defaultenginename: Yahoo
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.search.selectedEngine: Yahoo
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
      C:\Documents and Settings\Sana\..\nh4azdym.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
      .
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.defaultengine", "Ask.com");
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.defaultenginename", "Ask.com");
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.search.order.1", "Ask.com");
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("browser.startup.homepage", "hxxp://fr.ask.com?o=15788&l=dis");
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=OCfSJyhHfYqUvWGt6IzCRA");
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdEnabled", true);
      EFFACÉ: C:\Documents and Settings\Sofiane\..\a4t6ygw2.default\prefs.js - user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
      .
      * Internet Explorer Version 8.0.6001.18702 *
      .
      [HKCU\Software\Microsoft\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Do404Search: 0x01000000
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Show_ToolBar: yes
      Start Page: hxxp://fr.msn.com/
      Use Custom Search URL: 1
      Use Search Asst: no
      .
      [HKLM\Software\Microsoft\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/
      .
      [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      Blank: res://mshtml.dll/blank.htm
      .
      ========================================
      .
      C:\Ad-Remover\Quarantine: 44 Fichier(s)
      C:\Ad-Remover\Backup: 14 Fichier(s)
      .
      C:\Ad-Report-CLEAN[1].txt - 518 Octet(s)
      C:\Ad-Report-CLEAN[2].txt - 11607 Octet(s)
      .
      Fin à: 20:06:58, 06/05/2010
      .
      ============== E.O.F - CLEAN[2] ==============
      0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    On va vérifier si rien de caché :
    Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

    https://www.eset.com/int/home/online-scanner/

    (coche toutes les cases à chaque fois, sauf les deux dernières a la fin du scan, sinon le rapport est supprimer)
    A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

    @++ :)
    0
    1. SOS
       
      salut salut

      tu n'aurais pas une autre solution car le scan est trop long a chaque fois mon ordinateur bug avant la fin. il y a un fichier log ds le dossier mais ce sont 2 lignes
      0
  13. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Mettre à jour Antivir et faire un scan en mode sans échec, poste le rapport une fois redémarrer en mode normal.

    @++ :)
    0
  14. rabah_1977
     
    salut avant tout
    installer avast 5 et quand l'instalation est terminée il te demmande de programmer un test (scan) au demmarage(avant que le systeme demmare car les virus sont innactif )cocher sur oui ensuite redemmarer ton pc
    ca va regler le probleme
    0
    1. SOS
       
      Avira AntiVir Personal
      Date de création du fichier de rapport : samedi 8 mai 2010 14:32

      La recherche porte sur 2081209 souches de virus.

      Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
      Numéro de série : 0000149996-ADJIE-0000001
      Plateforme : Windows XP
      Version de Windows : (Service Pack 3) [5.1.2600]
      Mode Boot : Mode sans échec
      Identifiant : Sofiane
      Nom de l'ordinateur : BOUDIAF

      Informations de version :
      BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
      AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46
      AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
      LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
      LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
      VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
      VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:18:02
      VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:18:14
      VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:43:56
      VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 19:54:00
      VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 18:06:59
      VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 18:07:02
      VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 18:07:03
      VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 18:07:03
      VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 18:07:03
      VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 18:07:03
      VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 18:07:03
      VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 18:07:03
      VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 18:07:04
      VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 18:01:12
      VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 15:40:11
      VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 15:54:11
      VBASE017.VDF : 7.10.6.206 120320 Bytes 26/04/2010 18:08:17
      VBASE018.VDF : 7.10.6.232 99328 Bytes 28/04/2010 18:08:18
      VBASE019.VDF : 7.10.7.2 155648 Bytes 30/04/2010 18:08:18
      VBASE020.VDF : 7.10.7.26 119808 Bytes 04/05/2010 15:07:07
      VBASE021.VDF : 7.10.7.51 118272 Bytes 06/05/2010 16:16:40
      VBASE022.VDF : 7.10.7.52 2048 Bytes 06/05/2010 16:16:40
      VBASE023.VDF : 7.10.7.53 2048 Bytes 06/05/2010 16:16:40
      VBASE024.VDF : 7.10.7.54 2048 Bytes 06/05/2010 16:16:40
      VBASE025.VDF : 7.10.7.55 2048 Bytes 06/05/2010 16:16:40
      VBASE026.VDF : 7.10.7.56 2048 Bytes 06/05/2010 16:16:40
      VBASE027.VDF : 7.10.7.57 2048 Bytes 06/05/2010 16:16:40
      VBASE028.VDF : 7.10.7.58 2048 Bytes 06/05/2010 16:16:41
      VBASE029.VDF : 7.10.7.59 2048 Bytes 06/05/2010 16:16:41
      VBASE030.VDF : 7.10.7.60 2048 Bytes 06/05/2010 16:16:41
      VBASE031.VDF : 7.10.7.66 70656 Bytes 07/05/2010 16:16:44
      Version du moteur : 8.2.1.236
      AEVDF.DLL : 8.1.2.0 106868 Bytes 23/04/2010 15:54:18
      AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 05/05/2010 15:54:09
      AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 21:30:33
      AESBX.DLL : 8.1.3.1 254324 Bytes 23/04/2010 15:54:18
      AERDL.DLL : 8.1.4.6 541043 Bytes 16/04/2010 18:09:19
      AEPACK.DLL : 8.2.1.1 426358 Bytes 20/03/2010 12:38:08
      AEOFFICE.DLL : 8.1.0.41 201083 Bytes 18/03/2010 21:50:56
      AEHEUR.DLL : 8.1.1.27 2670967 Bytes 05/05/2010 15:54:07
      AEHELP.DLL : 8.1.11.3 242039 Bytes 02/04/2010 15:47:51
      AEGEN.DLL : 8.1.3.7 373106 Bytes 16/04/2010 18:07:27
      AEEMU.DLL : 8.1.2.0 393588 Bytes 23/04/2010 15:54:15
      AECORE.DLL : 8.1.15.1 192886 Bytes 05/05/2010 15:54:01
      AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 15:54:14
      AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
      AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31
      AVREP.DLL : 8.0.0.7 159784 Bytes 18/02/2010 13:21:53
      AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
      AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
      AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
      SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
      SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
      NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
      RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
      RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32

      Configuration pour la recherche actuelle :
      Nom de la tâche...............................: Disques durs locaux
      Fichier de configuration......................: c:\program files\avira\antivir desktop\alldiscs.avp
      Documentation.................................: bas
      Action principale.............................: interactif
      Action secondaire.............................: ignorer
      Recherche sur les secteurs d'amorçage maître..: marche
      Recherche sur les secteurs d'amorçage.........: marche
      Secteurs d'amorçage...........................: C:, D:,
      Recherche dans les programmes actifs..........: marche
      Recherche en cours sur l'enregistrement.......: marche
      Recherche de Rootkits.........................: arrêt
      Contrôle d'intégrité de fichiers système......: arrêt
      Fichier mode de recherche.....................: Sélection de fichiers intelligente
      Recherche sur les archives....................: marche
      Limiter la profondeur de récursivité..........: 20
      Archive Smart Extensions......................: marche
      Heuristique de macrovirus.....................: marche
      Heuristique fichier...........................: élevé

      Début de la recherche : samedi 8 mai 2010 14:32

      La recherche sur les processus démarrés commence :
      Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
      Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
      '11' processus ont été contrôlés avec '11' modules

      La recherche sur les secteurs d'amorçage maître commence :
      Secteur d'amorçage maître HD0
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage maître HD1
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage maître HD2
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage maître HD3
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage maître HD4
      [INFO] Aucun virus trouvé !

      La recherche sur les secteurs d'amorçage commence :
      Secteur d'amorçage 'C:\'
      [INFO] Aucun virus trouvé !
      Secteur d'amorçage 'D:\'
      [INFO] Aucun virus trouvé !

      La recherche sur les renvois aux fichiers exécutables (registre) commence :
      Le registre a été contrôlé ( '67' fichiers).


      La recherche sur les fichiers sélectionnés commence :

      Recherche débutant dans 'C:\' <ACER>
      C:\pagefile.sys
      [AVERTISSEMENT] Impossible d'ouvrir le fichier !
      [REMARQUE] Ce fichier est un fichier système Windows.
      [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
      Recherche débutant dans 'D:\' <ACERDATA>


      Fin de la recherche : samedi 8 mai 2010 15:43
      Temps nécessaire: 1:10:26 Heure(s)

      La recherche a été effectuée intégralement

      18926 Les répertoires ont été contrôlés
      552362 Des fichiers ont été contrôlés
      0 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      0 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      1 Impossible de contrôler des fichiers
      552361 Fichiers non infectés
      9750 Les archives ont été contrôlées
      1 Avertissements
      1 Consignes

      salut voila le rapoort d'antivir
      0
    2. SOS
       
      salut rabah mais tout le monde dit qu'antivir est plus performant qu'avast
      0
  15. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Ton rapport est propre, as-tu d'autre souci?

    @++ :)
    0
    1. SOS
       
      salut dédétraqué


      bah en fait c'est vrai que mon ordinateur va mieux mais il bug toujours au bout d'un moment je ne peux pas le laisser marcher toute la journée...
      0
  16. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Refais un scan avec RSIT et poste le contenu du rapport log.txt à la fin de l'analyse

    Le rapport est dans le dossier ici C:\rsit

    @++ :)
    0
  17. SOS
     
    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Sofiane at 2010-05-09 16:37:20
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 11 GB (15%) free of 74 GB
    Total RAM: 767 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:37:21, on 09/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Sofiane\Bureau\RSIT.exe
    C:\Program Files\trend micro\Sofiane.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://www.triforce.fr/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE37FE06-5406-4CFF-B038-CAA9986D4684}: NameServer = 80.10.246.2,80.10.146.129
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  18. SOS
     
    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-02 279664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-02 812528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-27 61440]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-11-10 198160]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-03-16 47392]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2010-03-17 421888]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"=c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
    "PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
    "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-26 68856]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe [2009-02-03 240544]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Documents and Settings\Sofiane\Menu Démarrer\Programmes\Démarrage
    OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-28 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0
    "NoDriveAutoRun"=67108863
    "NoDriveTypeAutoRun"=323

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "C:\Program Files\Acer TV-FM\PowerCinema.exe"="C:\Program Files\Acer TV-FM\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\Program Files\Acer TV-FM\PCMService.exe"="C:\Program Files\Acer TV-FM\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
    "C:\Program Files\Hercules\Classic Link\Station2.exe"="C:\Program Files\Hercules\Classic Link\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2010-05-09 16:35:44 ----D---- C:\rsit
    2010-05-06 21:39:04 ----D---- C:\Program Files\ESET
    2010-05-06 19:54:17 ----A---- C:\Ad-Report-CLEAN[2].txt
    2010-05-06 19:53:18 ----A---- C:\Ad-Report-CLEAN[1].txt
    2010-05-06 13:34:07 ----SHD---- C:\RECYCLER
    2010-05-05 22:04:25 ----A---- C:\ComboFix.txt
    2010-05-05 21:26:07 ----D---- C:\Qoobox
    2010-05-04 17:04:43 ----N---- C:\WINDOWS\SchedLgU.Txt
    2010-05-04 13:44:03 ----D---- C:\Cmb
    2010-05-03 23:14:04 ----D---- C:\tdsskiller
    2010-05-03 22:41:12 ----D---- C:\Ad-Remover
    2010-05-03 20:29:39 ----D---- C:\Program Files\Panda Security
    2010-05-02 21:15:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-05-02 20:29:14 ----D---- C:\Program Files\navilog1
    2010-05-02 20:01:50 ----D---- C:\ToolBar SD
    2010-05-02 18:29:02 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-04-26 22:56:41 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
    2010-04-17 22:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\Micro Application
    2010-04-14 13:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
    2010-04-14 13:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
    2010-04-14 13:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
    2010-04-14 13:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
    2010-04-14 13:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
    2010-04-14 13:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
    2010-04-12 22:50:56 ----A---- C:\WINDOWS\system32\srusd.dll
    2010-04-12 22:50:51 ----A---- C:\WINDOWS\system32\fnfilter.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\escwiad.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\escwiab.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\escimgd.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\escimg.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\esccmd.dll
    2010-04-12 22:39:44 ----A---- C:\WINDOWS\system32\esccm.dll
    2010-04-12 22:39:38 ----A---- C:\WINDOWS\system32\Esint23.dll
    2010-04-12 15:36:29 ----D---- C:\Program Files\iPod
    2010-04-12 15:36:02 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    0
  19. SOS
     
    ======List of files/folders modified in the last 1 months======

    2010-05-09 16:37:20 ----D---- C:\Program Files\Trend Micro
    2010-05-09 16:37:15 ----D---- C:\WINDOWS\Prefetch
    2010-05-09 16:37:08 ----D---- C:\WINDOWS
    2010-05-09 16:37:07 ----D---- C:\WINDOWS\temp
    2010-05-09 15:49:50 ----SD---- C:\WINDOWS\Tasks
    2010-05-09 15:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2010-05-09 15:49:38 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-05-06 21:39:09 ----SD---- C:\WINDOWS\Downloaded Program Files
    2010-05-06 21:39:04 ----D---- C:\Program Files
    2010-05-05 22:04:28 ----AD---- C:\WINDOWS\system32\drivers
    2010-05-05 22:01:56 ----A---- C:\WINDOWS\system.ini
    2010-05-05 21:58:46 ----D---- C:\WINDOWS\system32
    2010-05-05 21:58:46 ----D---- C:\WINDOWS\AppPatch
    2010-05-05 21:58:45 ----D---- C:\Program Files\Fichiers communs
    2010-05-05 20:34:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2010-05-05 20:33:38 ----D---- C:\Program Files\Mozilla Firefox
    2010-05-05 18:11:46 ----D---- C:\WINDOWS\Minidump
    2010-05-05 18:10:08 ----SHD---- C:\WINDOWS\Installer
    2010-05-04 14:40:57 ----D---- C:\Documents and Settings\Sofiane\Application Data\uTorrent
    2010-05-04 14:00:34 ----D---- C:\WINDOWS\ERDNT
    2010-05-03 20:29:38 ----HD---- C:\WINDOWS\inf
    2010-05-02 22:49:55 ----D---- C:\WINDOWS\ime
    2010-05-02 20:55:00 ----D---- C:\ProgramData
    2010-05-02 17:50:49 ----D---- C:\Documents and Settings
    2010-05-01 20:05:57 ----D---- C:\Program Files\uTorrent
    2010-04-29 15:18:54 ----D---- C:\Program Files\Free Video Converter
    2010-04-29 15:18:35 ----A---- C:\WINDOWS\win.ini
    2010-04-26 22:57:02 ----D---- C:\Program Files\Windows Live
    2010-04-26 22:56:55 ----D---- C:\WINDOWS\system32\DirectX
    2010-04-26 22:56:42 ----RSD---- C:\WINDOWS\assembly
    2010-04-26 22:55:00 ----D---- C:\WINDOWS\Microsoft.NET
    2010-04-26 22:40:15 ----D---- C:\WINDOWS\WinSxS
    2010-04-26 15:58:12 ----A---- C:\WINDOWS\PEV.exe
    2010-04-26 11:25:38 ----D---- C:\Program Files\ImgBurn
    2010-04-24 12:31:02 ----D---- C:\WINDOWS\twain_32
    2010-04-17 22:10:21 ----D---- C:\Program Files\Micro Application
    2010-04-17 16:21:21 ----D---- C:\Program Files\Google
    2010-04-14 19:52:13 ----D---- C:\WINDOWS\Debug
    2010-04-14 13:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2010-04-14 13:19:38 ----RSHD---- C:\WINDOWS\system32\dllcache
    2010-04-14 13:19:38 ----AD---- C:\i386
    2010-04-14 13:19:28 ----HD---- C:\WINDOWS\$hf_mig$
    2010-04-14 13:15:57 ----D---- C:\WINDOWS\ie8updates
    2010-04-14 13:03:32 ----D---- C:\WINDOWS\system32\CatRoot
    2010-04-12 22:39:38 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-04-12 22:39:38 ----D---- C:\epson
    2010-04-12 22:25:50 ----D---- C:\Documents and Settings\Sofiane\Application Data\Adobe
    2010-04-12 15:37:22 ----D---- C:\Program Files\iTunes
    2010-04-12 15:36:24 ----D---- C:\Program Files\Fichiers communs\Apple
    2010-04-12 15:28:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-04-12 15:27:50 ----D---- C:\Program Files\Bonjour
    2010-04-12 15:13:26 ----D---- C:\Program Files\Safari
    2010-04-10 00:41:08 ----D---- C:\Program Files\Messenger Plus! Live

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-11 21419]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
    R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-28 3565568]
    R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-06 5788672]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-12-16 6144]
    R3 RT73;Hercules Wireless USB Dongle Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-12-21 429440]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-05-28 33588]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]
    S3 catchme;catchme; \??\C:\DOCUME~1\Sofiane\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
    S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 PAC7302;Hercules Classic Link; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 snpstd;TRUST 120 SPACEC@M; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-19 299776]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
    S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
    S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
    S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2006-05-04 438272]
    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-28 602112]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
    R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe [2006-03-29 266338]
    R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe [2006-03-29 114784]
    R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe [2006-03-29 1073152]
    R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-30 66872]
    R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-02 107832]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-05-28 65536]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-27 593920]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-05 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
    0
  20. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Mettre MalwareByte's Anti-Malware à jour

    ---

    - Redémarre en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

    ---

    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

    - Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

    Tutoriel pour MalwareByte's ici :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    @++ :)
    0
    1. SOS
       
      hello voila le rapport

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4086

      Windows 5.1.2600 Service Pack 3 (Safe Mode)
      Internet Explorer 8.0.6001.18702

      10/05/2010 18:04:26
      mbam-log-2010-05-10 (18-04-26).txt

      Type d'examen: Examen complet (C:\|D:\|)
      Elément(s) analysé(s): 330924
      Temps écoulé: 57 minute(s), 49 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 7

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0197075.exe (Adware.UltraReach) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0197221.exe (Adware.ADON) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0197581.exe (Adware.UltraReach) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0198213.exe (Adware.ADON) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0198574.exe (Adware.UltraReach) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0199213.exe (Adware.ADON) -> No action taken.
      C:\system volume information\_restore{787DC6C3-51B9-452C-97E3-A31D31627396}\RP504\A0199575.exe (Adware.UltraReach) -> No action taken.
      0
  21. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SOS

    Supprime Combofix qui est sur le bureau, télécharge la nouvelle version a la même adresse :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Faire un scan et poste le rapport

    @++ :)
    0
    1. sos
       
      salut desolé du retard voila le rapport

      ComboFix 10-05-10.05 - Sofiane 12/05/2010 13:50:22.11.2 - x86 NETWORK
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.586 [GMT 2:00]
      Lancé depuis: c:\documents and settings\Sofiane\Bureau\ComboFix.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-12 au 2010-05-12 ))))))))))))))))))))))))))))))))))))
      .

      2010-05-10 14:38 . 2010-05-10 14:38 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
      2010-05-10 14:38 . 2010-05-10 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
      2010-05-09 14:35 . 2010-05-09 14:35 -------- d-----w- C:\rsit
      2010-05-06 19:39 . 2010-05-06 19:39 -------- d-----w- c:\program files\ESET
      2010-05-04 11:44 . 2010-05-04 12:01 -------- d-----w- C:\Cmb
      2010-05-03 21:14 . 2010-05-03 21:15 -------- d-----w- C:\tdsskiller
      2010-05-03 20:41 . 2010-05-06 18:06 -------- d-----w- C:\Ad-Remover
      2010-05-03 18:29 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-05-03 18:29 . 2010-05-03 18:29 -------- d-----w- c:\program files\Panda Security
      2010-05-02 19:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-02 19:15 . 2010-05-02 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-05-02 19:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-05-02 18:29 . 2010-05-02 19:03 -------- d-----w- c:\program files\navilog1
      2010-05-02 18:01 . 2010-05-02 18:49 -------- d-----w- C:\ToolBar SD
      2010-05-02 15:56 . 2010-05-03 15:06 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\temp
      2010-05-02 15:56 . 2010-05-02 15:56 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
      2010-05-02 15:53 . 2010-05-02 16:10 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
      2010-05-02 15:53 . 2010-05-02 15:53 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.moovida
      2010-05-02 15:51 . 2010-05-02 15:51 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
      2010-04-26 20:56 . 2010-04-26 20:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2010-04-17 21:58 . 2010-05-02 15:13 820440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
      2010-04-17 20:25 . 2010-04-17 20:25 8854 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 53248 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut1_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 53248 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut11_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25 . 2010-04-17 20:25 10134 ----a-r- c:\documents and settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\ARPPRODUCTICON.exe
      2010-04-17 20:10 . 2010-04-17 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Application
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:47 99840 ----a-w- c:\windows\system32\dllcache\srusd.dll
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:20 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\fnfilter.dll
      2010-04-12 20:50 . 2001-08-23 15:47 72192 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
      2010-04-12 20:39 . 2002-06-19 22:00 32256 ----a-w- c:\windows\system32\escwiad.dll
      2010-04-12 20:39 . 2002-06-19 22:00 22528 ----a-w- c:\windows\system32\esccmd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 47104 ----a-w- c:\windows\system32\escimgd.dll
      2010-04-12 20:39 . 2001-11-14 22:00 33280 ----a-w- c:\windows\system32\esccm.dll
      2010-04-12 20:39 . 2001-11-14 22:00 32256 ----a-w- c:\windows\system32\escwiab.dll
      2010-04-12 20:39 . 2001-11-14 22:00 27648 ----a-w- c:\windows\system32\escimg.dll
      2010-04-12 20:39 . 2002-01-30 22:00 126976 ----a-w- c:\windows\system32\Esint23.dll
      2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\program files\iPod
      2010-04-12 13:36 . 2010-04-12 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-04-12 13:21 . 2010-04-12 13:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
      2010-04-12 13:08 . 2010-04-12 13:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
      0
    2. sos
       
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-11 15:51 . 2008-07-25 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
      2010-05-11 14:41 . 2010-03-27 12:37 439816 ----a-w- c:\documents and settings\Sofiane\Application Data\Real\Update\setup3.10\setup.exe
      2010-05-09 14:37 . 2008-10-19 16:47 -------- d-----w- c:\program files\Trend Micro
      2010-05-04 12:40 . 2008-05-11 10:42 -------- d-----w- c:\documents and settings\Sofiane\Application Data\uTorrent
      2010-05-01 18:05 . 2008-05-11 10:42 -------- d-----w- c:\program files\uTorrent
      2010-04-29 13:18 . 2009-12-10 18:43 -------- d-----w- c:\program files\Free Video Converter
      2010-04-28 10:59 . 2010-04-28 10:59 789 ----a-w- c:\program files\Raccourci vers HiJackThis.lnk
      2010-04-26 20:57 . 2009-06-22 13:35 -------- d-----w- c:\program files\Windows Live
      2010-04-26 09:25 . 2010-01-01 16:20 -------- d-----w- c:\program files\ImgBurn
      2010-04-17 20:10 . 2008-08-02 14:26 -------- d-----w- c:\program files\Micro Application
      2010-04-17 14:21 . 2008-05-11 18:56 -------- d-----w- c:\program files\Google
      2010-04-14 11:20 . 2008-05-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2010-04-12 20:39 . 2006-05-21 03:55 -------- d--h--w- c:\program files\InstallShield Installation Information
      2010-04-12 13:37 . 2009-11-30 23:01 -------- d-----w- c:\program files\iTunes
      2010-04-12 13:36 . 2009-04-11 08:09 -------- d-----w- c:\program files\Fichiers communs\Apple
      2010-04-12 13:27 . 2009-04-11 08:11 -------- d-----w- c:\program files\Bonjour
      2010-04-12 13:13 . 2009-11-30 22:42 -------- d-----w- c:\program files\Safari
      2010-04-09 22:41 . 2010-01-24 20:35 -------- d-----w- c:\program files\Messenger Plus! Live
      2010-04-03 13:00 . 2009-02-16 11:36 -------- d-----w- c:\program files\CCleaner
      2010-03-30 15:18 . 2009-11-30 23:03 75792 ---ha-w- c:\windows\system32\mlfcache.dat
      2010-03-28 11:21 . 2006-05-20 20:02 86622 ----a-w- c:\windows\system32\perfc00C.dat
      2010-03-28 11:21 . 2006-05-20 20:02 514962 ----a-w- c:\windows\system32\perfh00C.dat
      2010-03-14 20:53 . 2009-11-13 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
      2010-03-10 06:16 . 2004-08-05 05:00 420352 ----a-w- c:\windows\system32\vbscript.dll
      2010-02-25 06:17 . 2005-07-03 02:16 916480 ----a-w- c:\windows\system32\wininet.dll
      2010-02-24 17:24 . 2009-08-26 18:19 98104 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
      2010-02-24 13:11 . 2005-01-19 04:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
      2010-02-16 19:06 . 2005-09-29 18:28 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
      2010-02-16 19:06 . 2005-09-29 18:28 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2010-02-12 10:03 . 2010-03-21 21:41 293376 ------w- c:\windows\system32\browserchoice.exe
      2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
      2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
      2010-02-12 04:34 . 2004-08-05 05:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
      2010-02-11 12:02 . 2004-08-05 05:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
      .

      ((((((((((((((((((((((((((((( SnapShot@2010-05-05_20.01.56 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2008-10-02 17:39 . 2010-05-10 14:38 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
      + 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
      "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160]
      "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-03-17 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

      c:\documents and settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
      WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2008-5-10 721408]
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

      c:\documents and settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "c:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
      "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
      "c:\\Program Files\\Hercules\\Classic Link\\Station2.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "2431:TCP"= 2431:TCP:Services
      "3362:TCP"= 3362:TCP:Services
      "3306:TCP"= 3306:TCP:Services
      "5112:TCP"= 5112:TCP:Services
      "7886:TCP"= 7886:TCP:Services
      "7887:TCP"= 7887:TCP:Services
      "3300:TCP"= 3300:TCP:Services
      "5100:TCP"= 5100:TCP:Services
      "5379:TCP"= 5379:TCP:Services
      "9258:TCP"= 9258:TCP:Services
      "65533:TCP"= 65533:TCP:Services
      "52344:TCP"= 52344:TCP:Services
      "6868:TCP"= 6868:TCP:Services
      "6869:TCP"= 6869:TCP:Services
      "3389:TCP"= 3389:TCP:Remote Desktop
      "3744:TCP"= 3744:TCP:Services
      "5988:TCP"= 5988:TCP:Services
      "5287:TCP"= 5287:TCP:Services
      "9074:TCP"= 9074:TCP:Services
      "5148:TCP"= 5148:TCP:Services
      "8796:TCP"= 8796:TCP:Services
      "2868:TCP"= 2868:TCP:Services
      "4236:TCP"= 4236:TCP:Services
      "1884:TCP"= 1884:TCP:Services
      "2268:TCP"= 2268:TCP:Services
      "2759:TCP"= 2759:TCP:Services
      "4018:TCP"= 4018:TCP:Services
      "2369:TCP"= 2369:TCP:Services
      "3238:TCP"= 3238:TCP:Services
      "6390:TCP"= 6390:TCP:Services
      "6391:TCP"= 6391:TCP:Services
      "8197:TCP"= 8197:TCP:Services
      "8196:TCP"= 8196:TCP:Services
      "5238:TCP"= 5238:TCP:Services
      "8976:TCP"= 8976:TCP:Services

      R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [05/02/2005 09:00 85888]
      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [03/05/2010 20:29 28552]
      S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2010 15:16 108289]
      S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/08/2009 22:11 233472]
      S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 23:29 135664]
      S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [20/09/2009 00:22 98432]
      S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/08/2009 22:11 36608]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
      S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [10/08/2009 22:11 90112]
      S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [10/08/2009 22:11 14976]
      S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [10/08/2009 22:11 121856]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

      2010-05-12 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 08:47]

      2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29]

      2010-05-12 c:\windows\Tasks\User_Feed_Synchronization-{EA792E68-90A3-42D3-8F03-B602173DF34B}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = about:blank
      uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      mWindow Title =
      uInternet Settings,ProxyOverride = local;*.local
      IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
      TCP: {AE37FE06-5406-4CFF-B038-CAA9986D4684} = 80.10.246.2,80.10.146.129
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-05-12 14:00
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x83502128]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xf76d3f28
      \Driver\ACPI -> ACPI.sys @ 0xf7625cb8
      \Driver\atapi -> atapi.sys @ 0xf75dd852
      IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
      SecurityProcedure -> ntoskrnl.exe @ 0x805df529
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
      SecurityProcedure -> ntoskrnl.exe @ 0x805df529
      NDIS: -> SendCompleteHandler -> 0x0
      PacketIndicateHandler -> 0x0
      SendHandler -> 0x0
      user & kernel MBR OK

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-2261729735-2498202468-3724448963-1006\Software\SecuROM\License information*]
      "datasecu"=hex:d8,0e,22,f9,ab,7b,1b,60,74,d5,5b,ce,c8,df,5f,7b,d9,1f,20,bb,e9,
      97,25,e3,ef,93,c6,f0,95,dd,51,bc,a5,98,50,ca,26,73,dd,60,75,25,a5,ea,0d,e2,\
      "rkeysecu"=hex:ff,5e,ef,21,07,54,25,77,5e,85,2e,c5,79,63,46,a6
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(880)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2010-05-12 14:03:06
      ComboFix-quarantined-files.txt 2010-05-12 12:03
      ComboFix2.txt 2010-05-05 20:04

      Avant-CF: 13 752 217 600 octets libres
      Après-CF: 13 692 030 976 octets libres

      - - End Of File - - 4B45CC46E255F3970C95C8CB70988AA6
      0
    3. sos
       
      salut salut

      je viens relancer le sujet et c'était pour dire que mon pc quand il bug un bruit aigue vient de l'unité centrale et que sur google a chaque fois je suis redirigé, donc je dois utiliser un autre moteur de recherche
      0
    4. SOS
       
      voila le rapport

      ComboFix 10-05-13.02 - Sofiane 14/05/2010 0:11:58.12.2 - x86 MINIMAL
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.604 [GMT 2:00]
      Lancé depuis: C:\Documents and Settings\Sofiane\Bureau\ComboFix.exe
      Commutateurs utilisés :: C:\Documents and Settings\Sofiane\Bureau\CFScript.txt
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\eMule\lang\ar_AE.dll
      C:\Program Files\eMule\lang\ba_BA.dll
      C:\Program Files\eMule\lang\bg_BG.dll
      C:\Program Files\eMule\lang\ca_ES.dll
      C:\Program Files\eMule\lang\cz_CZ.dll
      C:\Program Files\eMule\lang\da_DK.dll
      C:\Program Files\eMule\lang\de_DE.dll
      C:\Program Files\eMule\lang\el_GR.dll
      C:\Program Files\eMule\lang\es_AS.dll
      C:\Program Files\eMule\lang\es_ES_T.dll
      C:\Program Files\eMule\lang\et_EE.dll
      C:\Program Files\eMule\lang\fa_IR.dll
      C:\Program Files\eMule\lang\fi_FI.dll
      C:\Program Files\eMule\lang\fr_BR.dll
      C:\Program Files\eMule\lang\fr_FR.dll
      C:\Program Files\eMule\lang\gl_ES.dll
      C:\Program Files\eMule\lang\he_IL.dll
      C:\Program Files\eMule\lang\hu_HU.dll
      C:\Program Files\eMule\lang\it_IT.dll
      C:\Program Files\eMule\lang\jp_JP.dll
      C:\Program Files\eMule\lang\ko_KR.dll
      C:\Program Files\eMule\lang\lt_LT.dll
      C:\Program Files\eMule\lang\lv_LV.dll
      C:\Program Files\eMule\lang\mt_MT.dll
      C:\Program Files\eMule\lang\nb_NO.dll
      C:\Program Files\eMule\lang\nl_NL.dll
      C:\Program Files\eMule\lang\nn_NO.dll
      C:\Program Files\eMule\lang\pl_PL.dll
      C:\Program Files\eMule\lang\pt_BR.dll
      C:\Program Files\eMule\lang\pt_PT.dll
      C:\Program Files\eMule\lang\ro_RO.dll
      C:\Program Files\eMule\lang\ru_RU.dll
      C:\Program Files\eMule\lang\sl_SI.dll
      C:\Program Files\eMule\lang\sq_AL.dll
      C:\Program Files\eMule\lang\sv_SE.dll
      C:\Program Files\eMule\lang\tr_TR.dll
      C:\Program Files\eMule\lang\ua_UA.dll
      C:\Program Files\eMule\lang\ug_CN.dll
      C:\Program Files\eMule\lang\va_ES.dll
      C:\Program Files\eMule\lang\va_ES_RACV.dll
      C:\Program Files\eMule\lang\vi_VN.dll
      C:\Program Files\eMule\lang\zh_CN.dll
      C:\Program Files\eMule\lang\zh_TW.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-13 au 2010-05-13 ))))))))))))))))))))))))))))))))))))
      .

      2010-05-13 21:14:28 . 2010-05-13 21:14:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\eConsole
      2010-05-13 20:53:12 . 2010-05-13 21:05:52 -------- d-----w- C:\Program Files\ZHPDiag
      2010-05-09 14:35:44 . 2010-05-09 14:35:57 -------- d-----w- C:\rsit
      2010-05-06 19:39:04 . 2010-05-06 19:39:04 -------- d-----w- C:\Program Files\ESET
      2010-05-04 11:44:03 . 2010-05-04 12:01:56 -------- d-----w- C:\Cmb
      2010-05-03 21:14:04 . 2010-05-03 21:15:28 -------- d-----w- C:\tdsskiller
      2010-05-03 20:41:12 . 2010-05-06 18:06:47 -------- d-----w- C:\Ad-Remover
      2010-05-03 18:29:45 . 2009-06-30 07:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys
      2010-05-03 18:29:39 . 2010-05-03 18:29:39 -------- d-----w- C:\Program Files\Panda Security
      2010-05-02 19:16:02 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2010-05-02 19:15:55 . 2010-05-02 19:16:08 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
      2010-05-02 19:15:55 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
      2010-05-02 18:29:14 . 2010-05-02 19:03:21 -------- d-----w- C:\Program Files\navilog1
      2010-05-02 18:01:50 . 2010-05-02 18:49:17 -------- d-----w- C:\ToolBar SD
      2010-05-02 15:56:54 . 2010-05-03 15:06:55 -------- d-----w- C:\Documents and Settings\HelpAssistant\Tracing
      2010-05-02 15:56:54 . 2010-05-02 15:56:54 -------- d-----w- C:\Documents and Settings\HelpAssistant\UserData
      2010-05-02 15:56:53 . 2010-05-02 15:56:53 -------- d-----w- C:\Documents and Settings\HelpAssistant\temp
      2010-05-02 15:56:53 . 2010-05-02 15:56:53 -------- d-----w- C:\Documents and Settings\HelpAssistant\PrivacIE
      2010-05-02 15:53:41 . 2010-05-02 16:10:45 -------- d-----w- C:\Documents and Settings\HelpAssistant\IETldCache
      2010-05-02 15:53:41 . 2010-05-02 15:53:41 -------- d-----w- C:\Documents and Settings\HelpAssistant\IECompatCache
      2010-05-02 15:53:19 . 2010-05-02 15:53:26 -------- d-----w- C:\Documents and Settings\HelpAssistant\Contacts
      2010-05-02 15:51:10 . 2010-05-02 15:51:11 -------- d-----w- C:\Documents and Settings\HelpAssistant\.moovida
      2010-05-02 15:51:05 . 2010-05-02 15:51:09 -------- d-----w- C:\Documents and Settings\HelpAssistant\.housecall6.6
      2010-04-26 20:56:41 . 2010-04-26 20:56:41 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
      2010-04-17 21:58:45 . 2010-05-02 15:13:28 820440 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
      2010-04-17 20:10:21 . 2010-04-17 20:10:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Micro Application

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-13 21:09:27 . 2008-11-13 17:16:38 -------- d-----w- C:\Program Files\ATI Technologies
      2010-05-13 17:53:13 . 2008-07-25 22:07:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater
      2010-05-12 17:05:20 . 2008-05-14 20:42:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2010-05-11 14:41:18 . 2010-03-27 12:37:37 439816 ----a-w- C:\Documents and Settings\Sofiane\Application Data\Real\Update\setup3.10\setup.exe
      2010-05-09 14:37:20 . 2008-10-19 16:47:02 -------- d-----w- C:\Program Files\Trend Micro
      2010-05-04 12:40:57 . 2008-05-11 10:42:24 -------- d-----w- C:\Documents and Settings\Sofiane\Application Data\uTorrent
      2010-05-01 18:05:57 . 2008-05-11 10:42:31 -------- d-----w- C:\Program Files\uTorrent
      2010-04-29 13:18:54 . 2009-12-10 18:43:11 -------- d-----w- C:\Program Files\Free Video Converter
      2010-04-28 10:59:55 . 2010-04-28 10:59:55 789 ----a-w- C:\Program Files\Raccourci vers HiJackThis.lnk
      2010-04-26 20:57:02 . 2009-06-22 13:35:03 -------- d-----w- C:\Program Files\Windows Live
      2010-04-26 09:25:38 . 2010-01-01 16:20:25 -------- d-----w- C:\Program Files\ImgBurn
      2010-04-17 20:25:46 . 2010-04-17 20:25:46 8854 ----a-r- C:\Documents and Settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25:46 . 2010-04-17 20:25:46 53248 ----a-r- C:\Documents and Settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut1_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25:45 . 2010-04-17 20:25:45 53248 ----a-r- C:\Documents and Settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut11_A37A26D584444862933B478371D0299D.exe
      2010-04-17 20:25:45 . 2010-04-17 20:25:45 10134 ----a-r- C:\Documents and Settings\Sofiane\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\ARPPRODUCTICON.exe
      2010-04-17 20:10:21 . 2008-08-02 14:26:35 -------- d-----w- C:\Program Files\Micro Application
      2010-04-17 14:21:21 . 2008-05-11 18:56:23 -------- d-----w- C:\Program Files\Google
      2010-04-12 20:39:38 . 2006-05-21 03:55:20 -------- d--h--w- C:\Program Files\InstallShield Installation Information
      2010-04-12 13:37:22 . 2010-04-12 13:36:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      2010-04-12 13:37:22 . 2009-11-30 23:01:45 -------- d-----w- C:\Program Files\iTunes
      2010-04-12 13:36:29 . 2010-04-12 13:36:29 -------- d-----w- C:\Program Files\iPod
      2010-04-12 13:36:24 . 2009-04-11 08:09:18 -------- d-----w- C:\Program Files\Fichiers communs\Apple
      2010-04-12 13:27:50 . 2009-04-11 08:11:16 -------- d-----w- C:\Program Files\Bonjour
      2010-04-12 13:21:07 . 2010-04-12 13:21:07 73000 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
      2010-04-12 13:13:26 . 2009-11-30 22:42:25 -------- d-----w- C:\Program Files\Safari
      2010-04-12 13:08:29 . 2010-04-12 13:08:29 79144 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
      2010-04-09 22:41:08 . 2010-01-24 20:35:25 -------- d-----w- C:\Program Files\Messenger Plus! Live
      2010-04-03 13:00:46 . 2009-02-16 11:36:07 -------- d-----w- C:\Program Files\CCleaner
      2010-03-30 15:18:48 . 2009-11-30 23:03:32 75792 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
      2010-03-28 11:21:53 . 2006-05-20 20:02:34 86622 ----a-w- C:\WINDOWS\system32\perfc00C.dat
      2010-03-28 11:21:53 . 2006-05-20 20:02:34 514962 ----a-w- C:\WINDOWS\system32\perfh00C.dat
      2010-03-14 20:53:14 . 2009-11-13 21:00:16 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
      2010-03-10 06:16:48 . 2004-08-05 05:00:00 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
      2010-02-25 06:17:37 . 2005-07-03 02:16:42 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
      2010-02-24 17:24:45 . 2009-08-26 18:19:12 98104 ----a-w- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
      2010-02-24 13:11:07 . 2005-01-19 04:26:52 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
      2010-02-16 19:06:59 . 2005-09-29 18:28:36 2148352 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
      2010-02-16 19:06:56 . 2005-09-29 18:28:58 2026496 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
      .

      (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      ---- Directory of C:\Cmb ----

      2010-05-04 11:59:54 . 2010-05-04 11:59:56 674 ----a-w- C:\Cmb\mbr.txt
      2010-05-04 11:44:03 . 2010-05-04 11:43:52 401408 ----a-r- C:\Cmb\CF22669.cfxxe
      2010-05-04 11:43:40 . 2009-10-25 04:11:34 77312 ----a-r- C:\Cmb\mbr.cfxxe


      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45:08 313472]
      "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 09:10:32 536576]
      "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]
      "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 16:05:22 102400]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 22:07:25 68856]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 14:39:04 40960]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07:16 61952]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 03:23:12 149280]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 22:16:44 198160]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 19:58:34 47392]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 10:44:34 31072]
      "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:11 209153]
      "QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-03-17 19:53:36 421888]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-03-25 23:10:02 142120]
      "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 10:24:18 110592]
      "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 12:55:20 425984]

      C:\Documents and Settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      C:\Documents and Settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      C:\Documents and Settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      C:\Documents and Settings\Sofiane\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
      Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
      WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2008-5-10 721408]
      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

      C:\Documents and Settings\HelpAssistant\Menu D'marrer\Programmes\D'marrage\
      OneNote 2007 - Capture d''cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "C:\\Program Files\\SopCast\\SopCast.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "C:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
      "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
      "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
      "C:\\Program Files\\Hercules\\Classic Link\\Station2.exe"=
      "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4493:TCP"= 4493:TCP:Services
      "7486:TCP"= 7486:TCP:Services
      "7774:TCP"= 7774:TCP:Services
      "7775:TCP"= 7775:TCP:Services
      "3385:TCP"= 3385:TCP:Services
      "5270:TCP"= 5270:TCP:Services
      "8290:TCP"= 8290:TCP:Services
      "8291:TCP"= 8291:TCP:Services
      "2494:TCP"= 2494:TCP:Services
      "3488:TCP"= 3488:TCP:Services
      "9008:TCP"= 9008:TCP:Services
      "9009:TCP"= 9009:TCP:Services
      "5461:TCP"= 5461:TCP:Services
      "9422:TCP"= 9422:TCP:Services
      "2978:TCP"= 2978:TCP:Services
      "4456:TCP"= 4456:TCP:Services
      "3389:TCP"= 3389:TCP:Remote Desktop

      R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [05/02/2005 09:00:12 85888]
      R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [03/05/2010 20:29:45 28552]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/01/2010 15:16:11 108289]
      R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [10/08/2009 22:11:04 233472]
      R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [10/08/2009 22:11:04 36608]
      S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [06/01/2010 23:29:59 135664]
      S3 camfilt2;camfilt2;C:\WINDOWS\system32\drivers\camfilt2.sys [20/09/2009 00:22:20 98432]
      S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [29/05/2009 17:13:20 234864]
      S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [10/08/2009 22:11:23 90112]
      S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [10/08/2009 22:11:23 14976]
      S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [10/08/2009 22:11:23 121856]
      .
      Contenu du dossier 'Tâches planifiées'

      2010-04-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34:12 . 2008-07-30 10:34:12]

      2010-05-13 C:\WINDOWS\Tasks\Google Software Updater.job
      - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 11:21:55 . 2009-03-23 08:47:25]

      2010-05-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29:59 . 2010-01-06 21:29:50]

      2010-05-13 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 21:29:59 . 2010-01-06 21:29:50]

      2010-05-13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA792E68-90A3-42D3-8F03-B602173DF34B}.job
      - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 16:36:40 . 2009-03-08 02:31:54]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = about:blank
      uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      TCP: {AE37FE06-5406-4CFF-B038-CAA9986D4684} = 80.10.246.2,80.10.146.129
      DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      Toolbar-Locked - (no file)
      0
  • 1
  • 2