Probleme suppression de fichier ou de dossier

ComboFix 10-06-17.02 - Nicolas 18/06/2010 18:02:15.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.382.173 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nicolas\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Nicolas\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

file zipped: c:\documents and settings\Nicolas\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nicolas\Application Data\wklnhst.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2


((((((((((((((((((((((((((((( Fichiers créés du 2010-05-18 au 2010-06-18 ))))))))))))))))))))))))))))))))))))
.

2010-06-18 14:49 . 2010-06-18 15:53 -------- d-----w- c:\program files\ZHPDiag
2010-06-18 13:19 . 2010-06-18 13:19 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Malwarebytes
2010-06-18 13:18 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 13:18 . 2010-06-18 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-18 13:18 . 2010-06-18 13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-18 13:18 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 12:20 . 2010-06-18 12:20 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Uniblue
2010-06-18 12:19 . 2010-06-18 12:19 -------- d-----w- c:\program files\Uniblue
2010-06-16 19:39 . 2010-06-16 19:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-16 19:34 . 2010-06-16 19:41 -------- d-----w- c:\documents and settings\Nicolas\Local Settings\Application Data\Temp
2010-06-16 19:34 . 2010-06-16 19:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-16 19:34 . 2010-06-16 19:43 -------- d-----w- c:\program files\Google
2010-06-02 10:02 . 2010-06-02 10:02 -------- d-----w- c:\program files\Photo Story 3 for Windows

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 14:55 . 2009-09-02 14:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-16 08:25 . 2009-04-17 19:32 1 ----a-w- c:\documents and settings\Nicolas\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-29 15:43 . 2009-07-27 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-15 20:49 . 2009-12-03 10:22 -------- d-----w- c:\program files\CDBurnerXP
2010-05-15 17:23 . 2010-05-15 17:23 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Canneverbe Limited
2010-04-26 10:27 . 2009-04-17 17:40 -------- d-----w- c:\program files\Windows Live
2010-04-26 10:26 . 2009-11-25 14:24 -------- d-----w- c:\program files\WalterShop.com
2010-04-13 09:36 . 2004-08-05 12:00 533624 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-13 09:36 . 2004-08-05 12:00 93796 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-26 08:33 . 2010-05-11 10:58 1496064 ----a-w- c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-05-11 10:58 43008 ----a-w- c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-05-11 10:58 339456 ----a-w- c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-05-11 10:58 346112 ----a-w- c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2004-08-09 21:30 . 2009-05-08 15:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-03-17 32768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2009-03-03 107248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-04 09:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [08/05/2010 18:27 402432]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/09/2009 13:40 108289]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2010 21:34 136176]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [23/11/2009 20:17 264576]
.
Contenu du dossier 'Tâches planifiées'

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:34]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:34]

2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{20B93A4E-ECC7-4840-A23A-35054901E9FC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.durable.com/recherche
uDefault_Search_URL = hxxp://www.durable.com/recherche
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://www.durable.com/recherche
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Durable
FF - prefs.js: browser.startup.homepage - hxxp://www.durable.com/recherche
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - component: c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\ufcdg2lt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 18:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2312)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\ALCXMNTR.EXE
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\OrangeHSS\Deskboard\deskboard.exe
c:\program files\OrangeHSS\connectivity\connectivitymanager.exe
c:\program files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
.
**************************************************************************
.
Heure de fin: 2010-06-18 18:18:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-18 16:18
ComboFix2.txt 2010-06-18 15:28

Avant-CF: 36 952 223 744 octets libres
Après-CF: 36 947 177 472 octets libres

- - End Of File - - 8AAD4FAA7D6EC21BA92A589772C14863

j'arrive pas a DESACTIVER MON ANTIVIRUS j'ai fait par panneau de configuration et supprimer fichier mais il est toujours present

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.1.1 ¤¤¤¤¤¤¤¤¤¤

User : Nicolas (Administrateurs)
Update on 18/06/2010 by g3n-h@ckm@n ::::: 08.40
Start at: 12:00:20 | 19/06/2010

AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 51,38 Go (34,66 Go free) [Windows xp home] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
S:\ -> Disque fixe local | 97,67 Go (71,84 Go free) [Mes documents] | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

C:\windows\System32\smss.exe----400 Ko
C:\windows\system32\csrss.exe----3564 Ko
C:\windows\system32\winlogon.exe----2184 Ko
C:\windows\system32\services.exe----3500 Ko
C:\windows\system32\lsass.exe----6252 Ko
C:\windows\system32\Ati2evxx.exe----2324 Ko
C:\windows\system32\svchost.exe----4932 Ko
C:\windows\system32\svchost.exe----4264 Ko
C:\windows\System32\svchost.exe----22244 Ko
C:\windows\system32\svchost.exe----2996 Ko
C:\windows\system32\svchost.exe----3012 Ko
C:\windows\system32\spoolsv.exe----5028 Ko
C:\windows\system32\svchost.exe----3768 Ko
C:\Program Files\LSI SoftModem\agrsmsvc.exe----1392 Ko
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe----3124 Ko
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe----1848 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe----4916 Ko
C:\Program Files\Java\jre6\bin\jqs.exe----16552 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe----5872 Ko
C:\Program Files\CDBurnerXP\NMSAccessU.exe----1884 Ko
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe----6640 Ko
C:\windows\system32\SearchIndexer.exe----5188 Ko
C:\windows\system32\wuauclt.exe----6776 Ko
C:\windows\system32\Ati2evxx.exe----2196 Ko
C:\windows\system32\userinit.exe----0 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe----5868 Ko
C:\windows\Explorer.EXE----13200 Ko
C:\windows\system32\wscntfy.exe----2268 Ko
C:\windows\System32\alg.exe----3584 Ko
C:\windows\system32\cmd.exe----1928 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe----4564 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe----4944 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe----6832 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE----3324 Ko
C:\Program Files\List_Kill'em\pv.exe----2768 Ko

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\windows\002552_.tmp
Quarantined & Deleted !! : C:\windows\SET3.tmp
Quarantined & Deleted !! : C:\windows\SET4.tmp
Quarantined & Deleted !! : C:\windows\SET8.tmp

Quarantined & Deleted !! : C:\windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\SuggestedSites.dat
Deleted !! : C:\RECYCLER\S-1-5-21-839522115-1757981266-2146989891-1004\Dc1.txt
Deleted !! : C:\RECYCLER\S-1-5-21-839522115-1757981266-2146989891-1004\Dc2.txt

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4215

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/06/2010 14:10:14
mbam-log-2010-06-19 (14-10-14).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|S:\|)
Elément(s) analysé(s): 163442
Temps écoulé: 38 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

http://www.cijoint.fr/cjlink.php?file=cj201006/cijAYCta4G.txt

http://www.cijoint.fr/cjlink.php?file=cj201006/cijCk4aei6.txt

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
HKU\S-1-5-21-839522115-1757981266-2146989891-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-839522115-1757981266-2146989891-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-839522115-1757981266-2146989891-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-839522115-1757981266-2146989891-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Durable" removed from browser.search.defaultenginename
Prefs.js: "http://www.durable.com/" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Durable" removed from browser.search.selectedEngine
Prefs.js: "http://www.durable.com/recherche" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
========== FILES ==========
C:\windows\System\eelraq moved successfully.
C:\Documents and Settings\Nicolas\Application Data\B18NG.txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temporary Internet Files folder emptied: 216154 bytes

User: Administrateur.NICO
->Temporary Internet Files folder emptied: 598532 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nicolas
->Temp folder emptied: 1839128 bytes
->Temporary Internet Files folder emptied: 624049 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70464729 bytes
->Flash cache emptied: 1918356 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4189678 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 25518044 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 246436 bytes

Total Files Cleaned = 101,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_161911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

non ca ne me dit rien c'est quoi

je n'en ai aucune idee en tout cas je ne l'utilise pas

lorsque je le recherche il s'affiche comme un dossier

dedans rien de special

j'ai trouver ce que c'est ca equivaut à durable .com c'etait ma page d'accueil sur firefox

ok c'est fait

il ma l'air plus rapide par contre au demarrage je pense que j'ai des choses qui se lancent et qui sont peut etre pas necessaire peut tu m'aider sur ca merci d'avance pour tout