ANTIVIRUS XP 2008

Bonjour EP44,

j'ai fait le tools cleaner2, et quand j'ai fait suppression, il a supprimé a part combofix.exe : erreur de suppression

mais sinon le bureau n'a pas disparu et je ne sais pas si je dois faire la suite désactivation et activation

Merci d'avance.

A+

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\DiagHelp.zip: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\DiagHelp: trouvé !
C:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\ANTHONY\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\ANTHONY\Bureau\DiagHelp.zip: supprimé !
C:\Documents and Settings\ANTHONY\Bureau\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\ANTHONY\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\ANTHONY\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\ANTHONY\Bureau\DiagHelp: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Bonjour,

ok, c'est fait et dois je faire le reste ou c'est pas nécessaire

Merci

Bonsoir,
merci d'avoir répondu mais comme je le disai je suis une burn en info, voilà ce qu'il me donne quand je clique sur
Do a system scan and save the log
après je ne sais pas ce que je dois faire
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:58, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\lphcnhrj0eg7j.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lphcnhrj0eg7j] C:\WINDOWS\system32\lphcnhrj0eg7j.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt410YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?df590edfa2a94f819a469816cae8415a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?df590edfa2a94f819a469816cae8415a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://aurelie80bouba35.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,916,0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Bonjour,
merci pour la réponse, je reviens de week end et rallume seulement mon PC
Toujours cette merde, voici le rapport. -----------\\ ToolBar S&D 1.1.4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : BIOS Version 1.30
USER : ANTHONY ( Administrator )
BOOT : Normal boot

"C:\ToolBar SD" ( MAJ : 24-08-2008|14:20 )
Option : [2] ( 26/08/2008| 6:51 )
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\riched20.dll

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Supprime! - C:\Program Files\FunWebProducts\Shared
Echec ! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch\SrchAstt
Supprime! - C:\DOCUME~1\ANTHONY\Cookies\anthony@mywebsearch[1].txt
Supprime! - C:\DOCUME~1\ANTHONY\Cookies\anthony@mywebsearch[2].txt
Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Supprime! - C:\Program Files\MSN Messenger\riched20.dll
Supprime! - C:\Program Files\FunWebProducts
Echec ! - C:\Program Files\MyWebSearch

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Program Files\MyWebSearch\bar
Echec ! - C:\Program Files\MyWebSearch

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(ANTHONY) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(ANTHONY) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(AURELIE) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
C:\WINDOWS\System32\nvs2.inf

eiybwvr.dat
eiybwvr_nav.dat
eiybwvr_navps.dat
[b]==> EGDACCESS <==/b



-----------\\ Fin du rapport a 7:03:23,95

je vous laiise faire !
c'était un simple avis !
puisque ces derniers jour,nous avons eût du succès avec Malwarebytes pour antivirus XP 2008 !

Bonsoir,

Voici le rapport de combofix, et bien joué car je n'ai plus rien du tout. C'est génial, d'être aussi fort en info, qu'est ce que j'aimerai être aussi doué. Bravo et merci encore.
Est-ce que je peux enlever tous les raccourci sur le bureau.

Quelle est le risque de rechute de ce virus.

Dernière question et j'arrête après, quel antivirus je peux installer sur mon PC

Merci encore

ComboFix 08-08-24.03 - ANTHONY 2008-08-26 7:19:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.114 [GMT 2:00]Endroit: C:\DOCUME~1\ANTHONY\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ANTHONY\Application Data\rhcjhrj0eg7j
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\AURELIE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\rhcjhrj0eg7j
C:\WINDOWS\N039_jpg.zip
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphcnhrj0eg7j.scr
C:\WINDOWS\system32\eiybwvr.dat
C:\WINDOWS\system32\eiybwvr_nav.dat
C:\WINDOWS\system32\eiybwvr_navps.dat
C:\WINDOWS\system32\lphcnhrj0eg7j.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\phcnhrj0eg7j.bmp
C:\WINDOWS\system32\urlmsnlink.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 07:02 . 2008-08-26 07:02 3,022 --a------ C:\Documents and Settings\Orph.egd
2008-08-26 06:50 . 2008-08-26 07:02 <REP> d-------- C:\ToolBar SD
2008-08-22 01:25 . 2008-08-22 01:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-22 01:23 . 2008-08-22 01:29 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-08-22 01:06 . 2008-08-22 01:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-20 06:53 . 2008-08-26 07:34 109,150 --a------ C:\WINDOWS\system32\drivers\db9c334e.sys
2008-08-19 06:57 . 2008-08-19 06:57 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-19 06:45 . 2008-08-19 06:44 27,136 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-08-19 06:45 . 2008-08-26 06:36 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-08-18 21:33 . 2008-08-20 18:06 94,208 --a------ C:\WINDOWS\system32\90.tmp
2008-08-18 21:33 . 2008-08-18 22:01 94,208 --a------ C:\WINDOWS\system32\26.tmp
2008-08-18 21:33 . 2008-08-18 22:01 94,208 --a------ C:\WINDOWS\system32\25.tmp
2008-08-18 21:33 . 2008-08-20 11:15 94,208 --a------ C:\WINDOWS\system32\23.tmp
2008-08-18 17:08 . 2008-08-18 21:30 94,208 --a------ C:\WINDOWS\system32\12.tmp
2008-08-18 16:21 . 2008-08-18 16:23 94,208 --a------ C:\WINDOWS\system32\4F.tmp
2008-08-13 22:45 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 05:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-26 04:52 --------- d-----w C:\Program Files\MSN Messenger
2008-08-04 04:56 --------- d-----w C:\Program Files\PIXELA
2008-05-06 13:26 2,320 -c--a-w C:\DOCUME~1\ANTHONY\Application Data\wklnhst.dat
2008-05-06 13:26 2,320 -c--a-w C:\DOCUME~1\ANTHONY\Application Data\wklnhst.dat
2006-03-13 18:49 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-02-25 20:16 560 -c--a-w C:\Documents and Settings\AURELIE\Application Data\ViewerApp.dat
2006-02-24 13:11 284 -c--a-w C:\Documents and Settings\ROMANE\Application Data\ViewerApp.dat
2006-01-28 14:37 284 -c--a-w C:\DOCUME~1\ANTHONY\Application Data\ViewerApp.dat
2006-01-28 14:37 284 -c--a-w C:\DOCUME~1\ANTHONY\Application Data\ViewerApp.dat
2006-01-21 14:56 2,569 -c--a-w C:\Program Files\Microsoft Word.lnk
.

------- Sigcheck -------

2004-08-05 12:00 17408 656bb1a52f83a7067e238c95c1a15b1c C:\WINDOWS\system32\svchost.exe

2004-08-05 12:00 510464 f590720434bfec7dd9ce57ad4b66dec2 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:22 1039872 eda57a3b3671573f5ba540581c855bfc C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-05 12:00 110592 d21a527f87b4aaedae036286928407c3 C:\WINDOWS\system32\services.exe

2004-08-05 12:00 14848 1b22648d652f86506a518d1ccf3e9a33 C:\WINDOWS\system32\lsass.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 58880 eef28ffdd86763759fe3ea4233f24481 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 07:49 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 09:15 339968]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-04-11 11:14 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-29 19:47 77824]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2007-04-06 12:06 57344]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 17:58 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TPSMain"="TPSMain.exe" [2005-01-21 10:28 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sysrest32.exe"=

S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce9d6b6-07fc-11dd-8e80-0011f5be11ba}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphcnhrj0eg7j - C:\WINDOWS\system32\lphcnhrj0eg7j.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\DOCUME~1\ANTHONY\Application Data\Mozilla\Firefox\Profiles\e7r93xr9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

Bonjour, je ne suis pas sûr de mon coup sur votre explication redites moi Merci

ComboFix 08-08-26.02 - ANTHONY 2008-08-27 7:24:23.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\ANTHONY\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\ANTHONY\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-26 07:02 . 2008-08-26 07:02 3,022 --a------ C:\Documents and Settings\Orph.egd
2008-08-26 06:50 . 2008-08-26 07:02 <REP> d-------- C:\ToolBar SD
2008-08-22 01:25 . 2008-08-22 01:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-22 01:23 . 2008-08-22 01:29 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-08-22 01:06 . 2008-08-22 01:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-20 06:53 . 2008-08-27 07:31 109,150 --a------ C:\WINDOWS\system32\drivers\db9c334e.sys
2008-08-19 06:57 . 2008-08-19 06:57 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-18 21:33 . 2008-08-20 18:06 94,208 --a------ C:\WINDOWS\system32\90.tmp
2008-08-18 21:33 . 2008-08-18 22:01 94,208 --a------ C:\WINDOWS\system32\26.tmp
2008-08-18 21:33 . 2008-08-18 22:01 94,208 --a------ C:\WINDOWS\system32\25.tmp
2008-08-18 21:33 . 2008-08-20 11:15 94,208 --a------ C:\WINDOWS\system32\23.tmp
2008-08-18 17:08 . 2008-08-18 21:30 94,208 --a------ C:\WINDOWS\system32\12.tmp
2008-08-18 16:21 . 2008-08-18 16:23 94,208 --a------ C:\WINDOWS\system32\4F.tmp
2008-08-13 22:45 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 05:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-26 04:52 --------- d-----w C:\Program Files\MSN Messenger
2008-08-04 04:56 --------- d-----w C:\Program Files\PIXELA
2008-05-06 13:26 2,320 -c--a-w C:\Documents and Settings\ANTHONY\Application Data\wklnhst.dat
2006-03-13 18:49 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-02-25 20:16 560 -c--a-w C:\Documents and Settings\AURELIE\Application Data\ViewerApp.dat
2006-02-24 13:11 284 -c--a-w C:\Documents and Settings\ROMANE\Application Data\ViewerApp.dat
2006-01-28 14:37 284 -c--a-w C:\Documents and Settings\ANTHONY\Application Data\ViewerApp.dat
2006-01-21 14:56 2,569 -c--a-w C:\Program Files\Microsoft Word.lnk
.

------- Sigcheck -------

2004-08-05 12:00 17408 656bb1a52f83a7067e238c95c1a15b1c C:\WINDOWS\system32\svchost.exe

2004-08-05 12:00 510464 f590720434bfec7dd9ce57ad4b66dec2 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:22 1039872 eda57a3b3671573f5ba540581c855bfc C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-05 12:00 110592 d21a527f87b4aaedae036286928407c3 C:\WINDOWS\system32\services.exe

2004-08-05 12:00 14848 1b22648d652f86506a518d1ccf3e9a33 C:\WINDOWS\system32\lsass.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 58880 eef28ffdd86763759fe3ea4233f24481 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_ 7.41.49.69 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 07:49 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 09:15 339968]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-04-11 11:14 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-29 19:47 77824]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2007-04-06 12:06 57344]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 17:58 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TPSMain"="TPSMain.exe" [2005-01-21 10:28 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

C:\Documents and Settings\AURELIE\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

C:\Documents and Settings\ROMANE\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce9d6b6-07fc-11dd-8e80-0011f5be11ba}]
\Shell\AutoRun\command - E:\AutoTransfer.exe

*Newly Created Service* - catchme
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-27 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 07:30:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\db9c334e]
"ImagePath"="\SystemRoot\System32\drivers\db9c334e.sys"
.
Temps d'accomplissement: 2008-08-27 7:40:53
ComboFix-quarantined-files.txt 2008-08-27 05:39:48
ComboFix2.txt 2008-08-26 05:43:28

Pre-Run: 5,515,030,528 octets libres
Post-Run: 5,524,799,488 octets libres

137 --- E O F --- 2008-08-27 04:39:07

BONSOIR, voici le rapport malwayrbites
il me reste ccleaner


Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1090
Windows 5.1.2600 Service Pack 2

19:31:09 28/08/2008
mbam-log-08-28-2008 (19-31-09).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 643519
Temps écoulé: 2 hour(s), 32 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 54

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\8.tmp.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\9.tmp.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\A.tmp.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\B.tmp.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\blphcnhrj0eg7j.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089176.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089177.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089178.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089179.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089180.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089181.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089182.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089183.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089184.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089185.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089186.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089187.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089188.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089189.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089190.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089192.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089193.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089194.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089195.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089197.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089198.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089199.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089200.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089201.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089202.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089203.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089204.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089211.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089212.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089213.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089214.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP507\A0089215.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP508\A0089219.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP508\A0089220.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP508\A0089221.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A98093AE-F09D-466F-AB9F-890A95100D41}\RP508\A0089224.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\ToolBar SD\Backup-TB\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\26.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4F.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\90.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.

ET VOICI le rapport Hijackthis après avoir fait Ccleaner, tu me redis

Merci encore
a+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:59, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://aurelie80bouba35.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,916,0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Bonjour, voici le rapport, ca donne quoi notre affaire,
je comprends rien
en tous cas, un grand merci
a+


-----------\\ ToolBar S&D 1.1.4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : BIOS Version 1.30
USER : ANTHONY ( Administrator )
BOOT : Normal boot

"C:\ToolBar SD" ( MAJ : 24-08-2008|14:20 )
Option : [2] ( 29/08/2008| 7:22 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(ANTHONY) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(ANTHONY) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(AURELIE) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

-----------\\ Fin du rapport a 7:24:07,85

Bonjour,
je n'arrive pas à coller le rapport, mais dans les statistiques, il me note :

identified virus: 5 Objects : 88258
infected files : 11 Folders : 10150
suspect files : 0 Archives : 1160
warnings: 0 packed files : 6186
disinfected files : 0
deleted files : 5

Voilà
a+

Bonjour, cela ne marche pas, j'ai essayé 2 ou 3 fois sans réussite

A+

salut E.T
je me demande ce que java et adobe viennent faire dans suppression de antivirus XP 2008 ?????
et laisse a ep44 le soin de finir ! sans faire tout chambarder !!

Bonjour ep44, voici le rapport,

Merci d'avance
a+
DiagHelp version v1.4 - http://www.malekal.com
excute le 01/09/2008 à 6:44:56,85


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->01/09/2008 06:44:50
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->01/09/2008 06:44:24
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->01/09/2008 06:41:30
C:\WINDOWS\prefetch\WCREATOR.EXE-16554FEA.pf -->01/09/2008 06:40:27
C:\WINDOWS\prefetch\JUCHECK.EXE-19C452BF.pf -->01/09/2008 06:36:53
C:\WINDOWS\prefetch\MSN_SL.EXE-047411B3.pf -->01/09/2008 06:36:05
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->01/09/2008 06:35:52
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->01/09/2008 06:35:35
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-38CA75D9.pf -->01/09/2008 06:34:54
C:\WINDOWS\prefetch\MBAM.EXE-0BEE0439.pf -->01/09/2008 06:34:08

C:\WINDOWS\System32\drivers\db9c334e.sys -->01/09/2008 06:44:53
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\bdfndisf.sys -->24/06/2008 18:25:33
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 12:45:13
C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 12:44:38
C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 11:52:06

C:\WINDOWS\System32\wpa.dbl -->01/09/2008 06:31:48
C:\WINDOWS\System32\FNTCACHE.DAT -->22/08/2008 10:37:02
C:\WINDOWS\System32\bdod.bin -->22/08/2008 01:28:22
C:\WINDOWS\System32\bdss.log -->22/08/2008 01:27:27
C:\WINDOWS\System32\23.tmp -->20/08/2008 11:15:14
C:\WINDOWS\System32\25.tmp -->18/08/2008 22:01:54
C:\WINDOWS\System32\TZLog.log -->13/08/2008 23:45:24
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42
C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14
C:\WINDOWS\System32\wuaueng.dll.mui -->18/07/2008 22:09:06
C:\WINDOWS\System32\mucltui.dll -->18/07/2008 22:07:34
C:\WINDOWS\System32\muweb.dll -->18/07/2008 22:07:32
C:\WINDOWS\System32\mucltui.dll.mui -->18/07/2008 22:07:28
C:\WINDOWS\System32\tzchange.exe -->14/07/2008 13:09:18

C:\WINDOWS\WindowsUpdate.log -->01/09/2008 06:33:43
C:\WINDOWS\QTFont.qfn -->01/09/2008 06:31:48
C:\WINDOWS\0.log -->01/09/2008 06:31:34
C:\WINDOWS\wiadebug.log -->01/09/2008 06:31:16
C:\WINDOWS\1-wlancfg.log -->01/09/2008 06:31:16
C:\WINDOWS\wiaservc.log -->01/09/2008 06:31:15
C:\WINDOWS\bootstat.dat -->01/09/2008 06:30:56
C:\WINDOWS\SchedLgU.Txt -->31/08/2008 11:43:57
C:\WINDOWS\6-wlancfg.log -->30/08/2008 10:48:45
C:\WINDOWS\setupapi.log -->29/08/2008 23:01:30
C:\WINDOWS\5-wlancfg.log -->29/08/2008 20:28:42
C:\WINDOWS\system.ini -->27/08/2008 07:30:06
C:\WINDOWS\QTFont.for -->26/08/2008 07:43:44
C:\WINDOWS\win.ini -->22/08/2008 07:40:05
C:\WINDOWS\bdagent.INI -->04/08/2008 06:46:35

winlogon.exe
Verified: Unsigned
svchost.exe
Verified: Unsigned
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 408
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x649b0000 0x97000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\deskbar.dll
0x10000000 0x40000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\dbres.dll
0x64910000 0x94000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\DB\02.05.0001.1119\fr-fr\wordwheel.dll
0x61dd0000 0x21000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll
0x01190000 0x83000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\EXT\02.05.0001.1119\fr-fr\msnlExtRes.dll
0x63bf0000 0x84000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TEM\02.05.0000.1105\fr-fr\Tem.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x63fc0000 0x7000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fr-fr\msn_slps.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x63000000 0x13000 7.12.0004.0000 C:\WINDOWS\system32\SynTPFcs.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x02650000 0xb000 1.00.0008.0001 C:\WINDOWS\system32\TPwrCfg.DLL
0x02660000 0x14000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
0x02680000 0xd000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x00c00000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x01ad0000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x59000000 0x3b000 8.05.1302.1018 C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL
0x74780000 0x16e000 6.05.2600.3367 C:\WINDOWS\system32\quartz.dll
0x01bd0000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll
0x03530000 0x92000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
0x02600000 0x3d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\mtbres.dll
0x64130000 0x79000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\msnHiliteViewer.dll
0x02ad0000 0x1d000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\HV\02.05.0000.1105\fr-fr\hvres.dll
0x63fd0000 0x80000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\msnPopupBlocker.dll
0x036d0000 0x2f000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\PB\02.05.0000.1105\fr-fr\pgres.dll
0x63f90000 0x1f000 2.05.0001.1119 C:\Program Files\MSN Toolbar Suite\ST\02.05.0001.1119\en-xu\stmain.dll
0x63db0000 0x16000 2.05.0000.1105 C:\Program Files\MSN Toolbar Suite\EP\02.05.0000.1105\fr-fr\msnep.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x03d50000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01b70000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 524
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x10000 6.14.0010.4114 C:\WINDOWS\system32\Ati2evxx.dll
0x01e70000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\WINDOWS\system32

05/08/2004 12:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 4 890 734 592 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\WINDOWS\Downloaded Program Files

29/08/2008 23:01 <REP> .
29/08/2008 23:01 <REP> ..
09/01/2008 15:01 32 bdcore.dll
09/01/2008 15:01 118 784 bdupd.dll
18/10/2007 17:20 <REP> CONFLICT.1
06/09/2005 06:53 65 desktop.ini
26/07/2002 02:13 24 576 dwusplay.dll
26/07/2002 02:13 196 608 dwusplay.exe
11/04/2007 14:55 1 292 erma.inf
14/07/2005 17:28 365 f3initialsetup1.0.0.15-3.inf
13/04/2007 02:14 382 344 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
09/01/2008 15:01 53 248 ipsupd.dll
11/04/2006 14:06 322 IPSUploader.inf
21/06/2006 12:32 1 939 056 IPSUploader.ocx
10/06/2005 18:44 417 792 isusweb.dll
26/02/2008 15:42 7 724 lang.ini
09/01/2008 15:01 32 libfn.dll
21/01/2008 17:43 130 live.ini
29/05/2003 16:00 160 864 messengerstatsclient.dll
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
28/02/2007 14:21 130 472 MineSweeper.dll
28/02/2007 14:21 131 472 msgrchkr.dll
02/08/2007 11:31 360 320 MsnPUpld.dll
02/08/2007 15:47 569 MSNPUpld.inf
07/02/2008 14:06 1 248 oscan8.inf
26/02/2008 15:59 487 424 oscan82.ocx
02/08/2007 11:31 67 456 PURen-us.dll
06/08/2007 12:10 68 992 PURfr-fr.dll
09/01/2008 15:01 6 828 scanoptions.tsi
09/11/2006 15:36 5 019 swflash.inf
21/09/2007 10:37 465 472 wlscBase.dll
21/09/2007 10:40 320 wlscBase.inf
19/02/2007 11:26 159 128 ZIntro.ocx
32 fichier(s) 5 493 976 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

18/10/2007 17:20 <REP> .
18/10/2007 17:20 <REP> ..
20/06/2006 15:44 379 704 MsnPUpld.dll
19/06/2006 14:40 393 MsnPUpld.inf
20/06/2006 15:44 117 560 PURen-us.dll
09/01/2007 08:30 110 592 PURfr-fr.dll
4 fichier(s) 608 249 octets

Total des fichiers listés :
36 fichier(s) 6 102 225 octets
5 Rép(s) 4 890 734 592 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 06:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\db9c334e]
"ImagePath"="\SystemRoot\System32\drivers\db9c334e.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\db9c334e]
"ImagePath"="\SystemRoot\System32\drivers\db9c334e.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
408 - explorer.exe
496 - csrss.exe
524 - winlogon.exe
568 - services.exe
580 - lsass.exe
628 - atiptaxx.exe
728 - ati2evxx.exe
752 - svchost.exe
824 - svchost.exe
884 - MsMpEng.exe
940 - svchost.exe
980 - iexplore.exe
1028 - acs.exe
1060 - alg.exe
1116 - svchost.exe
1168 - svchost.exe
1520 - guard.exe
1532 - CFSvcs.exe
1580 - MDM.EXE
1652 - TAPPSRV.exe
1716 - WLANCFG.EXE
1976 - ati2evxx.exe
2156 - cmd.exe
2224 - SynTPLpr.exe
2232 - SynTPEnh.exe
2240 - THotkey.exe
2248 - TvsTray.exe
2304 - NDSTray.exe
2320 - PadExe.exe
2372 - ZSSnp211.exe
2432 - ctfmon.exe
2452 - GoogleToolbarNo
2476 - msnmsgr.exe
2700 - svchost.exe

Total number of processes = 35
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7A4F000 - \WINDOWS\system32\KDCOM.DLL
F795F000 - \WINDOWS\system32\BOOTVID.dll
F74FF000 - ACPI.sys
F7A51000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F74EE000 - pci.sys
F754F000 - isapnp.sys
F755F000 - ohci1394.sys
F756F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7963000 - compbatt.sys
F7967000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7B17000 - pciide.sys
F77CF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F74D0000 - pcmcia.sys
F757F000 - MountMgr.sys
F74B1000 - ftdisk.sys
F796B000 - ACPIEC.sys
F7B18000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F77D7000 - PartMgr.sys
F758F000 - VolSnap.sys
F7499000 - atapi.sys
F759F000 - disk.sys
F75AF000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7479000 - fltMgr.sys
F7467000 - sr.sys
F77DF000 - PxHelp20.sys
F7450000 - KSecDD.sys
F73C3000 - Ntfs.sys
F7396000 - NDIS.sys
F737B000 - Mup.sys
F77AF000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7A2F000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F721C000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F7208000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F78AF000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F71E5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F78B7000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F77BF000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7A33000 - \SystemRoot\System32\Drivers\cdrbsdrv.SYS
F78BF000 - \SystemRoot\system32\drivers\iviaspi.sys
F7A37000 - \SystemRoot\system32\drivers\pfc.sys
F75CF000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F75DF000 - \SystemRoot\system32\DRIVERS\redbook.sys
F71C2000 - \SystemRoot\system32\DRIVERS\ks.sys
F75EF000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F78C7000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7194000 - \SystemRoot\system32\DRIVERS\SynTP.sys
F7A8D000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F78CF000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7133000 - \SystemRoot\system32\DRIVERS\ar5211.sys
F75FF000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6EFD000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F6ED9000 - \SystemRoot\system32\drivers\portcls.sys
F760F000 - \SystemRoot\system32\drivers\drmk.sys
F78D7000 - \SystemRoot\system32\DRIVERS\Tvs.sys
F761F000 - \SystemRoot\system32\DRIVERS\wowxt_kern_i386.sys
F78DF000 - \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
F7C25000 - \SystemRoot\system32\DRIVERS\audstub.sys
F762F000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7A3F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6EC2000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F763F000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F764F000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F78E7000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6EB1000 - \SystemRoot\system32\DRIVERS\psched.sys
F765F000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F78EF000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F78F7000 - \SystemRoot\system32\DRIVERS\raspti.sys
F766F000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7A8F000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6D90000 - \SystemRoot\system32\DRIVERS\update.sys
F7346000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7A91000 - \SystemRoot\system32\DRIVERS\NBSMI.sys
F76DF000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F770F000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7A9F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C27000 - \SystemRoot\System32\Drivers\Null.SYS
F7AA1000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C2A000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7947000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F794F000 - \SystemRoot\System32\drivers\vga.sys
F7AA3000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AA5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7957000 - \SystemRoot\System32\Drivers\Msfs.SYS
F77F7000 - \SystemRoot\System32\Drivers\Npfs.SYS
F79F7000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F2C32000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F2BDA000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F2BB2000 - \SystemRoot\system32\DRIVERS\netbt.sys
F2B90000 - \SystemRoot\System32\drivers\afd.sys
F772F000 - \SystemRoot\system32\DRIVERS\netbios.sys
F77FF000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F2B65000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F2AF6000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F773F000 - \SystemRoot\System32\Drivers\Fips.SYS
F2AD5000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F774F000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F775F000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F2A9C000 - \SystemRoot\System32\drivers\db9c334e.sys
F7C32000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F7A1B000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F778F000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F7A1F000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F2CB5000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F289A000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7AD7000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F2ABD000 - \SystemRoot\System32\drivers\Dxapi.sys
F2A5B000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7B83000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA11000 - \SystemRoot\System32\ati2cqag.dll
BFA43000 - \SystemRoot\System32\atikvmag.dll
BFA75000 - \SystemRoot\System32\ati3duag.dll
BFCA6000 - \SystemRoot\System32\ativvaxx.dll
B8EE0000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys
F6EA5000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B8EDC000 - \SystemRoot\system32\DRIVERS\netdevio.sys
B8B1C000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B8962000 - \SystemRoot\system32\DRIVERS\srv.sys
B876D000 - \SystemRoot\system32\drivers\wdmaud.sys
B88A2000 - \SystemRoot\system32\drivers\sysaudio.sys
B842E000 - \SystemRoot\System32\Drivers\HTTP.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7B80000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 127

Liste des programmes installes

802.11 USB Wireless LAN Adapter
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9 - Français
ArcSoft Multimedia Email
Ares 2.0.9
Assist TOSHIBA
Assistant de connexion Windows Live
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Anti-Spyware 7.5
Barre d'outils MSN Search
BeClean
CCleaner (remove only)
Ciel Gestion Commerciale 12.0
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
Creative WebCam Center
Creative WebCam Vista Plus Driver (1.02.02.0414)
DivX Web Player
DynGate
Finance 2003 version 10.03
First Step Guide
Gadwin PrintScreen
Gestion d'énergie TOSHIBA
Gif Movie Gear 4
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Installer Yahoo! Messenger
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Lecteur Windows Media 11
Lexmark Supplies Monitor
Lexmark Z55
livebox
Logiciel Photo Orange
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam Vista Plus (Français)
Manuels TOSHIBA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 CD-ROM 2
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mozilla Firefox (2.0.0.16)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Outil de diagnostic PC TOSHIBA
Package de base Microsoft de service de chiffrement pour cartes à puce
Picture Package
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Réducteur de bruit lect. CD/DVD
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Son virtuel TOSHIBA
Sonic RecordNow!
Synaptics Pointing Device Driver
TeamViewer
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Touch and Launch
Ulead Photo Express 4.0 My Custom Edition
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6c
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Toolbar
Yahoo! Toolbar



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\Program Files

28/08/2008 07:11 <REP> .
28/08/2008 07:11 <REP> ..
06/09/2005 09:03 <REP> Adobe
13/02/2007 19:28 <REP> Alwil Software
07/09/2006 22:23 <REP> ArcSoft
03/10/2007 12:12 <REP> Ares
18/12/2005 08:16 <REP> Atheros
06/09/2005 07:38 <REP> ATI Technologies
21/02/2008 11:46 <REP> Audacity
03/12/2007 09:25 <REP> AvantGo Connect
03/12/2007 13:40 <REP> AvRack
17/01/2008 18:47 <REP> AVS4YOU
03/10/2007 09:01 <REP> BeClean
10/10/2007 14:34 <REP> BitDefender
09/09/2007 13:04 <REP> CCleaner
13/05/2008 21:45 <REP> Ciel
03/12/2007 09:25 <REP> Common Files
06/09/2005 06:52 <REP> ComPlus Applications
05/03/2007 16:17 <REP> CorelPaintShopProX
09/10/2007 15:22 <REP> Creative
08/09/2007 20:49 <REP> DivX
03/10/2007 11:56 <REP> DynGate
02/12/2007 17:50 <REP> eMule
19/08/2008 06:57 <REP> Enigma Software Group
28/08/2008 19:31 <REP> Fichiers communs
27/12/2005 18:15 <REP> Gadwin Systems
03/01/2008 07:35 <REP> Google
10/10/2007 15:45 <REP> Grisoft
09/10/2007 15:23 <REP> IKEA HomePlanner
26/08/2008 06:52 <REP> Internet Explorer
06/09/2005 08:13 <REP> InterVideo
13/03/2006 17:03 <REP> Inventel
17/06/2008 06:47 <REP> Java
29/01/2006 19:46 <REP> Kodak
23/07/2007 15:47 <REP> Logiciel Photo Orange
03/12/2007 12:33 <REP> ltmoh
05/03/2007 15:54 <REP> Macromedia
28/08/2008 13:32 <REP> Malwarebytes' Anti-Malware
10/10/2007 17:31 <REP> Masta
17/01/2008 18:48 <REP> MaxiMemo
13/08/2008 23:48 <REP> Messenger
03/12/2007 09:25 <REP> Microsoft ActiveSync
05/04/2008 23:28 <REP> Microsoft CAPICOM 2.1.0.2
27/12/2005 17:31 <REP> microsoft frontpage
03/12/2007 09:18 <REP> Microsoft Office
25/09/2007 20:20 <REP> Microsoft Visual Studio
21/01/2006 16:56 2 569 Microsoft Word.lnk
25/09/2007 20:20 <REP> Microsoft Works
06/09/2005 09:09 <REP> Microsoft.NET
06/09/2005 06:52 <REP> Movie Maker
26/08/2008 07:14 <REP> Mozilla Firefox
01/09/2008 06:34 <REP> Mozilla Thunderbird
09/10/2007 15:14 <REP> MSN
06/09/2005 06:51 <REP> MSN Gaming Zone
28/08/2008 19:31 <REP> MSN Messenger
06/09/2005 09:21 <REP> MSN Toolbar Suite
20/11/2006 22:35 <REP> MSXML 4.0
25/09/2007 13:43 <REP> MSXML 6.0
28/08/2007 00:25 <REP> NetMeeting
06/09/2005 06:51 <REP> Online Services
30/04/2008 13:08 <REP> OpenOffice.org 2.4
13/06/2007 07:59 <REP> Outlook Express
17/01/2008 18:47 <REP> PhotoFiltre
04/08/2008 06:56 <REP> PIXELA
29/01/2006 19:47 <REP> QuickTime
03/12/2007 13:40 <REP> Realtek Sound Manager
20/04/2007 20:15 <REP> SAGEM
11/10/2006 21:39 <REP> Securitoo
06/09/2005 06:53 <REP> Services en ligne
27/12/2005 17:32 <REP> Snapshot Viewer
27/12/2005 18:08 <REP> SoftChris
07/04/2006 22:26 <REP> Sonic
02/03/2006 14:24 <REP> Sony Corporation
10/10/2007 15:51 <REP> Symantec
06/09/2005 07:47 <REP> Synaptics
03/10/2007 11:56 <REP> TeamViewer
03/12/2007 11:52 <REP> TeamViewer3
06/09/2005 09:24 <REP> TOSHIBA
22/08/2008 01:06 <REP> Trend Micro
07/09/2006 22:20 <REP> Ulead Systems
09/09/2007 11:37 <REP> VideoLAN
03/12/2007 12:38 <REP> Vimicro
24/01/2008 22:41 <REP> Visicom Media
14/10/2006 09:07 <REP> Wanadoo
25/09/2007 13:55 <REP> Windows Defender
05/04/2008 16:25 <REP> Windows Live
03/10/2007 09:27 <REP> Windows Live Safety Center
13/02/2007 19:45 <REP> Windows Media Connect 2
13/02/2007 19:45 <REP> Windows Media Player
06/09/2005 06:51 <REP> Windows NT
06/09/2005 06:55 <REP> xerox
12/11/2006 13:27 <REP> Yahoo!
1 fichier(s) 2 569 octets
91 Rép(s) 4 878 491 648 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\Program Files\fichiers communs

28/08/2008 19:31 <REP> .
28/08/2008 19:31 <REP> ..
16/05/2008 17:07 <REP> Adobe
17/01/2008 18:47 <REP> AVSMedia
10/10/2007 14:51 <REP> BitDefender
13/05/2008 21:45 <REP> Ciel
27/12/2005 17:24 <REP> Designer
13/03/2006 20:49 278 528 FDEUnInstaller.exe
05/03/2007 16:23 <REP> InstallShield
06/09/2005 07:07 <REP> Java
05/03/2007 15:55 <REP> Macromedia
22/08/2008 07:38 <REP> Microsoft Shared
06/09/2005 06:52 <REP> MSSoap
31/12/2005 20:45 <REP> muvee Technologies
06/09/2005 08:47 <REP> ODBC
06/09/2005 06:52 <REP> Services
22/08/2008 01:29 <REP> Softwin
06/09/2005 08:47 <REP> SpeechEngines
10/10/2007 15:33 <REP> Symantec Shared
03/12/2007 09:19 <REP> System
1 fichier(s) 278 528 octets
19 Rép(s) 4 878 491 648 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

22/08/2008 07:39 <REP> .
22/08/2008 07:39 <REP> ..
06/09/2005 09:09 <REP> 1033
22/08/2008 07:39 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
06/08/2000 10:04 401 462 MSVCP60.DLL
22/01/2001 04:25 69 632 PKMAXCTL.DLL
22/01/2001 04:25 872 448 PKMCDO.DLL
22/01/2001 04:25 159 744 PKMCORE.DLL
07/02/2001 10:59 106 496 PKMFORMS.DLL
12/02/2001 05:03 684 032 PKMRES.DLL
22/01/2001 04:25 28 672 PKMSSTLB.DLL
22/01/2001 04:25 40 960 PKMTEMPL.DLL
22/01/2001 04:25 24 576 PKMTRACE.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
22/01/2001 04:25 237 568 PROMDEMO.DLL
18/03/1999 06:37 593 977 RAGENT.DLL
22/01/2001 04:25 184 320 SECMGR.DLL
22/01/2001 04:25 323 584 VAIDDMGR.DLL
22/01/2001 04:25 32 768 VAIMEM.DLL
19 fichier(s) 5 422 921 octets
4 Rép(s) 4 879 003 648 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\Program Files\common files

03/12/2007 09:25 <REP> .
03/12/2007 09:25 <REP> ..
03/12/2007 09:25 <REP> Microsoft Shared
0 fichier(s) 0 octets
3 Rép(s) 4 879 003 648 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 6468-751A

Répertoire de C:\

31/10/2005 17:56 700 416 StubInstaller.exe
1 fichier(s) 700 416 octets
0 Rép(s) 4 879 003 648 octets libres




c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
c:\Documents and Settings\ANTHONY\.limewire\.NetworkShare\LimeWireWin4.16.4.exe
c:\Documents and Settings\ANTHONY\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\ANTHONY\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\ANTHONY\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\ANTHONY\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\ANTHONY\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\ANTHONY\Bureau\ComboFix.exe
c:\Documents and Settings\ANTHONY\Bureau\ToolBarSD.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\ANTHONY\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\ANTHONY\Local Settings\Temporary Internet Files\Content.IE5\5RZNYDX0\ToolBarSD[1].exe
c:\Documents and Settings\ANTHONY\Local Settings\Temporary Internet Files\Content.IE5\IRZJ1N8B\RSIT[1].exe
c:\Documents and Settings\ANTHONY\Local Settings\Temporary Internet Files\Content.IE5\IW2DG0SA\bitdefender_tsecurity[1].exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\agrsmdel.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\agrsmhom.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\AGRSMMsg.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\agsetup3.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\CSELECT.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\LtMoh.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\setup.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\mod\TOSMREG.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\agrsmdel.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\agrsmhom.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\AGRSMMsg.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\agsetup3.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\CSELECT.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\LtMoh.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\setup.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\modem\TOSMREG.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\alcchkid.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\alcrmv.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\alcrmv64.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\alcrmv9x.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\alcupd.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\AlcUpd64.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\ALCXDEV.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\ChCfg.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\GETDXVER.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\SetCDfmt.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\Setup.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\Ap\AvRack2.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\Ap\MPIE4STD.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\Ap\Mpstd.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\Ap\RtlRack.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\WDM\RTLCPL.EXE
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\WDM\SoundMan.exe
c:\Documents and Settings\ANTHONY\Mes documents\DivX Movies\Nouveau dossier\Sound Driver\WinNT4\SoundMan.exe
c:\Documents and Settings\ANTHONY\temp\DynGate_Setup_fr.exe
c:\Documents and Settings\ANTHONY\temp\TeamViewer3\TeamViewer_.exe
c:\Documents and Settings\AURELIE\Mes documents\ccsetup201.exe
c:\Documents and Settings\AURELIE\Mes documents\Mon bloc-notes\Personnel\AideAudacity1.2FR.exe
c:\Documents and Settings\AURELIE\Mes documents\Mon bloc-notes\Personnel\avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe
c:\Documents and Settings\AURELIE\Mes documents\SITE JSB\Copie de Mon site\mes logiciels\dreamweaver_8_.exe
c:\Documents and Settings\AURELIE\Mes documents\SITE JSB\Copie de Mon site\mes logiciels\gif-movie-gear.exe
c:\Documents and Settings\AURELIE\Mes documents\SITE JSB\Copie de Mon site\mes logiciels\gif-movie-gear_gif_movie_gear_4.0_francais_9831.exe
c:\Documents and Settings\AURELIE\Mes documents\SITE JSB\Copie de Mon site\mes logiciels\PaintShopProX_FR.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{736412FB-8FDE-48F1-B8FB-0CA8B6EAEBF5}\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\ANTHONY\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\ANTHONY\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\ANTHONY\Application Data\Mozilla\Firefox\Profiles\e7r93xr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\ANTHONY\Application Data\Mozilla\Firefox\Profiles\e7r93xr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\AURELIE\Application Data\Mozilla\Firefox\Profiles\g7fpncjw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\AURELIE\Application Data\Mozilla\Firefox\Profiles\g7fpncjw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_RIVIERE.tar.gz a l'adresse http://upload.malekal.com

Bonjour, voici le rapport

File move failed. C:\WINDOWS\System32\drivers\db9c334e.sys scheduled to be moved on reboot.
C:\WINDOWS\System32\23.tmp moved successfully.
C:\WINDOWS\System32\25.tmp moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_065556

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\db9c334e.sys scheduled to be moved on reboot.

Rebonjour,

Program files??? ou je vais pour voir ça.... j'avais prevenu que j'étais une burn en info

Par contre j'ai fait une recherche de tous les fichiers sur antivirus xp 2008, et il ne m'a rien trouvé

Merci

A+

Bonsoir,
pas de Antivirus xp 2008 dans program files
c'est bon signe ou quoi???

Merci
A+