Rapport de Mister Jack !

Résolu
HNTS -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Étant donné que je ne suis pas encore tout à fait apte à vérifier par moi même, quelqu'un aurait t-il la bonté, de me dire si quelque chose cloche et tout et à jour :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:55, on 14/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\DOCUME~1\B~1\LOCALS~1\Temp\Rar$EX00.938\WFlip042\winflip\WinFlip.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\JB\Mes documents\Téléchargements\HiJackThis (1).exe
C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\Boulangé Jérémy\Application Data\Toolbars\Amazon Toolbar\amazon.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11484 bytes

Thank !
Configuration: Windows XP
Google Chrome

31 réponses

  • 1
  • 2
  1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Bien ...

    encore une bestiole qui persite ... ^^"

    Fais ceci :

    Télécharges MalwareByte's :
    ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
    ou ici : http://www.malwarebytes.org/mbam.php

    Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

    Potasses le tuto pour te familiariser avec le prg :
    https://forum.pcastuces.com/sujet.asp?f=31&s=3
    https://www.androidworld.fr/
    ( cela dis, il est très simple d'utilisation ).

    Impératif : Démarrer en mode sans echec .

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Comment aller en Mode sans échec :
    1) Redémarres ton ordi .
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
    3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
    4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
    5) Choisis ton compte habituel ( et pas Administrateur ).
    attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

    Lances Malwarebyte's .

    Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ) et supprimes tout ce qu'il peut trouver, c'est à dire :
    -->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" .
    -->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

    Redémarres ton PC ( mode normal ).

    Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...
    1
  2. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    bien ... la suite :

    1-Crées un doc texte sur ton bureau :
    pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" .

    Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

    File::
    C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll


    Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
    CFScript puis valides ...

    2-Nettoyage :

    !! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après ) !!

    --->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

    (Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

    Cette manipulation va relancer combofix .
    --> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide.

    Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

    !! Ne touches à rien tant que le scan n'est pas terminé !!

    Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...

    ( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
    1
  3. HNTS
     
    File/Folder C:\DOCUME~1\JB\Bureau\gh3pc crack\aderk.com.url not found.
    File/Folder C:\DOCUME~1\JB\Bureau\gh3pc crack\hatred.exe not found.
    File/Folder C:\DOCUME~1\JB\Bureau\gh3pc crack\hatred.nfo not found.
    File/Folder C:\DOCUME~1\JB\Bureau\gh3pc crack not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10142008_190924
    0
  4. HNTS
     
    File/Folder C:\Documents and Settings\JB\Bureau\gh3pc crack\aderk.com.url not found.
    File/Folder C:\Documents and Settings\JB\Bureau\gh3pc crack\hatred.exe not found.
    File/Folder C:\Documents and Settings\JB\Bureau\gh3pc crack\hatred.nfo not found.
    File/Folder C:\Documents and Settings\JB\Bureau\gh3pc crack not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10142008_195438
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. HNTS
     
    Rapport SDFix :

    [b]SDFix: Version 1.235 [/b]
    Run by JB on 14/10/2008 at 20:12

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\ehSched.exe - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 20:18:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:48,ca,4d,59,f3,9e,7f,43,f3,55,a0,4c,c6,b4,a0,c8,81,a2,5b,68,a1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b3,0e,a7,74,59,ca,a0,19,e7,1e,4a,cc,05,d4,80,1f,75,..
    "khjeh"=hex:60,8a,12,b1,72,65,47,72,6c,8d,ab,27,db,c2,5d,fb,62,44,f1,84,85,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:f4,f1,5d,fd,df,bf,95,3a,51,64,b1,e2,08,42,75,e1,a1,2f,47,a9,00,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:5a,83,f4,64,38,6a,94,d8,47,2b,24,c0,8a,b4,aa,f5,a4,b6,f8,88,20,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000000
    "khjeh"=hex:48,ca,4d,59,f3,9e,7f,43,f3,55,a0,4c,c6,b4,a0,c8,81,a2,5b,68,a1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b3,0e,a7,74,59,ca,a0,19,e7,1e,4a,cc,05,d4,80,1f,75,..
    "khjeh"=hex:60,8a,12,b1,72,65,47,72,6c,8d,ab,27,db,c2,5d,fb,62,44,f1,84,85,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:f4,f1,5d,fd,df,bf,95,3a,51,64,b1,e2,08,42,75,e1,a1,2f,47,a9,00,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:5a,83,f4,64,38,6a,94,d8,47,2b,24,c0,8a,b4,aa,f5,a4,b6,f8,88,20,..

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DCD99E4-34E1-AB5B-C7CF-3DEA013766DA}]
    "pamgdmpjfladghijldinllleeklofani"=hex:6a,61,69,6f,6b,6d,63,61,65,67,6c,6e,6d,67,66,66,63,64,70,62,00,..
    "oaggfflokleinilmidejfeedpngamf"=hex:6a,61,6c,6f,63,70,66,6b,69,63,70,66,6d,6c,64,68,68,61,69,63,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\SoulseekNS\\slsk.exe"="C:\\Program Files\\SoulseekNS\\slsk.exe:*:Enabled:SoulSeek"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "c:\\program files\\bcd_installed.exe"="c:\\program files\\bcd_installed.exe:*:Enabled:Windows Application Service"
    "C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
    "C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
    "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"="C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe:*:Enabled:Guitar Hero III"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe:*:Enabled:MessengerDiscovery the Windows Live Messenger addon"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 8 May 2006 1,248 A.SH. --- "C:\zj0fao30.sys"
    Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Tue 17 Jun 2008 65,536 A.SH. --- "C:\Program Files\MessengerDiscovery\AlertSkinInstaller.exe"
    Sun 22 Jun 2008 40,960 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
    Wed 2 Dec 1998 143,360 A.SH. --- "C:\Program Files\MessengerDiscovery\unzip.dll"
    Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\is-1HJOM.tmp"
    Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\is-ARHO3.tmp"
    Wed 30 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
    Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
    Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
    Mon 8 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Mon 8 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Mon 8 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Mon 8 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Mon 8 May 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
    Tue 22 Jul 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 3 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 12 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Sun 12 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
    Sun 12 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
    Thu 3 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8171d23d6d072d8b50d065ca55a754fb\BIT3.tmp"
    Thu 3 Jul 2008 4,856,848 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3fd033e4d9140ea4bb2ff5810443583\BIT213.tmp"
    Tue 14 Oct 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE1.tmp"
    Tue 14 Oct 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE2.tmp"

    [b]Finished![/b]
    0
  7. HNTS
     
    Et Jack ! :-))

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:28:25, on 14/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\JBy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
    C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Mes documents\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\Boulangé Jérémy\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\Boulangé Jérémy\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  8. HNTS
     
    Voilà :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    14/10/2008 23:15:04
    mbam-log-2008-10-14 (23-15-04).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
    Eléments examinés: 149783
    Temps écoulé: 2 hour(s), 1 minute(s), 48 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook (Adware.DosPopToolbar) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Suivie de celui de Jack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:23:29, on 14/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\JBy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Mes documents\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\JBy\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  9. HNTS
     
    ComboFix 08-10-14.03 - JB 2008-10-14 23:35:13.3 - NTFSx86
    Lancé depuis: C:\Documents and Settings\JB\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 20:11 . 2008-10-14 20:11 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-10-14 20:09 . 2008-10-14 20:09 <REP> d-------- C:\WINDOWS\ERUNT
    2008-10-14 20:02 . 2008-10-14 20:21 <REP> d-------- C:\SDFix
    2008-10-14 19:09 . 2008-10-14 19:09 <REP> d-------- C:\_OTMoveIt
    2008-10-14 18:00 . 2008-10-14 18:03 <REP> d-------- C:\Program Files\MessengerDiscovery
    2008-10-14 18:00 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx
    2008-10-14 18:00 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
    2008-10-14 18:00 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
    2008-10-12 17:18 . 2008-10-12 17:18 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
    2008-10-12 17:17 . 2008-10-12 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Temp
    2008-10-12 15:32 . 2008-10-12 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-10-12 14:56 . 2008-10-12 15:01 <REP> d-------- C:\Program Files\intocartoonpro
    2008-10-12 13:26 . 2008-10-12 13:26 236 --a------ C:\sqmdata10.sqm
    2008-10-12 13:26 . 2008-10-12 13:26 200 --a------ C:\sqmnoopt10.sqm
    2008-10-12 13:24 . 2008-10-12 15:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-12 13:24 . 2008-10-12 15:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-11 02:15 . 2008-09-04 22:03 56,344 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
    2008-10-11 02:14 . 2008-10-11 02:14 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-10-11 02:13 . 2008-10-11 02:13 <REP> d-------- C:\Program Files\Microsoft
    2008-10-06 00:00 . 2008-10-06 00:00 236 --a------ C:\sqmdata07.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmnoopt09.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmnoopt07.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmdata09.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 120 --a------ C:\sqmnoopt08.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 120 --a------ C:\sqmdata08.sqm
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Program Files\iTunes
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Program Files\iPod
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-03 20:12 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-03 20:12 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-03 20:08 . 2008-10-03 20:08 236 --a------ C:\sqmdata06.sqm
    2008-10-03 20:08 . 2008-10-03 20:08 200 --a------ C:\sqmnoopt06.sqm
    2008-10-03 20:01 . 2008-10-03 20:01 <REP> d-------- C:\Documents and Settings\JB\Application Data\CopyTrans
    2008-10-03 20:00 . 2008-10-03 20:00 <REP> d-------- C:\Program Files\WindSolutions
    2008-10-03 05:59 . 2008-10-03 05:59 <REP> d-------- C:\Program Files\Bonjour
    2008-10-03 05:58 . 2008-10-03 05:58 <REP> d-------- C:\Program Files\QuickTime
    2008-09-29 19:09 . 2008-09-29 19:09 248 --a------ C:\sqmdata05.sqm
    2008-09-29 19:09 . 2008-09-29 19:09 200 --a------ C:\sqmnoopt05.sqm
    2008-09-25 22:50 . 2008-09-25 22:50 236 --a------ C:\sqmdata04.sqm
    2008-09-25 22:50 . 2008-09-25 22:50 200 --a------ C:\sqmnoopt04.sqm
    2008-09-21 00:56 . 2008-09-21 00:56 <REP> d-------- C:\Program Files\Aspyr
    2008-09-21 00:48 . 2008-09-21 00:48 <REP> d-------- C:\Program Files\ISO Commander
    2008-09-18 06:15 . 2008-09-18 06:15 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2008-09-17 19:35 . 2008-09-17 19:35 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 18:49 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-14 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-14 16:36 --------- d-----w C:\Documents and Settings\JB\Application Data\uTorrent
    2008-10-13 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek
    2008-10-12 15:19 --------- d-----w C:\Program Files\CyberLink
    2008-10-12 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-12 15:17 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-10-12 12:03 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-12 10:42 --------- d-----w C:\Program Files\Windows Live
    2008-10-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-02 14:48 --------- d-----w C:\Program Files\KONAMI
    2008-10-01 17:17 --------- d-----w C:\Program Files\uTorrent
    2008-09-30 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-18 04:15 --------- d-----w C:\Program Files\Stardock
    2008-09-13 03:32 --------- d-----w C:\Program Files\FM Modifier 2.2
    2008-09-12 03:22 --------- d-----w C:\Program Files\Google
    2008-09-12 00:51 --------- d-----w C:\Program Files\Thoosje Vista Sidebar
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-03 23:39 --------- d-----w C:\Program Files\Download Express
    2008-09-03 23:39 --------- d-----w C:\Documents and Settings\JB\Application Data\MetaProducts
    2008-09-03 23:39 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MetaProducts
    2008-09-03 01:30 --------- d-----w C:\Program Files\ATI Technologies
    2008-09-03 01:08 --------- d-----w C:\Program Files\ATI
    2008-09-03 01:07 --------- d-----w C:\Documents and Settings\JB\Application Data\ATI
    2008-08-29 23:59 --------- d-----w C:\Documents and Settings\JB\Application Data\fretsonfire
    2008-08-29 23:10 --------- d-----w C:\Program Files\Frets on Fire
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-28 00:39 --------- d-----w C:\Program Files\THQ
    2008-08-28 00:18 --------- d-----w C:\Program Files\Fichiers communs\Windows Live
    2008-08-27 23:37 --------- d-----w C:\Documents and Settings\JB\Application Data\AdobeUM
    2008-08-27 23:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-27 23:06 --------- d-----w C:\Program Files\Realtek AC97
    2008-08-27 18:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-27 06:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-27 05:33 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-08-27 05:30 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-08-27 05:30 --------- d-----w C:\Documents and Settings\JB\Application Data\DAEMON Tools
    2008-08-27 02:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2008-08-27 02:09 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
    2008-08-27 02:02 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
    2008-08-27 02:02 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
    2008-08-26 22:42 --------- d-----w C:\Program Files\eMule
    2008-08-26 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-26 20:14 --------- d-----w C:\Program Files\Yahoo!
    2008-08-26 20:14 --------- d-----w C:\Program Files\CCleaner
    2008-08-26 16:50 --------- d-----w C:\Program Files\Avira
    2008-08-26 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-26 16:46 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-25 22:21 --------- d-----w C:\Program Files\MSECache
    2008-08-25 22:09 66,572 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-08-25 22:09 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-08-25 19:28 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2008-08-25 18:50 --------- d-----w C:\Documents and Settings\JB\Application Data\ViStart
    2008-08-25 18:46 --------- d-----w C:\Documents and Settings\JB\Application Data\Styler
    2008-08-25 16:49 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2008-08-25 02:55 --------- d-----w C:\Program Files\Vista Drive Icon
    2008-08-25 02:44 --------- d-----w C:\Documents and Settings\JB\Application Data\Toolbars
    2008-08-25 02:42 --------- d-----w C:\Documents and Settings\JB\Application Data\OtakuSoftware
    2008-08-25 02:34 --------- d--h--w C:\Documents and Settings\All Users\Application Data\~0
    2008-08-24 23:54 --------- d-----w C:\Documents and Settings\JB\Application Data\Apple Computer
    2008-08-24 20:12 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-24 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-23 14:21 --------- d-----w C:\Documents and Settings\JB\Application Data\InterVideo
    2008-08-23 14:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead
    2008-08-23 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-08-23 14:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-23 02:26 --------- d-----w C:\Program Files\MSXML 4.0
    2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
    2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
    2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
    2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-08-22 01:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
    2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
    2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2008-08-21 21:12 --------- d-----w C:\Documents and Settings\JB\Application Data\Samsung
    2008-08-21 21:08 --------- d-----w C:\Program Files\Samsung
    2008-08-21 18:12 --------- d-----w C:\Program Files\Ubisoft
    2008-08-21 18:11 --------- d-----w C:\Documents and Settings\JB\Application Data\InstallShield
    2008-08-16 05:00 583 ---ha-w C:\os357577.bin
    2008-08-15 00:14 --------- d-----w C:\Program Files\Total Uninstall 4
    2008-08-15 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Martau
    2008-08-14 04:06 --------- d-----w C:\Program Files\ICQ AIM Hider
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-08-03 19:57 520,192 ----a-w C:\WINDOWS\system32\Rolex Oyster Daytona.scr
    2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    .

    ------- Sigcheck -------

    2008-04-13 19:34 979968 ad6ca2ef26603fad2154337c26f0d909 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-10 22:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2008-04-13 19:34 979968 ad6ca2ef26603fad2154337c26f0d909 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21998A86-8246-4F14-ADAF-0E490696FE59}]
    2008-04-14 17:31 2433024 --a------ C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8}"= "C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll" [2008-04-14 2433024]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8}"= "C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll" [2008-04-14 2433024]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{dabefd00-2b5e-4db8-88eb-b1f7500e97a8}]
    [HKEY_CLASSES_ROOT\TBSB02408.TBSB02408.3]
    [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
    [HKEY_CLASSES_ROOT\TBSB02408.TBSB02408]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Google Update"="C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
    "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
    "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 40960]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2008-09-04 392728]
    "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

    C:\Documents and Settings\JB\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-07-03 45056]
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\SoulseekNS\\slsk.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Download Express\\dep.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-06-27 16:50 61424]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
    R2 fsssvc;Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
    R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-08-26 660992]
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-08-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
    - C:\Documents and Settings\JB []
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\rsnr6hes.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 23:37:07
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
    .
    Heure de fin: 2008-10-14 23:38:29
    ComboFix-quarantined-files.txt 2008-10-14 21:38:26

    Avant-CF: 29 046 669 312 octets libres
    Après-CF: 29,034,135,552 octets libres

    292 --- E O F --- 2008-10-12 15:01:19

    Jack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:47:19, on 14/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\JB\Mes documents\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  10. HNTS
     
    ComboFix 08-10-14.03 - JB 2008-10-15 0:11:16.4 - NTFSx86
    Lancé depuis: C:\Documents and Settings\JB\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\JB\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

    FILE ::
    C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 20:11 . 2008-10-14 20:11 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-10-14 20:09 . 2008-10-14 20:09 <REP> d-------- C:\WINDOWS\ERUNT
    2008-10-14 20:02 . 2008-10-14 20:21 <REP> d-------- C:\SDFix
    2008-10-14 19:09 . 2008-10-14 19:09 <REP> d-------- C:\_OTMoveIt
    2008-10-14 18:00 . 2008-10-14 18:03 <REP> d-------- C:\Program Files\MessengerDiscovery
    2008-10-14 18:00 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx
    2008-10-14 18:00 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
    2008-10-14 18:00 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
    2008-10-12 17:18 . 2008-10-12 17:18 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
    2008-10-12 17:17 . 2008-10-12 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Temp
    2008-10-12 15:32 . 2008-10-12 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-10-12 14:56 . 2008-10-12 15:01 <REP> d-------- C:\Program Files\intocartoonpro
    2008-10-12 13:26 . 2008-10-12 13:26 236 --a------ C:\sqmdata10.sqm
    2008-10-12 13:26 . 2008-10-12 13:26 200 --a------ C:\sqmnoopt10.sqm
    2008-10-12 13:24 . 2008-10-12 15:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-12 13:24 . 2008-10-12 15:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-11 02:15 . 2008-09-04 22:03 56,344 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
    2008-10-11 02:14 . 2008-10-11 02:14 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-10-11 02:13 . 2008-10-11 02:13 <REP> d-------- C:\Program Files\Microsoft
    2008-10-06 00:00 . 2008-10-06 00:00 236 --a------ C:\sqmdata07.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmnoopt09.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmnoopt07.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 200 --a------ C:\sqmdata09.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 120 --a------ C:\sqmnoopt08.sqm
    2008-10-06 00:00 . 2008-10-06 00:00 120 --a------ C:\sqmdata08.sqm
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Program Files\iTunes
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Program Files\iPod
    2008-10-03 20:12 . 2008-10-03 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-03 20:12 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2008-10-03 20:12 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2008-10-03 20:08 . 2008-10-03 20:08 236 --a------ C:\sqmdata06.sqm
    2008-10-03 20:08 . 2008-10-03 20:08 200 --a------ C:\sqmnoopt06.sqm
    2008-10-03 20:01 . 2008-10-03 20:01 <REP> d-------- C:\Documents and Settings\JB\Application Data\CopyTrans
    2008-10-03 20:00 . 2008-10-03 20:00 <REP> d-------- C:\Program Files\WindSolutions
    2008-10-03 05:59 . 2008-10-03 05:59 <REP> d-------- C:\Program Files\Bonjour
    2008-10-03 05:58 . 2008-10-03 05:58 <REP> d-------- C:\Program Files\QuickTime
    2008-09-29 19:09 . 2008-09-29 19:09 248 --a------ C:\sqmdata05.sqm
    2008-09-29 19:09 . 2008-09-29 19:09 200 --a------ C:\sqmnoopt05.sqm
    2008-09-25 22:50 . 2008-09-25 22:50 236 --a------ C:\sqmdata04.sqm
    2008-09-25 22:50 . 2008-09-25 22:50 200 --a------ C:\sqmnoopt04.sqm
    2008-09-21 00:56 . 2008-09-21 00:56 <REP> d-------- C:\Program Files\Aspyr
    2008-09-21 00:48 . 2008-09-21 00:48 <REP> d-------- C:\Program Files\ISO Commander
    2008-09-18 06:15 . 2008-09-18 06:15 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2008-09-17 19:35 . 2008-09-17 19:35 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 18:49 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-14 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-14 16:36 --------- d-----w C:\Documents and Settings\JB\Application Data\uTorrent
    2008-10-13 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek
    2008-10-12 15:19 --------- d-----w C:\Program Files\CyberLink
    2008-10-12 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-12 15:17 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
    2008-10-12 12:03 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-12 10:42 --------- d-----w C:\Program Files\Windows Live
    2008-10-03 03:58 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-02 14:48 --------- d-----w C:\Program Files\KONAMI
    2008-10-01 17:17 --------- d-----w C:\Program Files\uTorrent
    2008-09-30 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-09-18 04:15 --------- d-----w C:\Program Files\Stardock
    2008-09-13 03:32 --------- d-----w C:\Program Files\FM Modifier 2.2
    2008-09-12 03:22 --------- d-----w C:\Program Files\Google
    2008-09-12 00:51 --------- d-----w C:\Program Files\Thoosje Vista Sidebar
    2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-03 23:39 --------- d-----w C:\Program Files\Download Express
    2008-09-03 23:39 --------- d-----w C:\Documents and Settings\JB\Application Data\MetaProducts
    2008-09-03 23:39 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MetaProducts
    2008-09-03 01:30 --------- d-----w C:\Program Files\ATI Technologies
    2008-09-03 01:08 --------- d-----w C:\Program Files\ATI
    2008-09-03 01:07 --------- d-----w C:\Documents and Settings\JB\Application Data\ATI
    2008-08-29 23:59 --------- d-----w C:\Documents and Settings\JB\Application Data\fretsonfire
    2008-08-29 23:10 --------- d-----w C:\Program Files\Frets on Fire
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-28 00:39 --------- d-----w C:\Program Files\THQ
    2008-08-28 00:18 --------- d-----w C:\Program Files\Fichiers communs\Windows Live
    2008-08-27 23:37 --------- d-----w C:\Documents and Settings\JB\Application Data\AdobeUM
    2008-08-27 23:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-27 23:06 --------- d-----w C:\Program Files\Realtek AC97
    2008-08-27 18:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-27 06:01 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-27 05:33 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-08-27 05:30 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-08-27 05:30 --------- d-----w C:\Documents and Settings\JB\Application Data\DAEMON Tools
    2008-08-27 02:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2008-08-27 02:09 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
    2008-08-27 02:02 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
    2008-08-27 02:02 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
    2008-08-26 22:42 --------- d-----w C:\Program Files\eMule
    2008-08-26 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-26 20:14 --------- d-----w C:\Program Files\Yahoo!
    2008-08-26 20:14 --------- d-----w C:\Program Files\CCleaner
    2008-08-26 16:50 --------- d-----w C:\Program Files\Avira
    2008-08-26 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-26 16:46 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-25 22:21 --------- d-----w C:\Program Files\MSECache
    2008-08-25 22:09 66,572 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-08-25 22:09 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-08-25 19:28 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2008-08-25 18:50 --------- d-----w C:\Documents and Settings\JB\Application Data\ViStart
    2008-08-25 18:46 --------- d-----w C:\Documents and Settings\JB\Application Data\Styler
    2008-08-25 16:49 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
    2008-08-25 02:55 --------- d-----w C:\Program Files\Vista Drive Icon
    2008-08-25 02:44 --------- d-----w C:\Documents and Settings\JB\Application Data\Toolbars
    2008-08-25 02:42 --------- d-----w C:\Documents and Settings\JB\Application Data\OtakuSoftware
    2008-08-25 02:34 --------- d--h--w C:\Documents and Settings\All Users\Application Data\~0
    2008-08-24 23:54 --------- d-----w C:\Documents and Settings\JB\Application Data\Apple Computer
    2008-08-24 20:12 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-24 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-08-23 14:21 --------- d-----w C:\Documents and Settings\JB\Application Data\InterVideo
    2008-08-23 14:17 --------- d-----w C:\Program Files\Fichiers communs\Ulead
    2008-08-23 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-08-23 14:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-23 02:26 --------- d-----w C:\Program Files\MSXML 4.0
    2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2008-08-22 01:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
    2008-08-22 01:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
    2008-08-22 01:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
    2008-08-22 01:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-08-22 01:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
    2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
    2008-08-22 01:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2008-08-22 00:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2008-08-21 21:12 --------- d-----w C:\Documents and Settings\JB\Application Data\Samsung
    2008-08-21 21:08 --------- d-----w C:\Program Files\Samsung
    2008-08-21 18:12 --------- d-----w C:\Program Files\Ubisoft
    2008-08-21 18:11 --------- d-----w C:\Documents and Settings\JB\Application Data\InstallShield
    2008-08-16 05:00 583 ---ha-w C:\os357577.bin
    2008-08-15 00:14 --------- d-----w C:\Program Files\Total Uninstall 4
    2008-08-15 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Martau
    2008-08-14 04:06 --------- d-----w C:\Program Files\ICQ AIM Hider
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-08-03 19:57 520,192 ----a-w C:\WINDOWS\system32\Rolex Oyster Daytona.scr
    2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    .

    ------- Sigcheck -------

    2008-04-13 19:34 979968 ad6ca2ef26603fad2154337c26f0d909 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-10 22:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2008-04-13 19:34 979968 ad6ca2ef26603fad2154337c26f0d909 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21998A86-8246-4F14-ADAF-0E490696FE59}]
    2008-04-14 17:31 2433024 --a------ C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    2008-09-02 21:13 953360 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8}"= "C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll" [2008-04-14 2433024]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8}"= "C:\Documents and SettingsJB\Application Data\Toolbars\Amazon Toolbar\amazon.dll" [2008-04-14 2433024]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{dabefd00-2b5e-4db8-88eb-b1f7500e97a8}]
    [HKEY_CLASSES_ROOT\TBSB02408.TBSB02408.3]
    [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
    [HKEY_CLASSES_ROOT\TBSB02408.TBSB02408]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Google Update"="C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
    "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
    "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 40960]
    "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2008-09-04 392728]
    "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

    C:\Documents and Settings\JB\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-07-03 45056]
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\SoulseekNS\\slsk.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Download Express\\dep.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-06-27 16:50 61424]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
    R2 fsssvc;Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
    R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-08-26 660992]
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-08-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
    - C:\Documents and Settings\JB []
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-15 00:12:02
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
    .
    Heure de fin: 2008-10-15 0:13:13
    ComboFix-quarantined-files.txt 2008-10-14 22:13:02
    ComboFix2.txt 2008-10-14 21:38:30

    Avant-CF: 29 015 969 792 octets libres
    Après-CF: 29,002,551,296 octets libres

    287 --- E O F --- 2008-10-12 15:01:19

    ...........................................................................................................................................................

    Jack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:22:25, on 15/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\JB\Mes documents\Téléchargements\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  11. HNTS
     
    Qu'en sort t-il ? La bestiole est elle définitivement mort...?
    0
  12. HNTS
     
    Petit soucis : J'ai suivi les dernières instructions, ne reste plus que l'analyse "Kaspersky" qui arrivera sous peu. En revanche j'ai donc un petit problème, c'est-à-dire que j'ai fait le scan, supprimé les log', générer le rapport, sauf que quand j'ai supprimer les outils, fichiers, rapports manuellement, j'ai supprimé celui de TC ! Je suppose que ce ne pose aucun soucis, mais je préfère quand même le signaler.

    Je post donc le rapport Kasp' et Hijackthis, une fois analysée !
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      Salut,

      pas grave pour le rapport de ToolsCleaner2 ... passes à la suite ...;)
      -1
  13. HNTS
     
    Salut,

    Voici donc le rapport de Kasp'

    Wednesday, October 15, 2008 5:42:54 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 15/10/2008
    Enregistrements dans la base antivirus Kaspersky : 1174860
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai
    Cible de l'analyse Poste de travail
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    Statistiques de l'analyse
    Total d'objets analysés 108147
    Nombre de virus trouvés 1
    Nombre d'objets infectés 2 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:07:04

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\CyberLink\BDNAV\BRF.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_1007817839_1638400_627 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_1007817839_851968_654 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE2.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE3.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{A5882878-9CAC-46C1-83AB-00FB395C1581}.TmpSBE L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{E3875918-772C-48FC-A110-C7E9DFAE2DCA}.TmpSBE L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\ApplicationHistory\SysMonitor.exe.49302a1.ini.inuse L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2008-09 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2008-09-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2008-10 L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2008-10-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Feeds\Suggested Sites~.feed-ms L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Feeds\Web Slice Gallery~.feed-ms L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5DF4E3FC-9ABB-11DD-A287-0015583A264A}.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{711AC6C9-9ABB-11DD-A287-0015583A264A}.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Historique\History.IE5\MSHist012008101520081016\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\etilqs_fLesdUPDsRQjdNa L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\etilqs_KxCwMRT4hPBEeVu L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DF3334.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DF5129.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAE05.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAE19.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAEA5.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAEB9.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAFC7.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFAFDB.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFB093.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\temp\~DFE990.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Mes documents\My Received Files\DSC01497.zip/img091307-www.photoshop.com Infecté : Backdoor.Win32.DsBot.mv ignoré
    C:\Documents and Settings\JB\Mes documents\My Received Files\DSC01497.zip ZIP: infecté - 1 ignoré
    C:\Documents and Settings\JB\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\PrivacIE\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\JB\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.log L'objet est verrouillé ignoré
    C:\system volume information\_restore{E8B6E1F6-0706-4857-9F29-55797374A86C}\RP1\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{124C7ECF-4528-461E-B72C-F432B1559F7E}.crmlog L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\temp\Perflib_Perfdata_7ec.dat L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{E8B6E1F6-0706-4857-9F29-55797374A86C}\RP2\change.log L'objet est verrouillé ignoré
    Analyse terminée.
    0
  14. HNTS
     
    Rapport OTM :

    File/Folder C:\Documents and Settings\JB\Mes documents\My Received Files\DSC01497.zip not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10152008_185018

    Rapport HJT :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:04:53, on 15/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Vista Drive Icon\DrvIcon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\JB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\JB\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0
  15. HNTS
     
    La manip' pour la suppression de ComboFix, ne fonctionne pas !
    Est-ce que je procède à la suite ou pas ?
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      si combofix est toujours présent sur ton bureau , supprimes manuellement alors ( directe poubelle ) .


      Tu peux passer à la suite ...
      -1
  16. HNTS
     
    -->- Recherche:

    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\JB\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\JB\Bureau\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\JB\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\JB\Bureau\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    0
  17. HNTS
     
    Ok, tout à été effectuer, plus aucun soucis !

    Merci !
    0
  18. HNTS
     
    Merci bien ! ;-)

    En revanche, j'aurais une dernière question : Ca fait quelque temps que je cherche à remplacer mon thème vista actuel, (Bricopacks Vista Inspirat 2) par Vista Transformation Pack 8.0.1 (que je trouve bien plus aboutis) le problème c'est que j'ai déjà essayé de l'installer une fois, mais mon pc avait planté... Donc si tu pouvais me dire comment installer celui-ci...

    Même si cet question n'as pas vraiment sa place ici !
    0
    1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
       
      Même si cet question n'as pas vraiment sa place ici !

      -> tu as tout dis ! ^^

      comme ce n'est pas vraiment mon rayon , et pour plus d'efficaciter , je t'invites à poser un sujet
      sur le forum " Windows " :
      http://www.commentcamarche.net/forum/forum 11 windows

      Faut bien faire bosser un peu les collègues ... :))))

      Bonne chance ... A+ =)
      -1
  19. HNTS
     
    Déjà poster... ;-)

    Par contre dernière question : (oui dernière :-)) ) A chaque démarrage d'un programme t-elle que msn ou autre, une fenêtre de Online Armor s'ouvre, donc comment autoriser les prog' dans Armor ?

    Merci !
    0
  20. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Salut ,

    infecté ... ^^

    commences par ceci :

    Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
    -1
  21. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut

    Il me semblait bien... Voici :
    
    
    
    
    -----------\\ ToolBar S&D 1.2.2 XP/Vista
    
    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : JB ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total : 113 Go Free : 26 Go
    D:\ (Local Disk) - FAT32 - Total : 113 Go Free : 50 Go
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (CD or DVD)
    K:\ (CD or DVD)
    
    "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
    Option : [1] ( 14/10/2008|18:44 )
    
    -----------\\ Recherche de Fichiers / Dossiers ...
    
    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
    C:\Program Files\DAEMON Tools Toolbar\Resources
    C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    
    -----------\\ Extensions
    
    (JB) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
    (JB) - {D249FD00-4DF9-11D9-9FDC-0080481ADA61} => mpint
    (JB) - {f592709f-ff4a-4862-b659-4afabda56312} => mininova
    
    
    -----------\\ [..\Internet Explorer\Main]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
    
    
    --------------------\\ Recherche d'autres infections
    
    --------------------\\ Cracks & Keygens ..
    
    C:\DOCUME~1\JB\Bureau\gh3pc crack
    C:\DOCUME~1\JB\Bureau\gh3pc crack\aderk.com.url
    C:\DOCUME~1\JB\Bureau\gh3pc crack\hatred.exe
    C:\DOCUME~1\JB\Bureau\gh3pc crack\hatred.nfo
    C:\DOCUME~1\JB\Bureau\Sensation Black 2006 - 2CD\CD 2\Neophyte - Braincracking.mp3
    
    
    
    1 - "C:\ToolBar SD\TB_1.txt" - 14/10/2008|18:45 - Option : [1]
    
    -----------\\ Fin du rapport a 18:45:27,0


    +++

    -1
  • 1
  • 2