Salut,

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Florian at 2009-03-19 09:58:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 84 GB (54%) free of 156 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:22, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\fxsteller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Florian\LOCALS~1\Temp\~e5.0001
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\DOCUME~1\Florian\LOCALS~1\Temp\jre-6u12-windows-i586-p-if­tw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Florian\Mes documents\Document Flo\RSIT.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\Florian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxsteller.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Cfaciduh] rundll32.exe "C:\WINDOWS\Bhonoxevu.dll",e
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [memo soap] C:\DOCUME~1\Florian\APPLIC~1\REALSI~1\mess beep.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB7AE95-D1AD-455D-80A4-90722910EB3E}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
End of file - 10942 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-06-30 707376]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"DNSE"=C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe -c []
"DC6V_Check"=C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe []
"OPTENET_GUI"=C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe [2007-10-17 397352]
"C-Media Mixer"=Mixer.exe /startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"Windows UDP Control Center"=C:\WINDOWS\fxsteller.exe [2009-03-17 48690]
"Framework Windows"=C:\WINDOWS\system32\frmwrk32.exe [2009-03-18 27648]
"Cfaciduh"=C:\WINDOWS\Bhonoxevu.dll [2009-03-18 40448]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DC6V_Check"=C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-08 1410296]
"memo soap"=C:\DOCUME~1\Florian\APPLIC~1\REALSI~1\mess beep.exe []
"amva"=C:\WINDOWS\system32\amvo.exe []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Florian\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\EA GAMES\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe:*:Disabled:BF1942"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8f050a-77f8-11dc-9d88-0013d4f70cd6}]
shell\Auto\command - cmd /C launch.bat
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b02272b-2759-11dc-8abb-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b24b5f1-27c9-11dc-9c78-021122338171}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5e64d4-ed2b-11dc-9eee-0013d4f70cd6}]
shell\AutoRun\command - h0s2.bat
shell\explore\command - h0s2.bat
shell\open\command - h0s2.bat


======List of files/folders created in the last 1 months======

2009-03-19 09:58:12 ----DC---- C:\rsit
2009-03-19 09:04:57 ----AC---- C:\gtb.exe
2009-03-19 08:29:34 ----AC---- C:\rapport_01.txt
2009-03-19 08:27:14 ----A---- C:\WINDOWS\system32\tmp.txt
2009-03-19 08:27:09 ----AC---- C:\rapport.txt
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\swsc.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\swreg.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\Process.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-03-19 08:26:20 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-03-19 08:16:22 ----A---- C:\WINDOWS\system32\ntdll64.exe
2009-03-18 20:36:23 ----AC---- C:\FindyKill_rapport truc 3.txt
2009-03-18 20:35:02 ----AC---- C:\FindyKill.txt
2009-03-18 20:34:14 ----AC---- C:\FindyKill_rapport truc 2.txt
2009-03-18 20:15:51 ----AC---- C:\FindyKill_rapport truc.txt
2009-03-18 19:55:17 ----D---- C:\Program Files\FindyKill
2009-03-18 19:49:19 ----D---- C:\Program Files\Trend Micro
2009-03-18 19:41:09 ----D---- C:\Documents and Settings\Florian\Application Data\Talkback
2009-03-18 15:57:17 ----A---- C:\WINDOWS\Bhonoxevu.dll
2009-03-18 15:57:14 ----A---- C:\WINDOWS\system32\KuzSmall.exe
2009-03-18 15:36:29 ----A---- C:\WINDOWS\system32\frmwrk32.exe
2009-03-18 15:36:28 ----A---- C:\WINDOWS\system32\303369.exe
2009-03-18 15:31:25 ----AC---- C:\br.exe
2009-03-18 13:53:43 ----RSH---- C:\WINDOWS\fxsteller.exe
2009-03-11 22:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 22:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 22:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 22:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-05 18:48:23 ----D---- C:\Program Files\Safari
2009-03-05 18:44:04 ----D---- C:\Program Files\iPod
2009-03-05 18:43:51 ----D---- C:\Program Files\iTunes
2009-03-05 18:43:51 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-25 17:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-21 15:53:12 ----D---- C:\Program Files\AskBarDis
2009-02-21 15:53:07 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-21 15:52:56 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft
2009-02-21 15:52:56 ----D---- C:\Program Files\DVDVideoSoft

======List of files/folders modified in the last 1 months======

2009-03-19 09:55:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-19 09:53:37 ----D---- C:\Program Files\Mozilla Firefox
2009-03-19 09:08:47 ----D---- C:\WINDOWS\Temp
2009-03-19 08:55:00 ----D---- C:\WINDOWS\system32
2009-03-19 08:50:48 ----D---- C:\Program Files\Steam
2009-03-19 08:49:58 ----D---- C:\WINDOWS
2009-03-19 08:16:57 ----D---- C:\WINDOWS\system32\drivers
2009-03-19 08:15:44 ----D---- C:\WINDOWS\Prefetch
2009-03-18 20:59:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-18 20:34:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-18 19:55:17 ----RD---- C:\Program Files
2009-03-18 17:56:47 ----D---- C:\Program Files\Circle Developement
2009-03-18 17:24:05 ----D---- C:\Documents and Settings\Florian\Application Data\REAL SIZE DELETE
2009-03-18 15:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2009-03-18 15:37:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-18 15:36:46 ----A---- C:\WINDOWS\system32\userinit.exe
2009-03-18 15:35:51 ----D---- C:\WINDOWS\Minidump
2009-03-18 14:31:47 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-03-15 21:30:19 ----D---- C:\GPS
2009-03-13 20:10:39 ----RSD---- C:\WINDOWS\Fonts
2009-03-13 20:09:17 ----D---- C:\Program Files\Microsoft Games
2009-03-11 22:19:41 ----HD---- C:\WINDOWS\inf
2009-03-11 22:19:34 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 22:19:33 ----D---- C:\WINDOWS\WinSxS
2009-03-11 22:18:53 ----SHD---- C:\WINDOWS\Installer
2009-03-11 22:18:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-11 13:49:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-07 18:57:22 ----D---- C:\WINDOWS\system32\Macromed
2009-03-06 21:00:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-05 20:26:01 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-03-05 18:44:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-05 18:44:03 ----D---- C:\Program Files\Fichiers communs\Apple
2009-03-04 14:09:22 ----D---- C:\WINDOWS\system32\config
2009-02-27 13:53:46 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-21 15:52:56 ----D---- C:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-01 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2003-04-06 377358]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-06-30 1966256]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 61600]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter; C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys [2005-02-22 265984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 OPTENET_FILTER;Sécurité Enfants; C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe [2007-10-17 608744]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-21 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-03-18 201352]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

? Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

? Lance l'installation du programme en exécutant le fichier téléchargé.

? Double-clique maintenant sur le raccourci de Toolbar-S&D.

? Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

? Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

? Poste le rapport généré. (C:\TB.txt)

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : BIOS Date: 09/06/05 20:40:36 Ver: 08.00.09
USER : Florian ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090318-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:152 Go (Free:82 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 19/03/2009|10:08 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\PopSwatter
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\001B3EAB
C:\Program Files\AskBarDis\bar\Cache\001C3DDB
C:\Program Files\AskBarDis\bar\Cache\00530C60
C:\Program Files\AskBarDis\bar\Cache\00531E80.bin
C:\Program Files\AskBarDis\bar\Cache\005320D2.bin
C:\Program Files\AskBarDis\bar\Cache\00532382.bin
C:\Program Files\AskBarDis\bar\Cache\005325B4.bin
C:\Program Files\AskBarDis\bar\Cache\00532799.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\PopSwatter\History
C:\Program Files\AskBarDis\PopSwatter\History\allowed
C:\Program Files\AskBarDis\PopSwatter\History\notallow

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Fiona) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Florian) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Florian) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Florian) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

(joss-fred) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.google.fr/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\JOSS-F~1\APPLIC~1\SystemDoctor Free
C:\PROGRA~1\FICHIE~1\SystemDoctor
C:\PROGRA~1\SystemDoctor Free

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\keygen.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\NBR6302fra.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\nero6302.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\orion.nfo
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\plugingnero6.exe



1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009|10:12 - Option : [1]

-----------\\ Fin du rapport a 10:12:08,06

? Relance Toolbar-S&D en double-cliquant sur le raccourci.
? Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
? Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Pour le gestionnaire des taches, impossible de l'ouvrir, un message apparait et me dit que "l'administrateur l'a desactivé". Mais pourtant je ne l'ai pas désactivé...

?????????????????????????????

C'est quoi le problème là ?

J'ai pas compris réexplique stp

Lorsque j'appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches, il ne souvre pas et ce message apparait sur le bureau: "Le Gestionnaire des tâches a été désactivé par votre administrateur". Mais je suis administrateur et je n'ai pas désactivé le Gestionnaire de taches.

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : BIOS Date: 09/06/05 20:40:36 Ver: 08.00.09
USER : Florian ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090318-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:152 Go (Free:82 Go)
D:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 19/03/2009|10:18 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\PopSwatter
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Fiona) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Florian) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Florian) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Florian) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

(joss-fred) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.google.fr/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\DOCUME~1\JOSS-F~1\APPLIC~1\SystemDoctor Free
C:\PROGRA~1\FICHIE~1\SystemDoctor
C:\PROGRA~1\SystemDoctor Free

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\keygen.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\NBR6302fra.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\nero6302.exe
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\orion.nfo
C:\DOCUME~1\Florian\Mes documents\Document Flo\truc MP3\nero.ultra.edition.6.3.0.2.incl.keygenfft\plugingnero6.exe



1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009|10:12 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 19/03/2009|10:23 - Option : [2]

-----------\\ Fin du rapport a 10:23:30,00

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


▶ Je te conseille d'installer la console de récupération !!


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
-------------------------------------------------------------------------



* Télécharge Malwarebytes anti malware
* Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

ComboFix 09-03-18.01 - Florian 2009-03-19 10:48:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.159 [GMT 1:00]
Lancé depuis: c:\documents and settings\Florian\Mes documents\Document Flo\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090318-0] *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\SystemDoctor Free
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
c:\documents and settings\Florian\err.log
c:\documents and settings\Florian\ResErrors.log
c:\documents and settings\joss-fred\Application Data\SystemDoctor Free
c:\documents and settings\joss-fred\Application Data\SystemDoctor Free\Logs\update.log
c:\documents and settings\joss-fred\err.log
c:\documents and settings\joss-fred\Local Settings\Application Data\aikwk.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\aikwk_nav.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\aikwk_navps.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\ciiie_navfx.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\diees.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\diees_nav.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\diees_navps.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\oauqics_navfx.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\qikiawc.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\qikiawc_nav.dat
c:\documents and settings\joss-fred\Local Settings\Application Data\qikiawc_navps.dat
c:\documents and settings\joss-fred\ResErrors.log
c:\program files\Fichiers communs\SystemDoctor
c:\program files\Fichiers communs\SystemDoctor\err.log
c:\windows\Bhonoxevu.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\303369.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\init32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthbwimainljjbleuxakdrxwhyutkixexwk.d­ll
c:\windows\system32\ovfstheymfbdibmlwmkloodqpuxxyvjoowweqv.d­ll
c:\windows\system32\ovfsthftutctrnvmswhyxrdmuytbcvcfxetoof.d­ll
c:\windows\system32\ovfsthlharbwsnmdmeblwipgopicgbqiovydrw.d­ll
c:\windows\system32\ovfsthoqmgieifybgphagbguwxnkylttxvsbse.d­ll
c:\windows\system32\ovfsthuckkyfydsxlvedvvgvmncrmttiltvenb.d­ll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe

----- BITS: Il y a peut-être des sites infectés -----

hxxp://sunmicro.ht.rd.llnw.net
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir/COL­OR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthrrpdqvdnostypasikltfqppjwswwkmos
-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))
.

2009-03-19 10:39 . 2009-03-19 10:40 <REP> d----c--- C:\32788R22FWJFW
2009-03-19 10:08 . 2009-03-19 10:23 <REP> d----c--- C:\ToolBar SD
2009-03-19 09:58 . 2009-03-19 09:58 <REP> d----c--- C:\rsit
2009-03-19 09:04 . 2009-03-19 10:34 112,640 --a--c--- C:\gtb.exe
2009-03-19 08:22 . 2009-03-19 08:55 43 --a------ c:\windows\system32\ovfsthxeaufkqpypikkiqjdvwpqyrtfwffkqsd.dat
2009-03-19 08:16 . 2009-03-19 08:16 71,680 --a------ c:\windows\system32\drivers\xtfdtipymstporen.sys
2009-03-19 08:16 . 2009-03-19 10:22 3,353 --a------ c:\windows\system32\ovfsthalvsptvbmycbpjbchpfohajikgskueav.dat
2009-03-18 19:55 . 2009-03-18 20:35 <REP> d-------- c:\program files\FindyKill
2009-03-18 19:49 . 2009-03-18 19:49 <REP> d-------- c:\program files\Trend Micro
2009-03-18 19:41 . 2009-03-18 19:41 <REP> d-------- c:\documents and settings\Florian\Application Data\Talkback
2009-03-18 15:57 . 2009-03-18 15:57 40,448 --a------ c:\windows\system32\KuzSmall.exe
2009-03-18 15:41 . 2009-03-18 15:41 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Talkback
2009-03-18 15:34 . 2009-03-18 16:00 43 --a------ c:\windows\system32\ovfsthsfvpyurbqbwulqeetagwrrvicykvdnos.dat
2009-03-18 15:31 . 2009-03-18 15:57 1,516 --a--c--- C:\br.exe
2009-03-18 15:27 . 2009-03-18 16:00 5,865 --a------ c:\windows\system32\ovfsthlqcwyexyjaotmdcxxdnteppjxcbsitcp.dat
2009-03-18 13:53 . 2009-03-17 20:13 48,690 -r-hs---- c:\windows\fxsteller.exe
2009-03-05 18:48 . 2009-03-05 18:48 <REP> d-------- c:\program files\Safari
2009-03-05 18:44 . 2009-03-05 18:44 <REP> d-------- c:\program files\iPod
2009-03-05 18:43 . 2009-03-05 18:44 <REP> d-------- c:\program files\iTunes
2009-03-05 18:43 . 2009-03-05 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-21 15:53 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-02-21 15:52 . 2009-02-21 15:53 <REP> d-------- c:\program files\Fichiers communs\DVDVideoSoft
2009-02-21 15:52 . 2009-02-21 15:52 <REP> d-------- c:\program files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 10:01 --------- d-----w c:\program files\Steam
2009-03-18 16:56 --------- d-----w c:\program files\Circle Developement
2009-03-18 16:39 --------- d-----w c:\documents and settings\joss-fred\Application Data\REAL SIZE DELETE
2009-03-18 16:24 --------- d-----w c:\documents and settings\Florian\Application Data\REAL SIZE DELETE
2009-03-18 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\Proxy Long Chin Ping
2009-03-18 13:32 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-14 10:10 --------- d-----w c:\documents and settings\Fiona\Application Data\Apple Computer
2009-03-13 19:09 --------- d-----w c:\program files\Microsoft Games
2009-03-11 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-05 17:44 --------- d-----w c:\program files\Fichiers communs\Apple
2009-02-27 12:53 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-18 10:13 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 19:33 --------- d-----w c:\program files\QuickTime
2009-02-14 19:25 --------- d-----w c:\program files\Bonjour
2009-01-15 21:07 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-15 21:07 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-15 21:07 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-15 21:07 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-15 21:07 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-27 18:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"VX3000"="c:\windows\vVX3000.exe" [2006-06-30 707376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPTENET_GUI"="c:\program files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe" [2007-10-17 397352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 c:\windows\SOUNDMAN.EXE]
"C-Media Mixer"="Mixer.exe" [2003-04-06 c:\windows\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Fiona\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-19 152616]

c:\documents and settings\Florian\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-19 152616]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
R2 OPTENET_FILTER;Sécurité Enfants;c:\program files\Telecom Italia France\Securite Enfants\bin\optproxy.exe [2007-10-17 608744]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2008-02-09 61600]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8f050a-77f8-11dc-9d88-0013d4f70cd6}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b24b5f1-27c9-11dc-9c78-021122338171}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5e64d4-ed2b-11dc-9eee-0013d4f70cd6}]
\Shell\AutoRun\command - h0s2.bat
\Shell\explore\Command - h0s2.bat
\Shell\open\Command - h0s2.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-19 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-memo soap - c:\docume~1\Florian\APPLIC~1\REALSI~1\mess beep.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Telecom Italia France\Securite Enfants\bin\lsp.dll
TCP: {FFB7AE95-D1AD-455D-80A4-90722910EB3E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Florian\Application Data\Mozilla\Firefox\Profiles\[u]0/uc4wh6e7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13166&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 11:01:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\searchindexer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\documents and settings\Florian\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-03-19 11:06:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-19 10:06:11

Avant-CF: 88,717,967,360 octets libres
Après-CF: 91,389,239,296 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect

262 --- E O F --- 2009-03-15 21:37:07

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:58, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPTENET_GUI] C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Florian\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB7AE95-D1AD-455D-80A4-90722910EB3E}: NameServer = 192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
End of file - 10072 bytes

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1868
Windows 5.1.2600 Service Pack 3

19/03/2009 12:21:02
mbam-log-2009-03-19 (12-21-02).txt

Type de recherche: Examen complet (A:\|C:\|)
Eléments examinés: 200090
Temps écoulé: 1 hour(s), 0 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Bureau\IMG000230090310-GIF(2).EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Bureau\IMG000230090310-GIF(3).EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Bureau\IMG000230090310-GIF.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c4wh6e7.default\Cache\12109F15d01 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c4wh6e7.default\Cache\4B440C87d01 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c4wh6e7.default\Cache\6355ABD7d01 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florian\Local Settings\Application Data\Mozilla\Firefox\Profiles\0c4wh6e7.default\Cache\A9B7E3F3d01 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\SystemDoctor Free\st.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

Merci beaucoup, j'ai l'impression qu'il n'y a plus de problemes. J'espere que le probleme est entierement résolu. Merci encore.

Et dis le moi si je dois encore faire des manips ou si c'est bon.

Bien... la suite :

Tu es infecté par l'adware navipromo :

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)


Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)

* La console noire de Navilog1 doit s’ouvrir après l’installation
* Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
* Appuie sur la lettre F de ton clavier puis sur la touche Entrée
* Appuie sur une touche de ton clavier pour continuer...
* Tape 1, puis appuie sur la touche Entrée de ton clavier
* Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
* NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
* Sois patient, cela peut prendre une dizaine de minutes
* Navilog1 t’informe que la recherche est terminée
* Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
* Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
* Poste le rapport généré


après : (merci sherred)

▶Télécharge l'outil sUBs) et enregistre le sur ton bureau :
(c est le numéro 12 en bas de la page) :

▶Double clique sur Flash_Disinfector.exe pour l'exécuter.


▶Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :

▶Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.

▶Puis clic sur Ok [*] Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!]

Mes rapports passe pas j'ai fais une alerte au modo, pas de nouvelle ...

Bonjour

Ton rapport n'était pas passé à cause d'un lien blacklisté qu'il contient....

D'autre part, le lien que tu mets pour télécharger Flash Desinfector n'aboutit à rien.

Le bon lien est celui-ci :

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.­exe