virtumondeFermé

Question

Bonjour,
quand je passe spybot, je vois qu'il lit un assez long moment des lignes intitulées "virtumonde dll". j'ai regardé un peu dans le forum de comment ca marche et j'ai passé HijackThis après l'avoir renommé en CCMexe. Voilà le résultat de scan. Pouvez vous me dire si mon pc est infecté et comment m'en débarrasser. Merci beaucoup d'avance. Je suis sous xp.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:21, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro\vk_service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\scvhost\svchost.exe
C:\WINDOWS\system32\wuauserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro\VirusKeeper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\X'nBeep 1.1\XnBeep.exe
C:\Program Files\CursorXP.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\DateInTray\DateInTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro\vk_watchop.exe
C:\Documents and Settings\Laurent\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurent\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurent\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurent\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Laurent\Bureau\CCM.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro\VirusKeeper.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Laurent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe (User 'Default user')
O4 - .DEFAULT Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe (User 'Default user')
O4 - .DEFAULT Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe (User 'Default user')
O4 - Startup: DateInTray.lnk = C:\Program Files\DateInTray\DateInTray.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Laurent\scriptjava.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.3dfunchal.com/resources/te/TE.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.clubic.com/components/Metaboli.ocx
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://axis_680446.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c981f2ac729e12) (gupdate1c981f2ac729e12) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro\vk_service.exe

gen-hackman · Answer

&#9654 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

&#9654 Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis l'option "L" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

flo-91 · Answer

Je laisse la main à gen-hackman :)


Bonne continuation.

fripouille68 · Answer

re bonjour, merci beaucoup pour vos réponses très rapides. c'est sympa. Flo 91 m'a demandé de télécharger COMBOFIX et de mettre le rapport. Le voici ;
ComboFix 09-12-26.04 - Laurent 27/12/2009  12:15:39.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1022.367 [GMT 1:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\ComboFix.exe
AV: VirusKeeper 2009 Pro antivirus *On-access scanning disabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\eula.txt
c:\documents and settings\David\Local Settings\Application Data\ygcgcuy.dat
c:\documents and settings\David\Local Settings\Application Data\ygcgcuy_nav.dat
c:\documents and settings\David\Local Settings\Application Data\ygcgcuy_navps.dat
c:\documents and settings\David\Local Settings\Application Data\ygqcygq.dat
c:\documents and settings\David\Local Settings\Application Data\ygqcygq_nav.dat
c:\documents and settings\David\Local Settings\Temporary Internet Files\TR010127481036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TR010178471036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TR011218611036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TR060894321036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TR061893791036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010127481036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010127991036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010128051036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010178471036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010219531036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT010808371036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT011218001036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT011218611036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT011433111036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT060894321036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT061061871036.gif
c:\documents and settings\David\Local Settings\Temporary Internet Files\TT061893791036.gif
c:\documents and settings\Laurent\Local Settings\Application Data\sgaflity.dat
c:\documents and settings\Laurent\Local Settings\Application Data\sgaflity_nav.dat
c:\documents and settings\Laurent\Local Settings\Application Data\sgaflity_navps.dat
c:\documents and settings\Laurent\winternet.exe
C:\LOG.TXT
c:\program files\GamesBar\obERontb.dll
c:\program files\INSTALL.LOG
c:\program files\webmediaplayer
c:\program files\webmediaplayeresources\languages.xml
c:\program files\webmediaplayeresources\webmedias
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\WebMediaPlayer.url
c:ecycler\S-1-5-21-2328322012-3734155301-851506153-1006(2)
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\Quarantine
c:\windows\pack.epk
c:\windows\patch.exe
c:\windows\system32\kmfejasuhs.dat
c:\windows\system32\kmfejasuhs_nav.dat
c:\windows\system32\kmfejasuhs_navps.dat
c:\windows\system32eboot.txt
c:\windows\system32\scvhost
c:\windows\system32\scvhost\svchost.exe
c:\windows\system32\usb2.exe
c:\windows\unins000.dat
c:\windows\unins000.exe

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((((((((   Fichiers créés du 2009-11-27 au 2009-12-27  ))))))))))))))))))))))))))))))))))))
.

2009-12-26 13:57 . 2009-12-26 13:57	--------	d-----w-	c:\documents and settings\Laurent\Application Data\Malwarebytes
2009-12-26 13:57 . 2009-12-03 15:14	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 13:57 . 2009-12-26 13:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 13:57 . 2009-12-03 15:13	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-12-26 13:57 . 2009-12-26 13:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-12-26 12:52 . 2009-12-26 12:54	--------	d-----w-	c:\program files\BHODemon 2
2009-12-26 10:10 . 2009-12-26 11:31	--------	d-----w-	C:\VundoFix Backups
2009-12-25 19:17 . 2009-12-25 19:17	--------	d-----w-	c:\documents and settings\David\Application Data\MyPhoneExplorer
2009-12-25 19:17 . 2009-12-25 19:17	--------	d-----w-	c:\program files\MyPhoneExplorer
2009-12-25 10:33 . 2008-03-21 12:57	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2009-12-23 08:43 . 2002-07-17 08:05	16512	----a-w-	c:\windows\system32\drivers\ASPI32.SYS
2009-12-23 08:43 . 2001-03-17 21:34	22528	----a-w-	c:\windows\system32\WNASPI32.DLL
2009-12-23 08:43 . 2009-12-23 08:44	--------	d-----w-	c:\program files\4Musics MP3 Bitrate Changer
2009-12-23 08:37 . 2009-02-03 17:01	364544	----a-w-	c:\windows\system32\MACDll.dll
2009-12-23 08:37 . 2009-01-19 17:39	246424	----a-w-	c:\windows\system32\unicows.dll
2009-12-23 08:37 . 2009-12-23 08:38	--------	d-----w-	c:\program files\Monkey's Audio
2009-12-17 15:35 . 2009-12-17 15:35	--------	d-s---w-	c:\documents and settings\NetworkService\Favoris
2009-12-16 16:34 . 2009-12-27 10:44	172	--sh--w-	c:\windows\system32\bootrun.reg
2009-12-16 16:34 . 2009-12-27 09:47	457	--sh--w-	c:\windows\system32\boothide.reg
2009-12-16 11:17 . 2009-12-25 20:16	--------	d-----w-	c:\documents and settings\David\Application Data\vlc
2009-12-09 10:56 . 2009-12-09 10:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\3DVIA
2009-12-09 10:56 . 2009-12-09 10:56	--------	d-----w-	c:\documents and settings\David\Local Settings\Application Data\3DVIA
2009-12-09 10:53 . 2007-07-19 17:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2009-12-09 10:53 . 2006-09-28 15:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2009-12-09 10:53 . 2009-12-09 10:53	--------	d-----w-	c:\windows\Logs
2009-12-09 10:53 . 2009-12-09 10:53	--------	d-----w-	c:\program files\Virtools
2009-12-05 12:14 . 2009-12-05 12:14	25512	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2009-12-05 12:14 . 2009-12-05 12:14	13224	----a-w-	c:\windows\system32\drivers\ggflt.sys
2009-12-05 12:14 . 2009-12-05 12:14	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2009-12-02 19:36 . 2009-12-25 12:36	--------	d-----w-	c:\documents and settings\Laurent\Application Data\vlc
2009-12-02 10:30 . 2009-12-02 10:30	--------	d-----w-	c:\documents and settings\David\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 10:30 . 2009-12-02 10:30	--------	d-----w-	c:\documents and settings\David\Application Data\app
2009-12-02 10:29 . 2009-12-02 10:47	--------	d-----w-	c:\documents and settings\David\Application Data\Dofus 2
2009-12-02 10:29 . 2009-12-02 10:29	--------	d-----w-	c:\documents and settings\David\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-02 09:48 . 2009-12-02 09:48	--------	d-----w-	c:\program files\Dofus 2
2009-12-02 09:36 . 2009-12-02 09:36	--------	d-----w-	c:\program files\Fichiers communs\MAGIX Shared
2009-12-02 09:36 . 2009-12-02 09:36	--------	d-----w-	c:\program files\MAGIX
2009-12-02 09:36 . 2007-04-27 09:43	120200	----a-w-	c:\windows\system32\DLLDEV32i.dll
2009-12-02 09:35 . 2009-12-02 09:36	--------	d-----w-	c:\windows\system32\MAGIX
2009-12-02 09:35 . 2007-06-19 15:26	667648	----a-w-	c:\windows\system32\mgxoschk.dll
2009-12-02 09:27 . 2009-12-02 09:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVS4YOU
2009-12-02 09:26 . 2009-12-02 09:31	--------	d-----w-	c:\documents and settings\David\Application Data\AVS4YOU
2009-12-02 09:26 . 2009-12-02 09:26	--------	d-----w-	c:\program files\AVS4YOU
2009-12-02 09:12 . 2009-12-05 12:13	--------	d-----w-	c:\program files\Sony Ericsson

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 11:34 . 2009-06-04 18:02	--------	d-----w-	c:\program files\GamesBar
2009-12-26 09:26 . 2009-11-12 16:05	--------	d-----w-	c:\program files\Mozilla Firefox 3.6 Beta 2
2009-12-26 09:26 . 2009-11-02 11:02	--------	d-----w-	c:\program files\Mozilla Firefox 3.6 Beta 1
2009-12-25 19:19 . 2006-12-12 15:50	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-12-25 10:34 . 2009-12-25 10:34	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-12-25 10:33 . 2009-12-25 10:33	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-23 08:42 . 2008-03-12 14:58	--------	d-----w-	c:\documents and settings\David\Application Data\foobar2000
2009-12-23 08:39 . 2008-03-12 14:58	--------	d-----w-	c:\program files\foobar2000
2009-12-22 21:16 . 2006-02-04 10:51	--------	d-----w-	c:\documents and settings\David\Application Data\Apple Computer
2009-12-21 10:11 . 2009-06-29 14:19	--------	d-----w-	c:\documents and settings\David\Application Data\dvdcss
2009-12-16 16:41 . 2008-01-06 16:58	--------	d-----w-	c:\program files\DivX
2009-12-16 16:40 . 2009-10-17 16:11	--------	d-----w-	c:\program files\Fichiers communs\DivX Shared
2009-12-16 07:07 . 2005-12-11 09:12	530984	----a-w-	c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 07:05 . 2009-04-10 16:43	8224	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-14 19:16 . 2005-11-09 19:02	530984	----a-w-	c:\documents and settings\Laurent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 17:11 . 2004-08-20 10:24	592376	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-11 17:11 . 2004-08-20 10:24	118714	----a-w-	c:\windows\system32\perfc00C.dat
2009-12-06 11:10 . 2008-12-07 19:38	--------	d-----w-	c:\documents and settings\Laurent\Application Data\dvdcss
2009-12-02 10:51 . 2008-03-29 10:27	308628	---ha-w-	c:\windows\system32\mlfcache.dat
2009-12-02 09:26 . 2007-07-08 09:38	--------	d-----w-	c:\program files\Fichiers communs\AVSMedia
2009-11-28 16:18 . 2009-05-13 18:25	1118	----a-w-	c:\documents and settings\Laurent\errorlog.tmp
2009-11-28 13:15 . 2009-06-24 17:08	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-11-28 12:12 . 2005-11-05 17:35	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-11-27 17:45 . 2005-11-05 17:31	--------	d-----w-	c:\program files\Java
2009-11-25 16:48 . 2007-05-29 18:04	--------	d-----w-	c:\program files\Opera
2009-11-16 14:37 . 2009-01-24 14:00	--------	d-----w-	c:\program files\Safari
2009-11-16 14:31 . 2009-11-16 14:30	--------	d-----w-	c:\program files\iTunes
2009-11-16 14:31 . 2009-11-16 14:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-16 14:30 . 2009-11-16 14:30	--------	d-----w-	c:\program files\iPod
2009-11-16 14:30 . 2007-08-12 16:05	--------	d-----w-	c:\program files\Fichiers communs\Apple
2009-11-16 14:26 . 2009-11-16 14:25	--------	d-----w-	c:\program files\QuickTime
2009-11-14 00:47 . 2009-11-14 00:47	90112	----a-w-	c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47	696320	----a-w-	c:\windows\system32\DivX.dll
2009-11-13 19:41 . 2009-11-11 14:05	--------	d-----w-	c:\program files\Zylom Games
2009-11-13 19:39 . 2009-11-13 19:36	--------	d-----w-	c:\program files\Zumas Revenge! - Adventure
2009-11-13 19:31 . 2007-03-28 14:27	--------	d-----w-	c:\program files\RealArcade
2009-11-11 14:05 . 2009-11-11 14:05	--------	d-----w-	c:\documents and settings\Laurent\Application Data\Zylom
2009-11-10 15:58 . 2009-11-10 15:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\PhotoMail
2009-11-10 15:58 . 2009-11-10 15:58	--------	d-----w-	c:\program files\PhotoMail Maker
2009-11-10 15:56 . 2005-11-09 19:44	--------	d-----w-	c:\program files\IncrediMail
2009-11-09 16:07 . 2009-11-09 16:07	--------	d-----w-	c:\program files\CFWebAdvancedU
2009-11-09 15:59 . 2009-03-27 10:33	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-11-04 08:20 . 2005-11-09 19:29	--------	d-----w-	c:\program files\Google
2009-11-01 20:19 . 2008-11-10 19:09	--------	d-----w-	c:\program files\Radio Fr Solo
2009-10-31 14:27 . 2005-11-15 17:11	--------	d-----w-	c:\program files\Microsoft Games
2009-10-31 14:26 . 2007-12-10 13:00	--------	d-----w-	c:\program files\Dofus
2009-10-31 14:24 . 2009-02-14 07:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skyline
2009-10-31 14:21 . 2009-10-26 16:44	--------	d-----w-	c:\documents and settings\Laurent\Application Data\MagicBall4
2009-10-31 14:17 . 2006-08-14 13:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\PlayFirst
2009-10-31 14:11 . 2005-11-30 18:19	--------	d-----w-	c:\program files\BoontyGames
2009-10-29 07:42 . 2004-08-20 10:24	916480	----a-w-	c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-20 10:24	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-20 10:23	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00	265728	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-17 08:42 . 2009-10-17 08:42	1607184	----a-w-	c:\windows\system32\Aquarium Exotique.scr
2009-10-13 10:33 . 2004-08-20 10:23	271360	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-20 10:24	79872	----a-w-	c:\windows\system32aschap.dll
2009-10-12 13:39 . 2004-08-20 10:24	150528	----a-w-	c:\windows\system32astls.dll
2009-10-11 03:17 . 2008-11-28 09:21	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-08-11 05:50 . 2009-08-11 05:50	15098	----a-w-	c:\program files\license.rtf
2009-08-11 05:30 . 2009-08-11 05:30	4012328	----a-w-	c:\program files\opera.dll
2009-08-11 05:30 . 2009-08-11 05:30	121128	----a-w-	c:\program files\opera.exe
2009-08-11 05:26 . 2009-08-11 05:26	20480	----a-w-	c:\program files\OUniAnsi.dll
2009-08-11 05:26 . 2009-08-11 05:26	653419	----a-w-	c:\program files\encoding.bin
2009-07-16 13:13 . 2009-06-18 17:15	168	----a-w-	c:\program files\operaprefs_default.ini
2009-06-17 13:41 . 2009-06-17 13:41	3870	----a-w-	c:\program files\lngcode.txt
2008-06-09 09:17 . 2008-06-09 09:17	301	----a-w-	c:\program files\c3nform.vxml
2006-03-29 10:14 . 2002-12-08 18:04	108	----a-w-	c:\program files\Mess with MSN Messenger  skins, nicknames, add-ons, bots and secrets.url
2006-03-29 10:14 . 2001-10-03 20:22	161	----a-w-	c:\program filesead1st.txt
2004-02-26 12:35 . 2004-02-26 12:35	7904	----a-w-	c:\program files\html40_entities.dtd
1999-12-09 09:19 . 2006-01-02 15:34	147456	----a-w-	c:\program files\Zip32.dll
2006-09-01 10:54 . 2006-09-02 12:44	7168	--sh--w-	c:\windows\system32\wuauserv.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 5158A1C542A355B3A67E59538BBD894D . 3200000 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 5158A1C542A355B3A67E59538BBD894D . 3200000 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-05 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20	279944	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-20 67128]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2006-11-19 319532]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-11-10 280008]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 1067520]
"CursorXP"="c:\program files\CursorXP.exe" [2005-01-19 128000]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-18 630784]
"Google Update"="c:\documents and settings\Laurent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"Cld2000.exe"="c:\program files\Calendrier\Cld2000.exe" [2009-04-16 2993664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"dla"="c:\windows\system32\dla	fswctrl.exe" [2005-05-31 122941]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"VirusKeeper"="c:\program files\AxBx\VirusKeeper 2009 Pro\VirusKeeper.exe" [2009-09-22 3768688]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\David\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\David\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\Laurent\Menu D‚marrer\Programmes\D‚marrage\
DateInTray.lnk - c:\program files\DateInTray\DateInTray.exe [2005-12-12 78848]
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2009-10-8 654336]

c:\documents and settings\David\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-5-14 344064]
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-9-30 131072]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-9-29 90112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
2006-11-19 12:23	319532	----a-w-	c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 12:53	169264	----a-w-	c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-disabled]
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\IncrediMail\bin\IMApp.exe"=
"c:\Program Files\IncrediMail\bin\IncMail.exe"=
"c:\Program Files\IncrediMail\bin\ImpCnt.exe"=
"c:\Documents and Settings\Laurent\Menu Démarrer\Programmes\IncrediMail\bin\ImpCnt.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Documents and Settings\Laurent\Menu Démarrer\Programmes\IncrediMail\bin\ImLc.exe"=
"c:\Documents and Settings\Laurent\Menu Démarrer\Programmes\IncrediMail\bin\ImPackr.exe"=
"c:\Program Files\Magentic\bin\MgImp.exe"=
"c:\Program Files\Magentic\bin\Magentic.exe"=
"c:\Program Files\Magentic\bin\MgApp.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Documents and Settings\Laurent\Menu Démarrer\Programmes\IncrediMail\bin\IncrediMail_Install.exe"=
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=
"c:\Program Files\Codemasters\Worms 4 Mayhem Demo\Worms 4 Mayhem Demo.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Commandos II\comm2.exe"=
"c:\Program Files\The All-Seeing Eye\eye.exe"=
"c:\Program Files\Opera\Opera.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\SopCast\SopCast.exe"=
"c:\Program Files\SopCast\adv\SopAdver.exe"=
"c:\Documents and Settings\David\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"=
"c:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"=
"c:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\Mindscape\Mission Président - Geo-Political Simulator\MISSION.EXE"=
"c:\Program Files\Ivicam\backsurvey.exe"=
"c:\Program Files\Icecast2 Win32\Icecast2win.exe"=
"c:\Program Files\SHOUTcast\sc_serv.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\QuickTime\QuickTimePlayer.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\WINDOWS\system32\rtcshare.exe"=
"c:\Program Files\NetMeeting\conf.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\Program Files\Sony Ericsson\Update Service\Update Service.exe"=
"c:\WINDOWS\system32\wuauserv.exe"=
"c:\WINDOWS\system32\tftp.exe"=

R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 02:27 29262680]
R2 vkservice;VirusKeeper antivirus/antispyware;c:\program files\AxBx\VirusKeeper 2009 Pro\vk_service.exe [22/05/2008 14:27 1119576]
S2 gupdate1c981f2ac729e12;Google Update Service (gupdate1c981f2ac729e12);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2009 10:19 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [23/12/2009 09:43 16512]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [11/11/2005 10:13 95232]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [05/12/2009 13:14 13224]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
pf.sys [06/11/2007 21:22 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2009-03-08 02:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.incredimail.com/
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.cherche.us/keyword/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.fr/myway
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Recherche avec cherche.us - c:\documents and settings\Laurent\scriptjava.html
Trusted Zone: chat-land.org
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://m6video.m6.fr/1click/install/files/installer2.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.3dfunchal.com/resources/te/TE.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles
hizwkb4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=PMXMAS09FFAB&search=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Laurent\Local Settings\Application Data\Google\Update\1.2.183.13
pGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player
pdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin
pgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
p32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
ppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
ppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
prjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
prpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins
pyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
picdclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
predoute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins
pgcplug.dll
FF - plugin: c:\program files\Opera\program\plugins
pmio.dll
FF - plugin: c:\program files\Opera\program\plugins
pqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla
pracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player
pvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\Rawflow
picdclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-HijackThis - c:\documents and settings\Laurent\Bureau\HijackThis.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 12:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2732)
c:\program files\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.dll
c:\windows\system32
tshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\program files\CurXP0.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Heure de fin: 2009-12-27  13:11:06 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-12-27 12:11

Avant-CF: 74 687 811 584 octets libres
Après-CF: 80 209 203 200 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn /bootlogo

- - End Of File - - A99F3C0A9462297A2572057C292B05BA

fripouille68 · Answer

Voila maintenant le rapport après le scan de ad-remover, merci d'avance pour vos réponses.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:32:04, 27/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: FAMILLE | Utilisateur actuel: Laurent

Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\DOCUME~1\Laurent\APPLIC~1\Mozilla\FireFox\Profiles
hizwkb4.default\searchplugins\ask.xml 
C:\Program Files\Mozilla FireFox\Components\AskSearch.js 
C:\Program Files\AskBarDis 
C:\Program Files\eoRezo 
C:\Program Files\GamesBar 
C:\Program Files\Trymedia 
C:\Program Files\Viewpoint 
C:\DOCUME~1\Laurent\APPLIC~1\EoRezo 
C:\DOCUME~1\Laurent\APPLIC~1\Viewpoint 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 
C:\Documents and Settings\David\Application Data\EoRezo 
C:\Documents and Settings\David\Local Settings\Application Data\SHOUTcast Radio Toolbar\ieToolbar 
C:\Documents and Settings\David\Menu D‚marrer\Programmes\WebMediaPlayer 

(!) -- Fichiers temporaires supprimés.
 
.
HKCU\software\appdatalow\AskBarDis
HKCU\software\EoRezo
HKCU\software\GamesBar
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\software\AskBarDis
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\software\EoRezo
HKLM\software\GamesBar
HKLM\software\GamesBarSetup
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\software\Trymedia Systems
HKLM\software\Viewpoint
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
 Nom du profil: nhizwkb4.default (Laurent)
.
(Laurent, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Laurent\Bureau
(Laurent, prefs.js) Browser.search.defaultenginename, MyStart Rechercher
(Laurent, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(Laurent, prefs.js) Browser.search.selectedEngine, Google
(Laurent, prefs.js) Browser.startup.homepage, hxxp://mystart.incredimail.com/
(Laurent, prefs.js) Extensions.enabledItems, fsonlinescanner@f-secure.com:1.01,splash@aldreneo.com:2.0.2,{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(Laurent, prefs.js) Keyword.URL, hxxp://mystart.incredimail.com/?loc=PMXMAS09FFAB&search=
(Laurent, prefs.js) Privacy.popups.showBrowserMessage, false
. 
(Laurent, prefs.js) EFFACE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q={searchTerms}&crm=1
. 
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://mystart.incredimail.com/
Use Search Asst: no
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: e6d4383bb91eca01
Start Page Redirect Cache AcceptLangs: fr
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Laurent\Local Settings\Application Data\Opera\Opera\profile\cache4	emporary_download\flock_patch_v1_03.zip
C:\Documents and Settings\Laurent\Mes documents\Mises … jour de programme t‚l‚charg‚es\Dell Paint Shop Photo Album 5\MyPublisher Update for Paint Shop Photo Album 5\PSPA_MyPublisherPatch_French.exe
.
===================================
.
6261 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
0 Fichier(s) - C:\DOCUME~1\Laurent\LOCALS~1\Temp 
2 Fichier(s) - C:\WINDOWS\Temp 
0 Fichier(s) - C:\WINDOWS\Prefetch 
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
224 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 13:57:35 | 27/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

gen-hackman · Answer

bien desinstalle AD-Remover


&#9654 télécharge LOP S&D sur ton Bureau.

&#9654 Double-clique dessus pour lancer l'installation
&#9654 Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
&#9654 Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
&#9654 Patiente jusqu'à la fin du scan

&#9654 Poste le rapport généré (C:\lopR.txt)

fripouille68 · Answer

Quand je clique sur ton lien voilà le message qui apparait :

The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

gen-hackman · Answer

desactive ton antivirus pour le telecharger

gen-hackman · Answer

Télécharge Navilog1 depuis-ce lien

&#9654 Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
&#9654 Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

&#9654 Au menu principal, Fais le choix 1 >>  Recherche / suppression automatique 

Patiente jusqu'au message :
*** Analyse Termine le ..... *** 

>>>>> Le fix peut durer une dizaine de minutes ;)

&#9654 Appuie sur une touche le bloc note va s'ouvrir.

&#9654 Copie-colle le rapport ici.

gen-hackman · Answer

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654 dans la colonne de gauche , mets tout sur all

ne modifie pas ceci : 

"files created whithin" et "files modified whithin" 

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt".

gen-hackman · Answer

peux-tu repasser AD-Remover option "L" en mode sans echec stp ?

gen-hackman · Answer

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

&#9654 Télécharge et installe List&Kill'em et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

gen-hackman · Answer

&#9654 Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre 

&#9654 colle le contenu dans ta reponse

gen-hackman · Answer

&#9654 Télécharge : Gmer (by Przemyslaw Gmerek)


&#9654 Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

&#9654 sur les lignes rouge:

&#9654 Services:cliques droit delete service
&#9654 Process:cliques droit kill process
&#9654 Adl ,file:cliques droit delete files

gen-hackman · Answer

salut

desole pris par les travaux ^^


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



&#9654 Télécharge :

Malwarebytes  

ou  :

Malwarebytes

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

gen-hackman · Answer

tu as reessayé des cracks entre temps ?

gen-hackman · Answer

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=-
"LogitechSoftwareUpdate"=-
"swg"=-
"IncrediMail"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=-
"SigmatelSysTrayApp"=-
"LVCOMSX"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"iTunesHelper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=-
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=-
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF]
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

gen-hackman · Answer

hello desinstalle ASToolbar , Ask.com puis 

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654 dans la colonne de gauche , mets tout sur all

ne modifie pas ceci : 

"files created whithin" et "files modified whithin" 

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt".

gen-hackman · Answer

tu n'as pas ceci ?

c:\program files\Ask.com

gen-hackman · Answer

&#9654 Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau. 

&#9654-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
 
&#9654-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe 

&#9654- Coche la case devant : sites de confiance

&#9654- Ne coche aucune autre case 

&#9654-Clique sur Restaurer 

&#9654-Redémarre ton PC

ensuite :

&#9654 Double clic sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKU\S-1-5-21-2328322012-3734155301-851506153-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..browser.search.order.1: "Ask"
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-2328322012-3734155301-851506153-1006\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2328322012-3734155301-851506153-1006\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Laurent\scriptjava.html ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} http://m6video.m6.fr/1click/install/files/installer2.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} https://www.oracle.com/java/technologies/ (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 279 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3759076
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20FFCF0B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59846E5E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278

:files
C:\Documents and Settings\Laurent\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\WINDOWS	asks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\System32\scvhost.ini
C:\Documents and Settings\Administrator\Application Data\21cnPPS
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\humyo.com
C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\Documents and Settings\David\Application Data\app
C:\Documents and Settings\David\Application Data\AskToolbar
C:\Documents and Settings\David\Application Data\www.TheXSoft.com
C:\Documents and Settings\Laurent\Application Data\gemsweeperextractedgfx

:commands
[emptytemp]
[start explorer]
[reboot]


&#9654 Clique sur RunFix pour lancer la suppression.


&#9654 Poste le rapport.

gen-hackman · Answer

quels soucis persistent ?

gen-hackman · Answer

mets un rapport spybot stp

gen-hackman · Answer

oui

gen-hackman · Answer

non mets le rapport que tu as eu avec tous les virtumonde

gen-hackman · Answer

il y a un chemin donné ?

gen-hackman · Answer

tu peux me dire ce qui est ecrit ?

gen-hackman · Answer

il n y a pas ecrit que ca??

gen-hackman · Answer

▶ Télécharge Dr Web CureIt sur ton Bureau : ▶ redemarre en mode sans échec ▶- Double clique (clic droit "en tant qu'admin" sous Vista) et ensuite clique sur ; ▶- Clique à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton . Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X". ▶- Lorsque le scan rapide est terminé, clique sur le menu puis ; Choisis l'onglet , et décoche . Clique ensuite sur . ▶- De retour à la fenêtre principale : clique pour activer ▶- Clique le bouton avec flèche verte sur la droite, et le scan débutera. ▶- Clique pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter". ▶- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône , au dessous, et choisis . ▶- Du menu principal de l'outil, au haut à gauche, clique sur le menu et choisis . Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv ▶- Ferme Dr.Web Cureit ▶- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage). ▶- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

James88 · Answer

Virtumonde est un virus spyware. voir comment l'enlever à
http://www6.techvts.com/?tdfs=1&searchbox=1&showDomain=1

gen-hackman · Answer

fripouille fais DRWeb comme indiqué plus haut stp et n'ecoute pas les autres sinon ce que je fais ne sert a rien

gen-hackman · Answer

ok quand tu veux no souci

Virtumonde

30 réponses

Discussions similaires

Newsletters