Virus sur mon pc

Bonjour,

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

Ferme toutes les applications en cours y compris le navigateur.

Double-clique sur AD-R situé sur ton Bureau pour le lancer.

Choisis Nettoyer puis valide.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:01:15 le 16/02/2002, Mode normal

Microsoft Windows XP Édition familiale Service Pack 2 (X86)
karine@PARAT-X7TFEBQEF ( )

============== RECHERCHE ==============





============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [3.6.13 (fr)] ****

Plugins\libvlc.dll (?)
Plugins\np32dsw.dll (Adobe Systems, Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\npGoogleGadgetPluginFirefoxWin.dll (?)
Plugins\npqtplugin.dll (Apple Computer, Inc.)
Plugins\npqtplugin2.dll (Apple Computer, Inc.)
Plugins\npqtplugin3.dll (Apple Computer, Inc.)
Plugins\npqtplugin4.dll (Apple Computer, Inc.)
Plugins\npqtplugin5.dll (Apple Computer, Inc.)
Plugins\npqtplugin6.dll (Apple Computer, Inc.)
Plugins\npqtplugin7.dll (Apple Computer, Inc.)
Plugins\npvlc.dll (VideoLAN Team)
HKLM_MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0 (x)
HKLM_MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0 (x)
HKLM_MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0 (x)
HKLM_MozillaPlugins\@protectdisc.com/NPMPDRM (x)
HKLM_MozillaPlugins\@rentabiliweb.net/MailocashHelper (x)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
HKLM_Extensions|{400F0BDB-6C49-43A4-BE1F-76D7327A604D} - C:\Program Files\Fichiers communs\fluxDVD\Download Manager\Mozilla
HKLM_Extensions|mrext@rentabiliweb.net - C:\Program Files\MailoCash\mrextjs
HKCU_Extensions|{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Program Files\DAP\DAPFireFox

-- C:\Documents and Settings\karine\Application Data\Mozilla\FireFox\Profiles\hu1b9iuj.default --
Extensions\engine@conduit(2).com (Conduit Engine )
Extensions\radiobar@toolbar (RadioBar Toolbar)
Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} (Forecastfox Weather)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{5251729E-E3F9-11DA-8FF2-89F3D55D7866} (Maximiles)
Extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}(2) (iGraal)
Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} (SweetIM Toolbar for Firefox)
Extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2) (SearchElf 1.2 Community Toolbar)
Searchplugins\search.xml (hxxp://www.searchinggate.com/index.php?t=0&b=2&q={searchTerms})
Searchplugins\sweetim.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\karine\\Mes documents\\Téléchargements
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

-- C:\Documents and Settings\guitarine\Application Data\Mozilla\FireFox\Profiles\ypltb9uh.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.1

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

Plugins\npqtplugin.dll (Apple Computer, Inc.)
Plugins\npqtplugin2.dll (Apple Computer, Inc.)
Plugins\npqtplugin3.dll (Apple Computer, Inc.)
Plugins\npqtplugin4.dll (Apple Computer, Inc.)
Plugins\npqtplugin5.dll (Apple Computer, Inc.)
Plugins\npqtplugin6.dll (Apple Computer, Inc.)
Plugins\npqtplugin7.dll (Apple Computer, Inc.)
Plugins\npqtplugin8.dll (Apple Computer, Inc.)
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_Toolbar\WebBrowser|{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} (x)
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)
HKCU_Toolbar\WebBrowser|{EF99BD32-C1FB-11D2-892F-0090271D4F88} (x)
HKCU_Toolbar\WebBrowser|{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} (C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll)
HKLM_Toolbar|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)
HKLM_Toolbar|{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} (C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll)
HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{58F04068-17A5-41a3-B5B7-111004DDF5DC} - c:\program files\real\realplayer\realplay.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{5A2777DF-310A-49ca-A9E8-6C9D608D257E} - C:\Program Files\Real\RealUpgrade\realupgrade.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{E56200D6-445E-45ce-89D8-E0EF39ECF849} - c:\program files\real\realplayer\RecordingManager.exe (RealNetworks, Inc.)
HKLM_ElevationPolicy\{F2DD9BC5-3851-4766-9F67-A627B3C053DD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
HKCU_Extensions\{DD50A491-8F09-4EE7-8E13-806160618B2A} - "Microsoft AntiSpyware helper" (Shell32.dll,128)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
BHO\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - "Download Manager Browser Helper Object" (C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL)
BHO\{3049C3E9-B461-4BC5-8870-4C09146192CA} - "RealPlayer Download and Record Plugin for Internet Explorer" (C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - "ST" (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll)
BHO\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - "MSNToolBandBHO" (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 634 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 16/02/2002 (6659 Octet(s))

Fin à: 12:03:26, 16/02/2002

============== E.O.F ==============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:20, on 16/02/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAP\DAP.EXE
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\karine\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\karine\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\karine\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DD50A491-8F09-4EE7-8E13-806160618B2A} - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: text/plain - {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - C:\WINDOWS\System32\bacp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Service CANALPLAY - Unknown owner - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://x.myspacecdn.com/modules/messaging/static/img/un...

--
End of file - 13636 bytes

Relance Ad-Remover et choisis "Désinstaller".

Tu as toujours des soucis ?

Peux-tu m'envoyer le fichier C:\WINDOWS\System32\bacp.dll sur mon adresse mail ?

Tu la trouveras en cliquant sur mon pseudo.

je n'ai pas bacp.dll desolé comment ca se fait? merci pour ton aide  )

Ce n'est pas grave.

Télécharge OTL (par OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prend pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres Bloc-notes vont s'ouvrir : OTL.txt et Extras.txt. Ils se trouvent au même endroit qu'OTL.

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

Voilà je c pas très bien si tu as recu car la fin avec le lien je ne sais pas ou le coller

Tu colles le lien ici.

http://www.cijoint.fr/cjlink.php?file=cj201102/cijsAm1i...

merci je suis pas tres douée en informatique merci beaucoup de ta patience et de ton aide

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Réponds Oui au message d'avertissement pour que ComboFix commence l'analyse de ton PC.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

excuses moi ca a ete long mais ca a bugger trois fois
je te poste le rapport merci de m'aider
ComboFix 11-02-15.04 - karine 16/02/2011 18:29:39.5.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.251 [GMT 1:00]
Lancé depuis: c:\documents and settings\karine\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir PersonalEdition Classic *Disabled/Outdated* {F50D9AC1-6409-476C-A8D6-8F5F82336C8F}
AV: avast! antivirus 4.8.1229 [VPS 000000-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET692.tmp
c:\program files\Internet Explorer\SET70B.tmp
c:\program files\Internet Explorer\SET7A3.tmp
c:\program files\Internet Explorer\SET890.tmp
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\windows\AutoRun.ini
c:\windows\system\Color
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003901_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003905_.tmp.dll
c:\windows\system32\_003906_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003913_.tmp.dll
c:\windows\system32\_003914_.tmp.dll
c:\windows\system32\_003915_.tmp.dll
c:\windows\system32\_003916_.tmp.dll
c:\windows\system32\_003921_.tmp.dll
c:\windows\system32\_003922_.tmp.dll
c:\windows\system32\_003923_.tmp.dll
c:\windows\system32\_003924_.tmp.dll
c:\windows\system32\_003931_.tmp.dll
c:\windows\system32\_003932_.tmp.dll
c:\windows\system32\_003933_.tmp.dll
c:\windows\system32\_003935_.tmp.dll
c:\windows\system32\_003936_.tmp.dll
c:\windows\system32\_003939_.tmp.dll
c:\windows\system32\_003940_.tmp.dll
c:\windows\system32\_003942_.tmp.dll
c:\windows\system32\_003943_.tmp.dll
c:\windows\system32\_003944_.tmp.dll
c:\windows\system32\_003946_.tmp.dll
c:\windows\system32\_003947_.tmp.dll
c:\windows\system32\_003949_.tmp.dll
c:\windows\system32\_003953_.tmp.dll
c:\windows\system32\_003954_.tmp.dll
c:\windows\system32\_003956_.tmp.dll
c:\windows\system32\_003959_.tmp.dll
c:\windows\system32\_003961_.tmp.dll
c:\windows\system32\_003962_.tmp.dll
c:\windows\system32\_003963_.tmp.dll
c:\windows\system32\_003964_.tmp.dll
c:\windows\system32\_003966_.tmp.dll
c:\windows\system32\_003968_.tmp.dll
c:\windows\system32\_003969_.tmp.dll
c:\windows\system32\_003970_.tmp.dll
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win.ini
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xFPYaccf.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3550P


((((((((((((((((((((((((((((( Fichiers créés du 2011-01-16 au 2011-02-16 ))))))))))))))))))))))))))))))))))))
.

2011-02-13 11:11 . 2011-02-13 11:11 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlcB.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2009-02-01 12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2009-02-01 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 17:31 . 2010-11-27 17:31 2288640 ----a-w- c:\windows\system32\python27.dll
2006-05-06 16:42 . 2007-10-15 09:04 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-23 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-06-30 3364616]
"SpeedOptimizer"="c:\progra~1\SPEEDO~1\SPO.EXE" [2003-09-29 607232]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-05-17 202256]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" [2010-05-17 136744]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

c:\documents and settings\karine\Menu D‚marrer\Programmes\D‚marrage\
Dropbox.lnk - c:\documents and settings\karine\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ejxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^karine^Menu Démarrer^Programmes^Démarrage^Mailocash.lnk]
path=c:\documents and settings\karine\Menu Démarrer\Programmes\Démarrage\Mailocash.lnk
backup=c:\windows\pss\Mailocash.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
2005-10-30 00:56 606208 ----a-w- c:\program files\pspvideo9\pspVideo9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 19:12 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 19:12 20560]
R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [22/05/2005 23:22 53248]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/12/2006 13:56 3712]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [19/04/2007 20:29 34304]
S0 ati6ejxx;ati6ejxx;c:\windows\system32\Drivers\ati6ejxx.sys --> c:\windows\system32\Drivers\ati6ejxx.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 13:34 135664]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [01/12/2007 20:31 14848]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [01/12/2007 20:31 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [01/12/2007 20:31 9984]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 Service CANALPLAY;Service CANALPLAY;"c:\program files\Lecteur CANALPLAY\CanalPlayService.exe" --> c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2011-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2011-02-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 20:27]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:34]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:34]

2011-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2002-02-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-02-16 c:\windows\Tasks\User_Feed_Synchronization-{F65A9B50-2469-4345-8813-F8AD451CC6A7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: contentmatch.net\ny
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Maximiles: {5251729E-E3F9-11DA-8FF2-89F3D55D7866} - %profile%\extensions\{5251729E-E3F9-11DA-8FF2-89F3D55D7866}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Mailocash Information: mrext@rentabiliweb.net - c:\program files\MailoCash\mrextjs
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
MSConfigStartUp-AdobeUpdater - c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
AddRemove-BlueScreen Warning - C:\wb.exe
AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-installer - c:\program files\Installer\un_installer_21627.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 18:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\svchost.exe.tmp:ext.exe 25088 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2876)
c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Google Updater\GoogleUpdater.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2011-02-16 19:06:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-16 18:06

Avant-CF: 16 131 948 544 octets libres
Après-CF: 16 111 181 824 octets libres

- - End Of File - - 00B279F5B24C23425CC52549933661C3

ComboFix 11-02-16.01 - karine 16/02/2011 19:55:40.6.1 - x86
Lancé depuis: c:\documents and settings\karine\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\karine\Bureau\CFScript.txt
AV: AntiVir PersonalEdition Classic *Disabled/Outdated* {F50D9AC1-6409-476C-A8D6-8F5F82336C8F}
AV: avast! antivirus 4.8.1229 [VPS 000000-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-16 au 2011-02-16 ))))))))))))))))))))))))))))))))))))
.

2011-02-13 11:11 . 2011-02-13 11:11 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlcB.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2009-02-01 12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2009-02-01 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 17:31 . 2010-11-27 17:31 2288640 ----a-w- c:\windows\system32\python27.dll
2006-05-06 16:42 . 2007-10-15 09:04 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-23 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-06-30 3364616]
"SpeedOptimizer"="c:\progra~1\SPEEDO~1\SPO.EXE" [2003-09-29 607232]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-05-17 202256]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Fichiers communs\Real\Update_OB\upgrdhlp.exe" [2010-05-17 136744]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9b.exe" [2006-11-09 190072]

c:\documents and settings\karine\Menu D‚marrer\Programmes\D‚marrage\
Dropbox.lnk - c:\documents and settings\karine\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ejxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^karine^Menu Démarrer^Programmes^Démarrage^Mailocash.lnk]
path=c:\documents and settings\karine\Menu Démarrer\Programmes\Démarrage\Mailocash.lnk
backup=c:\windows\pss\Mailocash.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
2005-10-30 00:56 606208 ----a-w- c:\program files\pspvideo9\pspVideo9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2008 19:12 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2008 19:12 20560]
R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [22/05/2005 23:22 53248]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/12/2006 13:56 3712]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [19/04/2007 20:29 34304]
S0 ati6ejxx;ati6ejxx;c:\windows\system32\Drivers\ati6ejxx.sys --> c:\windows\system32\Drivers\ati6ejxx.sys [?]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 13:34 135664]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [01/12/2007 20:31 14848]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [01/12/2007 20:31 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [01/12/2007 20:31 9984]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 Service CANALPLAY;Service CANALPLAY;"c:\program files\Lecteur CANALPLAY\CanalPlayService.exe" --> c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [?]
.
Contenu du dossier 'Tâches planifiées'

2011-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2011-02-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 20:27]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:34]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:34]

2011-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-02-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-02-16 c:\windows\Tasks\User_Feed_Synchronization-{F65A9B50-2469-4345-8813-F8AD451CC6A7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: contentmatch.net\ny
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Maximiles: {5251729E-E3F9-11DA-8FF2-89F3D55D7866} - %profile%\extensions\{5251729E-E3F9-11DA-8FF2-89F3D55D7866}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Mailocash Information: mrext@rentabiliweb.net - c:\program files\MailoCash\mrextjs
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 20:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\svchost.exe.tmp:ext.exe 25088 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-688789844-725345543-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2444)
c:\documents and settings\karine\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2011-02-16 20:27:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-16 19:26
ComboFix2.txt 2011-02-16 18:06

Avant-CF: 16 078 540 800 octets libres
Après-CF: 16 071 270 400 octets libres

- - End Of File - - 2FCE78909F4FBA61BBCF6BF438D5C61B

Tu peux télécharger la nouvelle version gratuite d'Avast ici :
http://www.01net.com/telecharger/windows/Securite/antiv...

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

:OTL
[2010/12/30 13:49:22 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)
[2010/12/30 13:49:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com
O18 - Protocol\Filter\text/plain {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - File not found
[2011/01/02 23:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karine\Menu Démarrer\Programmes\installer
[2011/01/02 23:37:09 | 000,197,632 | ---- | C] (Dino Chiesa) -- C:\WINDOWS\System32\Ionic.Zip.Reduced.dll
[2010/12/30 14:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Cleaner Trial

:commands
[emptytemp]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.

Error: Unable to interpret <[2010/12/30 13:49:22 | 000,000,000 | ---D | M] (SearchElf 1.2 Community Toolbar) -- C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2) > in the current context!
Error: Unable to interpret <[2010/12/30 13:49:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com > in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/plain {72E53A21-BB9A-4E29-8C50-A636EBCD45F7} - File not found > in the current context!
Error: Unable to interpret <[2011/01/02 23:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karine\Menu Démarrer\Programmes\installer > in the current context!
Error: Unable to interpret <[2011/01/02 23:37:09 | 000,197,632 | ---- | C] (Dino Chiesa) -- C:\WINDOWS\System32\Ionic.Zip.Reduced.dll > in the current context!
Error: Unable to interpret <[2010/12/30 14:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Cleaner Trial > in the current context!

OTL by OldTimer - Version 3.2.20.6 log created on 02172011_131647

Tu es sûr d'avoir bien mis tout ce qu'il y a dans le cadre dans OTL ?

saut otl et les deeux dernieres lignes:commands
[emptytemp], comme tu avais ecris entre les ligne j'ai cru que....merci pour ton aide en tout cas , dois je recommencer avec tout le paragraphe complet que tu as mis dans l'encadré?

Avec ce qu'il y a dans l'encadré.

OK MERCI je le fait et t'envoie le resultat

All processes killed
========== OTL ==========
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\searchplugin folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\META-INF folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\lib folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\defaults folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\components folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2)\chrome folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}(2) folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\searchplugin folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\META-INF folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\lib folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\DualPackage folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\defaults folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\components folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com\chrome folder moved successfully.
C:\Documents and Settings\karine\Application Data\Mozilla\Firefox\Profiles\hu1b9iuj.default\extensions\engine@conduit(2).com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72E53A21-BB9A-4E29-8C50-A636EBCD45F7}\ deleted successfully.
C:\Documents and Settings\karine\Menu Démarrer\Programmes\installer folder moved successfully.
C:\WINDOWS\system32\Ionic.Zip.Reduced.dll moved successfully.
C:\Program Files\Registry Cleaner Trial folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: guitarine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 20006397 bytes
->Flash cache emptied: 3473 bytes

User: karine
->Temp folder emptied: 1137529 bytes
->Temporary Internet Files folder emptied: 86949559 bytes
->Java cache emptied: 42446008 bytes
->FireFox cache emptied: 72941993 bytes
->Flash cache emptied: 15850736 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8358887 bytes
%systemroot%\System32 .tmp files removed: 274215276 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35246 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 498,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02172011_191138

OTL by OldTimer - Version 3.2.20.6 log created on 02172011_191132

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF225C.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF2EC9.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF870A.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF872D.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF8962.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF8994.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF8B55.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF8B8B.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DF95AD.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temp\~DFFBE9.tmp not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\OA5LXB54\like[1].htm not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\MNDGEVXI\297384-11-virus[1].htm not found!
C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\MNDGEVXI\297384-11-virus[2].htm moved successfully.
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\MNDGEVXI\like[1].htm not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\JVN093WB\297384-11-virus[1].htm not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\JVN093WB\like[1].htm not found!
File\Folder C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\Content.IE5\EDT7JVT7\aff_frame[1].htm not found!
C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\karine\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ok.

Des changements ?

oui maintenant je peux rentrer ds les pages que je souhaite, mais est ce que c'était un pirate ? car j'ai un peu peur qu'il soit entré et qu'il ai pris mes codes ...est ce que tu as vu d'ou ca venait ? si c'était juste un virus ou une intrusion ?

--> Tu peux changer tes mots de passe.


--> Tu avais des virus.


Pour finir :


1/

Télécharge DelFix sur ton Bureau.

Lance DelFix puis clique sur le bouton Suppression.

Poste le rapport (C:\DelFixSuppr.txt).

Supprime DelFix.

2/

Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


 

# DelFix v7.4 - Rapport créé le 17/02/2011 à 20:15
# Mis à jour le 09/02/11 à 23h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 2
# Nom d'utilisateur : karine - PARAT-X7TFEBQEF (Administrateur)
# Exécuté depuis : C:\Documents and Settings\karine\Bureau\DelFix(2).exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\_OTL
Supprimé : C:\Vundofix Backups
Supprimé : C:\Rustbfix
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\trend micro\Hijackthis
Supprimé : C:\Documents and Settings\karine\Bureau\DiagHelp
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hijackthis

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\ComboFix.txt
Supprimé : C:\VundoFix.txt
Supprimé : C:\WINDOWS\grep.exe
Supprimé : C:\WINDOWS\PEV.exe
Supprimé : C:\WINDOWS\NIRCMD.exe
Supprimé : C:\WINDOWS\MBR.exe
Supprimé : C:\WINDOWS\sed.exe
Supprimé : C:\WINDOWS\SWREG.exe
Supprimé : C:\WINDOWS\SWSC.exe
Supprimé : C:\WINDOWS\SWXCACLS.exe
Supprimé : C:\WINDOWS\zip.exe
Supprimé : C:\WINDOWS\System32\tmp.txt
Supprimé : C:\Documents and Settings\karine\Bureau\OTL.exe
Supprimé : C:\Documents and Settings\karine\Bureau\OTL.Txt
Supprimé : C:\Documents and Settings\karine\Bureau\SmitfraudFix.exe
Supprimé : C:\Documents and Settings\karine\Bureau\Extras.Txt
Supprimé : C:\Documents and Settings\karine\Bureau\MBRCheck_02.15.02_14.42.06.txt
Supprimé : C:\Documents and Settings\karine\Bureau\MBRCheck_02.17.11_12.03.10.txt
Supprimé : C:\Documents and Settings\karine\Bureau\VundoFix.exe
Supprimé : C:\Documents and Settings\karine\Bureau\DiagHelp.zip
Supprimé : C:\Documents and Settings\karine\Bureau\HijackThis.lnk
Supprimé : C:\Documents and Settings\karine\Bureau\hijackthis.log
Supprimé : C:\Documents and Settings\karine\Bureau\ZHPDiag.txt
Supprimé : C:\Documents and Settings\karine\Bureau\rustbfix.exe
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\ComboFix.exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\AD-R(2).exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\AD-R.exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\Dial-a-fix-v0.60.0.24.zip
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\HJTInstall.exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\HiJackThis(2).exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\HiJackThis.exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\ZHPDiag2(2).exe
Supprimé : C:\Documents and Settings\karine\Mes documents\Téléchargements\ZHPDiag2.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\OldTimer Tools
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autre ~~~~~~

-> BitDefender Online Scanner ... Désinstallation annulée par l'utilisateur

########## EOF - "C:\DelFixSuppr.txt" - [3939 octets] ##########
~~~~~~ Autre ~~~~~~

-> BitDefender Online Scanner ... Installé

########## EOF - "C:\DelFixSuppr.txt" - [4074 octets] ##########

# DelFix v7.4 - Rapport créé le 17/02/2011 à 20:16
# Mis à jour le 09/02/11 à 23h par Xplode
# Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 2
# Nom d'utilisateur : karine - PARAT-X7TFEBQEF (Administrateur)
# Exécuté depuis : C:\Documents and Settings\karine\Bureau\DelFix(2).exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~


~~~~~~ Fichier(s) ~~~~~~


~~~~~~ Registre ~~~~~~


~~~~~~ Autre ~~~~~~

-> Prefetch vidé

########## EOF - "C:\DelFixSuppr.txt" - [597 octets] ##########

Tu peux supprimer DelFix.

bonjour
wwwaaa tout ça pour dire que ce n est pas un virus mais c est a cause de mailorama (mailocash ) qui gène la déconnection un simple clic forcer l arrêt et hop c est fini ou désinstalle mailocash...
cordialement