Votre question

Virus comment sen débarrasser -résolu-

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Mai 2011 09:55:52

Bonjour,
depuis quelque temps avast me détecte des menaces sans arret, rootkit principalement toutes les analyses n'y changent rien et je ne sais pas comment faire pour nettoyer complètement mon pc car les alertes persistent. pas trop de soucis pour l'utilisation de mon ordi si ce n'est des redirections quand je navigue. merci de m'éclairer si vous le pouvez. j'attend vos conseils.

Autres pages sur : virus sen debarrasser resolu

29 Mai 2011 15:03:11

bonjour je tente d'envoyer le rapport mais chaque fois ça me dit page internet inaccessible et donc le post n'est jms envoyé. je vais rééssayer.
Contenus similaires
29 Mai 2011 15:12:50

impossible d'envoyer le rapport dès que je le copie dans le message, page inaccessible. sans le rapport aucun problème les message sont envoyés avec succès. je ne comprend pas le problème. :??: 
29 Mai 2011 15:16:06

Sham_Rock a dit :
Bonsoir
poste ton rapport de scan avast stp :) 

http://www.malekal.com/2010/11/12/tutorial-sur-lantivir...


bonjour, dès que je copie le rapport dans le message à envoyer mon message est en échec et me renvoie sur "page inaccessible". si je répond sans copier le rapport mes messages sont envoyés avec succès. quel est le problème? je ne comprend pas pourquoi je ne peux envoyer le rapport de scan. :??: 
29 Mai 2011 19:50:43

et bien ça ne fonctionne pas non plus, ça me remet la aussi "cette page web est inaccessible " dès que je veux mettre le rapport......................
29 Mai 2011 21:42:11

ok


Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
    29 Mai 2011 22:04:54

    voila j'espère que ça va fonctionner cette fois. en tout cas merci de ta patience :) 

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
    Run by Administrateur at 21:54:03 on 2011-05-29
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.202 [GMT 2:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\BboxUpdate\BTLiveUpdate.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    D:\Hercules DualPix HD Webcam\Camservice.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Administrateur\Mes documents\Downloads\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    uSearch Page = hxxp://www.google.fr
    uSearch Bar = hxxp://www.google.fr
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uURLSearchHooks: H - No File
    uURLSearchHooks: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    uURLSearchHooks: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\administrateur\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BboxUpdate] c:\program files\bboxupdate\BTLiveUpdate.exe
    mRun: [ISUSPM] "c:\program files\fichiers communs\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [HerculesCamService] d:\hercules dualpix hd webcam\Camservice.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    StartupFolder: c:\documents and settings\administrateur\menu démarrer\programmes\démarrage\PowerReg Scheduler V3.exe
    uPolicies-explorer: NoSMHelp = 1 (0x1)
    uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\zkalyan5.default\
    FF - prefs.js: browser.search.selectedEngine - google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programmes\adobe\reader 9.0\reader\browser\nppdf32.dll
    FF - plugin: c:\programmes\java\jre6\bin\new_plugin\npdeploytk.dll
    FF - plugin: c:\programmes\microsoft silverlight\npctrl.dll
    FF - plugin: c:\programmes\real alternative\browser\plugins\nppl3260.dll
    FF - plugin: c:\programmes\real alternative\browser\plugins\nprpjplug.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-5-24 210224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-27 42184]
    R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [2010-8-7 275072]
    R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [2010-8-7 24192]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 133104]
    S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-4-13 14336]
    S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2010-5-24 69120]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 133104]
    .
    =============== Created Last 30 ================
    .
    2011-05-12 21:23:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-05-12 21:23:46 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    ==================== Find3M ====================
    .
    2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-11 10:37:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: MAXTOR_STM3160211AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-5
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B66439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b6c7b8]; MOV EAX, [0x82b6c834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x82B7EAB8]
    3 CLASSPNP[0xF8532FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005d[0x82B9AF18]
    5 ACPI[0xF83C8620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x82B998E8]
    \Driver\atapi[0x82B8CA48] -> IRP_MJ_CREATE -> 0x82B66439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskMAXTOR_STM3160211AS_____________________3.AAE___#5&27db0ed4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82B6627F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 21:56:28,53 ===============
    30 Mai 2011 16:16:35

    Sham_Rock a dit :
    ok


    Télécharge DDS]http://i263.photobucket.com/albums/ii126/Sham_Rock1/tlcharger.gifDDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

  • voila j'espère que ça va fonctionner cette fois. en tout cas merci de ta patience :) 

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
    Run by Administrateur at 21:54:03 on 2011-05-29
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.202 [GMT 2:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\BboxUpdate\BTLiveUpdate.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    D:\Hercules DualPix HD Webcam\Camservice.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Administrateur\Mes documents\Downloads\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    uSearch Page = hxxp://www.google.fr
    uSearch Bar = hxxp://www.google.fr
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uURLSearchHooks: H - No File
    uURLSearchHooks: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    uURLSearchHooks: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Softonic_France Toolbar: {4daac69c-cba7-45e2-9bc8-1044483d3352} - c:\program files\softonic_france\prxtbSof0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTor.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\administrateur\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BboxUpdate] c:\program files\bboxupdate\BTLiveUpdate.exe
    mRun: [ISUSPM] "c:\program files\fichiers communs\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [HerculesCamService] d:\hercules dualpix hd webcam\Camservice.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    StartupFolder: c:\documents and settings\administrateur\menu démarrer\programmes\démarrage\PowerReg Scheduler V3.exe
    uPolicies-explorer: NoSMHelp = 1 (0x1)
    uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\zkalyan5.default\
    FF - prefs.js: browser.search.selectedEngine - google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programmes\adobe\reader 9.0\reader\browser\nppdf32.dll
    FF - plugin: c:\programmes\java\jre6\bin\new_plugin\npdeploytk.dll
    FF - plugin: c:\programmes\microsoft silverlight\npctrl.dll
    FF - plugin: c:\programmes\real alternative\browser\plugins\nppl3260.dll
    FF - plugin: c:\programmes\real alternative\browser\plugins\nprpjplug.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-5-24 210224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-27 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-27 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-27 42184]
    R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [2010-8-7 275072]
    R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [2010-8-7 24192]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 133104]
    S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-4-13 14336]
    S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2010-5-24 69120]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 133104]
    .
    =============== Created Last 30 ================
    .
    2011-05-12 21:23:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-05-12 21:23:46 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    ==================== Find3M ====================
    .
    2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-11 10:37:47 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: MAXTOR_STM3160211AS rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-5
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82B66439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82b6c7b8]; MOV EAX, [0x82b6c834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x82B7EAB8]
    3 CLASSPNP[0xF8532FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005d[0x82B9AF18]
    5 ACPI[0xF83C8620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x82B998E8]
    \Driver\atapi[0x82B8CA48] -> IRP_MJ_CREATE -> 0x82B66439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskMAXTOR_STM3160211AS_____________________3.AAE___#5&27db0ed4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82B6627F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    30 Mai 2011 20:55:29

    Bonsoir

    1

    telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

    C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

    tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

    o execute le , La fenêtre suivante va s'ouvrir::



    o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
    o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



    o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

    o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

    o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

    o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

    o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

    o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

    tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...


    2



  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Scanner.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    30 Mai 2011 21:35:11

    bonsoir,
    j'ai donc fait ce que tu m'as conseillé, par contre je ne trouve pas le rapport Tdsskiller quarantine. je te poste les 3 rapports que j'ai trouvé:

    2011/05/30 21:06:00.0593 0376 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/30 21:06:00.0812 0376 ================================================================================
    2011/05/30 21:06:00.0812 0376 SystemInfo:
    2011/05/30 21:06:00.0812 0376
    2011/05/30 21:06:00.0812 0376 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/30 21:06:00.0812 0376 Product type: Workstation
    2011/05/30 21:06:00.0812 0376 ComputerName: EDITION_ULTRA
    2011/05/30 21:06:00.0812 0376 UserName: Administrateur
    2011/05/30 21:06:00.0812 0376 Windows directory: C:\WINDOWS
    2011/05/30 21:06:00.0812 0376 System windows directory: C:\WINDOWS
    2011/05/30 21:06:00.0812 0376 Processor architecture: Intel x86
    2011/05/30 21:06:00.0812 0376 Number of processors: 1
    2011/05/30 21:06:00.0812 0376 Page size: 0x1000
    2011/05/30 21:06:00.0812 0376 Boot type: Normal boot
    2011/05/30 21:06:00.0812 0376 ================================================================================
    2011/05/30 21:06:02.0562 0376 Initialize success
    2011/05/30 21:06:22.0265 2460 ================================================================================
    2011/05/30 21:06:22.0265 2460 Scan started
    2011/05/30 21:06:22.0265 2460 Mode: Manual;
    2011/05/30 21:06:22.0265 2460 ================================================================================
    2011/05/30 21:06:22.0546 2460 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/05/30 21:06:22.0937 2460 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/30 21:06:23.0093 2460 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/30 21:06:23.0343 2460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/30 21:06:23.0500 2460 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/30 21:06:24.0109 2460 APL531 (29c537d74694de38b07b8d0c37bc25c5) C:\WINDOWS\system32\Drivers\HDvid.sys
    2011/05/30 21:06:24.0578 2460 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/05/30 21:06:24.0750 2460 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/05/30 21:06:24.0921 2460 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/05/30 21:06:25.0093 2460 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/05/30 21:06:25.0265 2460 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/05/30 21:06:25.0437 2460 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/05/30 21:06:25.0578 2460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/30 21:06:25.0718 2460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/30 21:06:25.0984 2460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/30 21:06:26.0109 2460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/30 21:06:26.0265 2460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/30 21:06:26.0437 2460 camfilt (e156c353fcbc05db5dee57be0592f2d4) C:\WINDOWS\system32\Drivers\camfilt.sys
    2011/05/30 21:06:26.0578 2460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/30 21:06:26.0718 2460 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/30 21:06:26.0953 2460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/30 21:06:27.0093 2460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/30 21:06:27.0234 2460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/30 21:06:27.0921 2460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/30 21:06:28.0109 2460 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/30 21:06:28.0296 2460 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/30 21:06:28.0453 2460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/30 21:06:28.0593 2460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/30 21:06:28.0843 2460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/30 21:06:29.0015 2460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/30 21:06:29.0187 2460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/05/30 21:06:29.0328 2460 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/30 21:06:29.0484 2460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/05/30 21:06:29.0640 2460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/05/30 21:06:29.0796 2460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/30 21:06:29.0968 2460 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/30 21:06:30.0109 2460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/30 21:06:30.0296 2460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/30 21:06:30.0437 2460 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/30 21:06:30.0703 2460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/30 21:06:31.0093 2460 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/30 21:06:31.0359 2460 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/05/30 21:06:31.0656 2460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/30 21:06:32.0031 2460 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/05/30 21:06:32.0390 2460 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/30 21:06:32.0531 2460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/05/30 21:06:32.0656 2460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/30 21:06:32.0812 2460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/30 21:06:32.0953 2460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/30 21:06:33.0093 2460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/30 21:06:33.0234 2460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/30 21:06:33.0390 2460 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/30 21:06:33.0484 2460 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
    2011/05/30 21:06:33.0640 2460 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/30 21:06:33.0781 2460 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/30 21:06:33.0937 2460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/30 21:06:34.0078 2460 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/30 21:06:34.0484 2460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/30 21:06:34.0640 2460 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/30 21:06:34.0781 2460 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/30 21:06:34.0921 2460 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/30 21:06:35.0078 2460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/30 21:06:35.0328 2460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/30 21:06:35.0468 2460 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/30 21:06:35.0640 2460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/30 21:06:35.0781 2460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/30 21:06:35.0921 2460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/30 21:06:36.0062 2460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/30 21:06:36.0187 2460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/30 21:06:36.0328 2460 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/30 21:06:36.0468 2460 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/30 21:06:36.0625 2460 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/30 21:06:36.0796 2460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/30 21:06:36.0968 2460 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/30 21:06:37.0140 2460 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/30 21:06:37.0265 2460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/30 21:06:37.0390 2460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/30 21:06:37.0515 2460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/30 21:06:37.0671 2460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/30 21:06:37.0828 2460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/30 21:06:38.0015 2460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/30 21:06:38.0187 2460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/30 21:06:38.0343 2460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/30 21:06:38.0468 2460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/30 21:06:38.0609 2460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/30 21:06:38.0750 2460 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/30 21:06:38.0890 2460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/30 21:06:39.0031 2460 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/30 21:06:39.0203 2460 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/30 21:06:39.0453 2460 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/30 21:06:39.0593 2460 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/30 21:06:40.0375 2460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/30 21:06:40.0515 2460 PQNTDrv (87d211ba1e9759e26b6296e625a31ce8) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2011/05/30 21:06:40.0671 2460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/30 21:06:40.0828 2460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/30 21:06:40.0953 2460 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/30 21:06:41.0593 2460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/30 21:06:41.0750 2460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/30 21:06:41.0906 2460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/30 21:06:42.0046 2460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/30 21:06:42.0218 2460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/30 21:06:42.0625 2460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/30 21:06:42.0796 2460 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/30 21:06:42.0968 2460 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/30 21:06:43.0140 2460 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/30 21:06:43.0343 2460 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2011/05/30 21:06:43.0515 2460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/30 21:06:43.0671 2460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/30 21:06:43.0828 2460 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/30 21:06:43.0984 2460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/30 21:06:44.0156 2460 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\WINDOWS\system32\drivers\Si3531.sys
    2011/05/30 21:06:44.0390 2460 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/30 21:06:44.0656 2460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/30 21:06:44.0828 2460 Sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/30 21:06:44.0984 2460 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/30 21:06:45.0156 2460 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/30 21:06:45.0296 2460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/30 21:06:45.0437 2460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/30 21:06:45.0968 2460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/30 21:06:46.0140 2460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/30 21:06:46.0312 2460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/30 21:06:46.0437 2460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/30 21:06:46.0578 2460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/30 21:06:46.0875 2460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/30 21:06:47.0140 2460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/30 21:06:47.0312 2460 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/30 21:06:47.0453 2460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/30 21:06:47.0593 2460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/30 21:06:47.0750 2460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/30 21:06:47.0906 2460 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/30 21:06:48.0031 2460 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/30 21:06:48.0218 2460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/30 21:06:48.0468 2460 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/30 21:06:48.0609 2460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/30 21:06:48.0843 2460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/30 21:06:49.0078 2460 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/30 21:06:49.0234 2460 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/30 21:06:49.0359 2460 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/05/30 21:06:49.0453 2460 MBR (0x1B8) (8d2a25b940045c1eaed1583ad662bc73) \Device\Harddisk0\DR0
    2011/05/30 21:06:49.0468 2460 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/30 21:06:49.0468 2460 ================================================================================
    2011/05/30 21:06:49.0468 2460 Scan finished
    2011/05/30 21:06:49.0468 2460 ================================================================================
    2011/05/30 21:06:49.0484 1760 Detected object count: 1
    2011/05/30 21:06:49.0484 1760 Actual detected object count: 1
    2011/05/30 21:08:57.0203 1760 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/30 21:08:57.0203 1760 \Device\Harddisk0\DR0 - ok
    2011/05/30 21:08:57.0203 1760 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/05/30 21:09:06.0515 3552 Deinitialize success



    2011/05/30 21:15:22.0234 3412 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/30 21:15:23.0000 3412 ================================================================================
    2011/05/30 21:15:23.0000 3412 SystemInfo:
    2011/05/30 21:15:23.0000 3412
    2011/05/30 21:15:23.0000 3412 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/30 21:15:23.0000 3412 Product type: Workstation
    2011/05/30 21:15:23.0000 3412 ComputerName: EDITION_ULTRA
    2011/05/30 21:15:23.0000 3412 UserName: Administrateur
    2011/05/30 21:15:23.0000 3412 Windows directory: C:\WINDOWS
    2011/05/30 21:15:23.0000 3412 System windows directory: C:\WINDOWS
    2011/05/30 21:15:23.0000 3412 Processor architecture: Intel x86
    2011/05/30 21:15:23.0000 3412 Number of processors: 1
    2011/05/30 21:15:23.0000 3412 Page size: 0x1000
    2011/05/30 21:15:23.0000 3412 Boot type: Normal boot
    2011/05/30 21:15:23.0000 3412 ================================================================================
    2011/05/30 21:15:24.0859 3412 Initialize success
    2011/05/30 21:16:39.0515 1368 Deinitialize success



    2011/05/30 21:19:37.0984 2480 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/30 21:19:38.0312 2480 ================================================================================
    2011/05/30 21:19:38.0312 2480 SystemInfo:
    2011/05/30 21:19:38.0312 2480
    2011/05/30 21:19:38.0312 2480 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/30 21:19:38.0312 2480 Product type: Workstation
    2011/05/30 21:19:38.0312 2480 ComputerName: EDITION_ULTRA
    2011/05/30 21:19:38.0312 2480 UserName: Administrateur
    2011/05/30 21:19:38.0312 2480 Windows directory: C:\WINDOWS
    2011/05/30 21:19:38.0312 2480 System windows directory: C:\WINDOWS
    2011/05/30 21:19:38.0312 2480 Processor architecture: Intel x86
    2011/05/30 21:19:38.0312 2480 Number of processors: 1
    2011/05/30 21:19:38.0312 2480 Page size: 0x1000
    2011/05/30 21:19:38.0312 2480 Boot type: Normal boot
    2011/05/30 21:19:38.0312 2480 ================================================================================
    2011/05/30 21:19:51.0484 2480 Initialize success
    2011/05/30 21:19:56.0578 2664 ================================================================================
    2011/05/30 21:19:56.0578 2664 Scan started
    2011/05/30 21:19:56.0578 2664 Mode: Manual;
    2011/05/30 21:19:56.0578 2664 ================================================================================
    2011/05/30 21:20:06.0265 2664 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/05/30 21:20:08.0218 2664 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/30 21:20:09.0281 2664 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/30 21:20:10.0578 2664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/30 21:20:11.0406 2664 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/30 21:20:14.0640 2664 APL531 (29c537d74694de38b07b8d0c37bc25c5) C:\WINDOWS\system32\Drivers\HDvid.sys
    2011/05/30 21:20:16.0343 2664 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/05/30 21:20:16.0968 2664 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/05/30 21:20:17.0375 2664 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/05/30 21:20:18.0046 2664 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/05/30 21:20:18.0906 2664 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/05/30 21:20:19.0640 2664 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/05/30 21:20:20.0171 2664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/30 21:20:20.0828 2664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/30 21:20:21.0968 2664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/30 21:20:22.0640 2664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/30 21:20:23.0078 2664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/30 21:20:23.0546 2664 camfilt (e156c353fcbc05db5dee57be0592f2d4) C:\WINDOWS\system32\Drivers\camfilt.sys
    2011/05/30 21:20:23.0984 2664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/30 21:20:24.0375 2664 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/30 21:20:25.0234 2664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/30 21:20:25.0656 2664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/30 21:20:26.0078 2664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/30 21:20:28.0843 2664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/30 21:20:29.0609 2664 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/30 21:20:30.0500 2664 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/30 21:20:31.0046 2664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/30 21:20:31.0437 2664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/30 21:20:31.0906 2664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/30 21:20:32.0234 2664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/30 21:20:32.0687 2664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/05/30 21:20:32.0984 2664 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/30 21:20:33.0218 2664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/05/30 21:20:33.0531 2664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/05/30 21:20:33.0796 2664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/30 21:20:34.0265 2664 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/30 21:20:34.0765 2664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/30 21:20:35.0234 2664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/30 21:20:35.0656 2664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/30 21:20:36.0187 2664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/30 21:20:37.0218 2664 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/30 21:20:38.0578 2664 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/05/30 21:20:40.0593 2664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/30 21:20:41.0687 2664 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/05/30 21:20:43.0812 2664 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/30 21:20:44.0093 2664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/05/30 21:20:44.0343 2664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/30 21:20:44.0640 2664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/30 21:20:44.0921 2664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/30 21:20:45.0203 2664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/30 21:20:45.0515 2664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/30 21:20:45.0812 2664 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/30 21:20:46.0000 2664 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
    2011/05/30 21:20:46.0359 2664 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/30 21:20:46.0687 2664 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/30 21:20:46.0984 2664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/30 21:20:47.0281 2664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/30 21:20:48.0062 2664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/30 21:20:48.0265 2664 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/30 21:20:48.0546 2664 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/30 21:20:48.0828 2664 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/30 21:20:49.0062 2664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/30 21:20:49.0906 2664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/30 21:20:50.0531 2664 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/30 21:20:51.0328 2664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/30 21:20:51.0796 2664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/30 21:20:52.0390 2664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/30 21:20:52.0953 2664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/30 21:20:53.0718 2664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/30 21:20:54.0312 2664 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/30 21:20:55.0000 2664 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/30 21:20:55.0546 2664 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/30 21:20:56.0125 2664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/30 21:20:56.0656 2664 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/30 21:20:57.0281 2664 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/30 21:20:57.0671 2664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/30 21:20:58.0000 2664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/30 21:20:58.0265 2664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/30 21:20:58.0625 2664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/30 21:20:58.0859 2664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/30 21:20:59.0187 2664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/30 21:20:59.0609 2664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/30 21:21:00.0203 2664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/30 21:21:00.0453 2664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/30 21:21:01.0000 2664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/30 21:21:01.0390 2664 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/30 21:21:01.0781 2664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/30 21:21:02.0437 2664 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/30 21:21:02.0906 2664 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/30 21:21:04.0078 2664 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/30 21:21:04.0968 2664 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/30 21:21:07.0984 2664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/30 21:21:08.0375 2664 PQNTDrv (87d211ba1e9759e26b6296e625a31ce8) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2011/05/30 21:21:08.0765 2664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/30 21:21:09.0140 2664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/30 21:21:09.0562 2664 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/30 21:21:11.0937 2664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/30 21:21:12.0421 2664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/30 21:21:12.0875 2664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/30 21:21:13.0187 2664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/30 21:21:13.0656 2664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/30 21:21:14.0078 2664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/30 21:21:14.0468 2664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/30 21:21:14.0953 2664 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/30 21:21:15.0265 2664 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/30 21:21:15.0578 2664 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2011/05/30 21:21:15.0890 2664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/30 21:21:16.0203 2664 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/30 21:21:16.0500 2664 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/30 21:21:16.0828 2664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/30 21:21:17.0187 2664 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\WINDOWS\system32\drivers\Si3531.sys
    2011/05/30 21:21:17.0718 2664 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/30 21:21:18.0187 2664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/30 21:21:18.0453 2664 Sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/30 21:21:18.0937 2664 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/30 21:21:19.0390 2664 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/30 21:21:19.0625 2664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/30 21:21:19.0875 2664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/30 21:21:20.0875 2664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/30 21:21:21.0203 2664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/30 21:21:21.0484 2664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/30 21:21:21.0765 2664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/30 21:21:22.0046 2664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/30 21:21:22.0515 2664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/30 21:21:22.0968 2664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/30 21:21:23.0328 2664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/30 21:21:23.0671 2664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/30 21:21:23.0968 2664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/30 21:21:24.0281 2664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/30 21:21:24.0578 2664 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/30 21:21:24.0859 2664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/30 21:21:25.0109 2664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/30 21:21:25.0562 2664 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/30 21:21:25.0734 2664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/30 21:21:26.0250 2664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/30 21:21:26.0500 2664 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/30 21:21:26.0796 2664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/30 21:21:27.0140 2664 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/05/30 21:21:27.0203 2664 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
    2011/05/30 21:21:31.0359 2664 ================================================================================
    2011/05/30 21:21:31.0359 2664 Scan finished
    2011/05/30 21:21:31.0359 2664 ================================================================================
    2011/05/30 21:21:31.0390 2656 Detected object count: 0
    2011/05/30 21:21:31.0390 2656 Actual detected object count: 0
    2011/05/30 21:25:01.0750 2388 Deinitialize success

    30 Mai 2011 21:47:13

    je te poste maintenant le rapport de ad-report:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:37:55 le 30/05/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    Administrateur@EDITION_ULTRA ( )

    ============== RECHERCHE ==============


    Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp
    Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\zkalyan5.default\extensions\engine@conduit.com
    Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
    Dossier trouvé: C:\Program Files\Conduit
    Dossier trouvé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine
    Dossier trouvé: C:\Program Files\ConduitEngine
    Dossier trouvé: C:\Documents and Settings\Administrateur\Application Data\PriceGong
    Dossier trouvé: C:\WINDOWS\$XNTUninstall643$

    Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé trouvée: HKLM\Software\Classes\CLSID\{9A261DB3-14DB-49A0-BE38-CB86D5354A22}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A261DB3-14DB-49A0-BE38-CB86D5354A22}
    Clé trouvée: HKLM\Software\Classes\CLSID\{FE67E28E-577A-4C7D-8249-F7944D7D0A81}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    Clé trouvée: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    Clé trouvée: HKLM\Software\Classes\Conduit.Engine
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé trouvée: HKLM\Software\Classes\Toolbar.CT2851639
    Clé trouvée: HKLM\Software\Conduit
    Clé trouvée: HKLM\Software\conduitEngine
    Clé trouvée: HKLM\Software\Sky-Banners
    Clé trouvée: HKLM\Software\Street-Ads
    Clé trouvée: HKCU\Software\Conduit
    Clé trouvée: HKCU\Software\conduitEngine
    Clé trouvée: HKCU\Software\PriceGong
    Clé trouvée: HKCU\Software\Sky-Banners
    Clé trouvée: HKCU\Software\Street-Ads
    Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE77B807-F20A-4B59-9981-8B6A1E29918F}
    Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.0.6 (fr)] ****

    Plugins\NPSWF32.dll (?)
    Plugins\npWebLaunch.dll ( )
    HKLM_MozillaPlugins\@thrixxx.com/WebLaunch (x)
    HKCU_MozillaPlugins\@thrixxx.com/WebLaunch (x)
    HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
    Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)
    Searchplugins\espacesimo.xml (hxxp://www.google.com/cse?cx=partner-pub-9329429930782701:89ty... )
    Components\aboutRights.js
    Components\aboutRobots.js
    Components\nsPostUpdateWin.js

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\zkalyan5.default --
    Extensions\digger@clav.mozdev.org (?)
    Extensions\engine@conduit.com (Conduit Engine )
    Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (uTorrentBar_FR Community Toolbar)
    Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} (Vista-aero)
    Extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352} (Softonic_France Community Toolbar)
    Extensions\{A4732521-77D9-447E-A557-B279AC923F06} (Image Toolbar)
    Extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce} (OpenBook)
    Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} (SearchPreview)
    Searchplugins\118-811com.xml (?)
    Searchplugins\dailymotion.xml (?)
    Searchplugins\google-translate-en-fr.xml (?)
    Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp)
    Searchplugins\the-pirate-bay.xml (?)
    Searchplugins\youtube.xml (?)
    Prefs.js - browser.download.lastDir, D:\\Documents
    Prefs.js - browser.search.selectedEngine, google
    Prefs.js - browser.startup.homepage, hxxp://start.bramjnet.com/vb/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.6

    ========================================

    **** Internet Explorer Version [7.0.5730.11] ****

    HKCU_Main|Search bar - hxxp://www.google.fr
    HKCU_Main|Search Page - hxxp://www.google.fr
    HKCU_Main|Start Page - hxxp://www.google.fr/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} (x)
    HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
    HKCU_SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerm...)
    HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
    HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
    HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
    HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    HKLM_ElevationPolicy\{0C8861F6-A627-41DE-97A3-CC388535E60F} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{7307490C-4625-450A-AAAA-503483FDC3F6} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2542115\Softonic_FranceAutoUpdaterHelper.exe (?)
    HKLM_ElevationPolicy\{AE77B807-F20A-4B59-9981-8B6A1E29918F} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
    HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
    BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Windows Live Sign-in Helper" (C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

    C:\Ad-Report-SCAN[1].txt - 30/05/2011 21:38:40 (2883 Octet(s))

    Fin à: 21:39:31, 30/05/2011

    ============== E.O.F ==============


    voila. je n'ai déja plus d'alerte avast concernant des menaces détectées et les mises à jour de l'ordi sont à nouveau disponibles ce qui n'était plus le cas. je te remercie.
    30 Mai 2011 22:03:10

    re

    Citation :
    2011/05/30 21:06:49.0484 1760 Detected object count: 1
    2011/05/30 21:06:49.0484 1760 Actual detected object count: 1
    2011/05/30 21:08:57.0203 1760 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/30 21:08:57.0203 1760 \Device\Harddisk0\DR0 - ok
    2011/05/30 21:08:57.0203 1760 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/05/30 21:09:06.0515 3552 Deinitialize success


    bien joué :) 


    ++++

    on continue:


    /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option Nettoyer.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
    /!\ Pense à réactiver ton antivirus /!\
    30 Mai 2011 22:41:38

    je te l'ai envoyé au dernier post ;) 
    30 Mai 2011 22:44:07

    non je viens de voir que tu me dis option nettoyer autant pour moi. je le fais tout de suite.
    30 Mai 2011 22:51:19

    voici le rapport du nettoyage:


    ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:45:06 le 30/05/2011, Mode normal

    Microsoft Windows XP Professionnel Service Pack 3 (X86)
    Administrateur@EDITION_ULTRA ( )

    ============== ACTION(S) ==============


    Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
    Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\zkalyan5.default\extensions\engine@conduit.com
    Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Documents and Settings\Administrateur\Application Data\PriceGong
    Dossier supprimé: C:\WINDOWS\$XNTUninstall643$

    (!) -- Fichiers temporaires supprimés.


    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{9A261DB3-14DB-49A0-BE38-CB86D5354A22}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A261DB3-14DB-49A0-BE38-CB86D5354A22}
    Clé supprimée: HKLM\Software\Classes\CLSID\{FE67E28E-577A-4C7D-8249-F7944D7D0A81}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    Clé supprimée: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2851639
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\Sky-Banners
    Clé supprimée: HKLM\Software\Street-Ads
    Clé supprimée: HKCU\Software\Conduit
    Clé supprimée: HKCU\Software\conduitEngine
    Clé supprimée: HKCU\Software\PriceGong
    Clé supprimée: HKCU\Software\Sky-Banners
    Clé supprimée: HKCU\Software\Street-Ads
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE77B807-F20A-4B59-9981-8B6A1E29918F}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.0.6 (fr)] ****

    Plugins\NPSWF32.dll (?)
    Plugins\npWebLaunch.dll ( )
    HKLM_MozillaPlugins\@thrixxx.com/WebLaunch (x)
    HKCU_MozillaPlugins\@thrixxx.com/WebLaunch (x)
    HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
    Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)
    Searchplugins\espacesimo.xml (hxxp://www.google.com/cse?cx=partner-pub-9329429930782701:89ty... )
    Components\aboutRights.js
    Components\aboutRobots.js
    Components\nsPostUpdateWin.js

    -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\zkalyan5.default --
    Extensions\digger@clav.mozdev.org (?)
    Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (uTorrentBar_FR Community Toolbar)
    Extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} (Vista-aero)
    Extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352} (Softonic_France Community Toolbar)
    Extensions\{A4732521-77D9-447E-A557-B279AC923F06} (Image Toolbar)
    Extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce} (OpenBook)
    Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} (SearchPreview)
    Searchplugins\118-811com.xml (?)
    Searchplugins\dailymotion.xml (?)
    Searchplugins\google-translate-en-fr.xml (?)
    Searchplugins\MediaDICO-fr.xml (hxxp://www.dictionnaire-mediadico.com/dictionnaires.asp)
    Searchplugins\the-pirate-bay.xml (?)
    Searchplugins\youtube.xml (?)
    Prefs.js - browser.download.lastDir, D:\\Documents
    Prefs.js - browser.search.selectedEngine, google
    Prefs.js - browser.startup.homepage, hxxp://start.bramjnet.com/vb/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.0.6

    ========================================

    **** Internet Explorer Version [7.0.5730.11] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} (x)
    HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKCU_SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerm...)
    HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
    HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\prxtbSof0.dll)
    HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
    HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    HKLM_ElevationPolicy\{0C8861F6-A627-41DE-97A3-CC388535E60F} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{7307490C-4625-450A-AAAA-503483FDC3F6} - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Conduit\CT2542115\Softonic_FranceAutoUpdaterHelper.exe (x)
    HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
    HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
    BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTor.dll)
    BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\prxtbSof0.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
    BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll)
    BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Windows Live Sign-in Helper" (C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 163 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 30/05/2011 22:45:11 (7016 Octet(s))
    C:\Ad-Report-SCAN[1].txt - 30/05/2011 21:38:40 (8400 Octet(s))
    C:\Ad-Report-SCAN[2].txt - 30/05/2011 21:40:53 (8465 Octet(s))

    Fin à: 22:46:12, 30/05/2011

    ============== E.O.F ==============
    :) 
    31 Mai 2011 20:51:27

    Bonsoir
    On termine :) 

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++
    31 Mai 2011 22:27:05

    bonsoir :)  voici le rapport de combo fix:

    ComboFix 11-05-31.01 - Administrateur 31/05/2011 22:02:00.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.236 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrateur\Application Data\Adobe\plugs
    c:\documents and settings\Administrateur\Application Data\Adobe\shed
    c:\documents and settings\Administrateur\WINDOWS
    c:\windows\Driver Cache\i386\Temp\program.exe
    c:\windows\Driver Cache\i386\Temp\wfdmgr.exe
    c:\windows\system32\Cache
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\msconfig.exe
    .
    Une copie infectée de c:\windows\system32\midimap.dll a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games
    -------\Service_SPService
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-12 21:23 . 2011-05-12 21:23 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2011-04-27 14:52 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-04-27 14:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-04-27 14:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-04-27 14:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-04-27 14:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 12:02 . 2011-04-27 14:53 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-05-10 12:02 . 2011-04-27 14:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-05-10 11:59 . 2011-04-27 14:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-04-27 14:53 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-05-10 11:59 . 2011-04-27 14:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-13 19:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
    .
    [7] 2008-04-13 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\ie8\mshtml.dll
    .
    [7] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
    .
    [7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [7] 2008-05-24 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\ie8\wininet.dll
    .
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [7] 2008-04-13 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
    .
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [7] 2008-04-13 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
    .
    [-] 2009-03-27 . F83D7C868B3D22FB33745D57CCC65684 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    [7] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
    .
    [7] 2008-04-13 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
    .
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
    [-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2008-05-24 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\ie8\iexplore.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar_FR\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_France\prxtbSof0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
    "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-09 399736]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 16855552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-27 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-27 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-27 137752]
    "BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
    "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
    "HerculesCamService"="d:\hercules dualpix hd webcam\Camservice.exe" [2007-02-26 102400]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2009-03-08 128512]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler V3.exe [2010-11-14 225280]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bbox\\eSKernel.exe"=
    "c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Administrateur\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27216:TCP"= 27216:TCP:spport
    .
    R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [24/05/2008 03:37 210224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/04/2011 16:53 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/04/2011 16:53 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/04/2011 16:53 19544]
    R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [07/08/2010 19:44 275072]
    R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [07/08/2010 19:44 24192]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - HELPSVC
    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500Core.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500UA.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-05-31 c:\windows\Tasks\User_Feed_Synchronization-{341BD00F-A50B-4DF9-9E01-7C938F6F8E3E}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-03 04:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\zkalyan5.default\
    FF - prefs.js: browser.search.selectedEngine - google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-31 22:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-583907252-602609370-842925246-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,6a,36,e8,26,2e,ae,45,a0,47,3c,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\cscui.dll
    .
    - - - - - - - > 'lsass.exe'(820)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\psbase.dll
    .
    - - - - - - - > 'explorer.exe'(216)
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-05-31 22:22:07 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-05-31 20:22
    .
    Avant-CF: 31 858 216 960 octets libres
    Après-CF: 31 929 012 224 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    .
    - - End Of File - - 7B4306B97E5F05A9FBD2ECBD55285694
    1 Juin 2011 18:41:51

    bonsoir
    perso, je désinstallerai uTorrentBar_FR
    , ça sert à rien les toolbars... :o 


    Copie (Ctrl+C) le texte ci-dessous :
    File::
    c:\documents and settings\Administrateur\Local Settings\Temp\mc23.tmp

    Folder::
    c:\program files\Softonic_France


    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"=-
    [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{4daac69c-cba7-45e2-9bc8-1044483d3352}"=-
    [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"=-
    [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
    [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    1 Juin 2011 23:32:52

    ComboFix 11-06-01.04 - Administrateur 01/06/2011 23:07:39.2.1 - x86
    bonsoir. voici le rapport:
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.264 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    FILE ::
    "c:\documents and settings\Administrateur\Local Settings\Temp\mc23.tmp"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Softonic_France
    c:\program files\Softonic_France\GottenAppsContextMenu.xml
    c:\program files\Softonic_France\INSTALL.LOG
    c:\program files\Softonic_France\OtherAppsContextMenu.xml
    c:\program files\Softonic_France\prxtbSof0.dll
    c:\program files\Softonic_France\SharedAppsContextMenu.xml
    c:\program files\Softonic_France\Softonic_FranceToolbarHelper.exe
    c:\program files\Softonic_France\Softonic_FranceToolbarHelper1.exe
    c:\program files\Softonic_France\tbSof0.dll
    c:\program files\Softonic_France\tbSof1.dll
    c:\program files\Softonic_France\tbSof2.dll
    c:\program files\Softonic_France\tbSoft.dll
    c:\program files\Softonic_France\toolbar.cfg
    c:\program files\Softonic_France\ToolbarContextMenu.xml
    c:\program files\Softonic_France\uninstall.exe
    c:\program files\Softonic_France\UNWISE.EXE
    c:\program files\Softonic_France\UNWISE.INI
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-01 au 2011-06-01 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-30 19:37 . 2011-05-30 19:37 -------- d-----w- c:\program files\Ad-Remover
    2011-05-12 21:23 . 2011-05-12 21:23 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2011-04-27 14:52 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-04-27 14:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-04-27 14:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-04-27 14:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-04-27 14:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 12:02 . 2011-04-27 14:53 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-05-10 12:02 . 2011-04-27 14:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-05-10 11:59 . 2011-04-27 14:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-04-27 14:53 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-05-10 11:59 . 2011-04-27 14:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-07 05:33 . 2010-04-03 11:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-13 19:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
    .
    [7] 2008-04-13 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\ie8\mshtml.dll
    .
    [7] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
    .
    [7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [7] 2008-05-24 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\ie8\wininet.dll
    .
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [7] 2008-04-13 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
    .
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [7] 2008-04-13 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
    .
    [-] 2009-03-27 . F83D7C868B3D22FB33745D57CCC65684 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    [7] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
    .
    [7] 2008-04-13 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
    .
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
    [-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2008-05-24 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\ie8\iexplore.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar_FR\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-09 399736]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 16855552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-27 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-27 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-27 137752]
    "BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
    "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
    "HerculesCamService"="d:\hercules dualpix hd webcam\Camservice.exe" [2007-02-26 102400]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2009-03-08 128512]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler V3.exe [2010-11-14 225280]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bbox\\eSKernel.exe"=
    "c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Administrateur\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27216:TCP"= 27216:TCP:spport
    .
    R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [24/05/2008 03:37 210224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/04/2011 16:53 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/04/2011 16:53 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/04/2011 16:53 19544]
    R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [07/08/2010 19:44 275072]
    R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [07/08/2010 19:44 24192]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500Core.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500UA.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-06-01 c:\windows\Tasks\User_Feed_Synchronization-{341BD00F-A50B-4DF9-9E01-7C938F6F8E3E}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-03 04:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\zkalyan5.default\
    FF - prefs.js: browser.search.selectedEngine - google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-Softonic_France Toolbar - c:\program files\Softonic_France\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-01 23:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-583907252-602609370-842925246-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,6a,36,e8,26,2e,ae,45,a0,47,3c,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\cscui.dll
    .
    - - - - - - - > 'lsass.exe'(816)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\psbase.dll
    .
    Heure de fin: 2011-06-01 23:20:02
    ComboFix-quarantined-files.txt 2011-06-01 21:19
    ComboFix2.txt 2011-05-31 20:25
    .
    Avant-CF: 31 260 119 040 octets libres
    Après-CF: 31 243 333 632 octets libres
    .
    - - End Of File - - 69F46E1BC8FDD65082B1045E505900A1
    1 Juin 2011 23:36:26

    re, j'ai tenté de supprimer le programme utorrent tool bar mais je n'y parviens pas, "le fichier install.log n'a pas pu etre ouvert". :??: 
    2 Juin 2011 21:15:40

    Bonsoir
    on va le supprimer autrement...

    Copie (Ctrl+C) le texte ci-dessous :
    Folder::
    c:\program files\uTorrentBar_FR

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
    [-HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"=-
    [-HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"=-
    [-HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    ++++++++++++++++++****************


    Comment se comporte ton pc?
    2 Juin 2011 21:51:45

    bonsoir, mon pc fonctionne normalement, je n'ai toujours plus d'alertes et je ne suis plus redirigée quand je navigue. les mises à jours du pc sont à nouveau disponible :) 
    Je te poste le dernier rapport de combofix:

    ComboFix 11-06-01.04 - Administrateur 02/06/2011 21:35:39.3.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.271 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\uTorrentBar_FR
    c:\program files\uTorrentBar_FR\GottenAppsContextMenu.xml
    c:\program files\uTorrentBar_FR\OtherAppsContextMenu.xml
    c:\program files\uTorrentBar_FR\SharedAppsContextMenu.xml
    c:\program files\uTorrentBar_FR\tbuTor.dll
    c:\program files\uTorrentBar_FR\toolbar.cfg
    c:\program files\uTorrentBar_FR\ToolbarContextMenu.xml
    c:\program files\uTorrentBar_FR\UNWISE.EXE
    c:\program files\uTorrentBar_FR\UNWISE.INI
    c:\program files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-02 au 2011-06-02 ))))))))))))))))))))))))))))))))))))
    .
    .
    2011-05-30 19:37 . 2011-05-30 19:37 -------- d-----w- c:\program files\Ad-Remover
    2011-05-12 21:23 . 2011-05-12 21:23 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-10 12:10 . 2011-04-27 14:52 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2011-04-27 14:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:03 . 2011-04-27 14:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:03 . 2011-04-27 14:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2011-04-27 14:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 12:02 . 2011-04-27 14:53 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-05-10 12:02 . 2011-04-27 14:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-05-10 11:59 . 2011-04-27 14:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2011-04-27 14:53 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-05-10 11:59 . 2011-04-27 14:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-07 05:33 . 2010-04-03 11:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-13 19:33 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2008-04-13 19:33 . F380BAF603D512043E3CB479D4976F34 . 1553920 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
    .
    [7] 2008-04-13 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-13 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\mshtml.dll
    [-] 2009-03-08 . 4EFCA6ACDFEDE8A37BFDB5EB64715992 . 6097920 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\mshtml.dll
    [7] 2007-08-20 . D9481E937D5BE0B2D5DBCD87745E925A . 3592192 . . [7.00.6000.20661] . . c:\windows\ie8\mshtml.dll
    .
    [7] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
    .
    [7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll
    [-] 2009-03-08 . A1BB8A70F954ED3CDCCECA7CADD412B4 . 981504 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\wininet.dll
    [7] 2008-05-24 . 2DD1B0F579C80562EDCB8848FF7EA9F6 . 825344 . . [7.00.6000.20661] . . c:\windows\ie8\wininet.dll
    .
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [7] 2008-04-13 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
    [-] 2008-04-13 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
    .
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    [7] 2008-04-13 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
    [-] 2008-04-13 . FB9223687F4E8963F965D95492D04A48 . 282624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
    .
    [-] 2009-03-27 . F83D7C868B3D22FB33745D57CCC65684 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    [7] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
    .
    [7] 2008-04-13 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2008-04-13 . 6FDCB07680A163837CE0E0ABC3EB571E . 371712 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
    .
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
    [-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2008-05-24 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\ie8\iexplore.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-01_21.16.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-02 16:10 . 2011-06-02 16:10 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
    + 2011-05-10 12:50 . 2011-06-02 16:11 212124 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-09 399736]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-26 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 16855552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-27 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-27 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-27 137752]
    "BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
    "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
    "HerculesCamService"="d:\hercules dualpix hd webcam\Camservice.exe" [2007-02-26 102400]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]
    "nltide_3"="advpack.dll" [2009-03-08 128512]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    PowerReg Scheduler V3.exe [2010-11-14 225280]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bbox\\eSKernel.exe"=
    "c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Administrateur\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "27216:TCP"= 27216:TCP:spport
    .
    R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [24/05/2008 03:37 210224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/04/2011 16:53 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27/04/2011 16:53 307928]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/04/2011 16:53 19544]
    R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvid.sys [07/08/2010 19:44 275072]
    R3 camfilt;camfilt;c:\windows\system32\drivers\camfilt.sys [07/08/2010 19:44 24192]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 23:27 133104]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 21:26]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500Core.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602609370-842925246-500UA.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-16 12:56]
    .
    2011-06-02 c:\windows\Tasks\User_Feed_Synchronization-{341BD00F-A50B-4DF9-9E01-7C938F6F8E3E}.job
    - c:\windows\system32\msfeedssync.exe [2010-04-03 04:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\zkalyan5.default\
    FF - prefs.js: browser.search.selectedEngine - google
    FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
    FF - Ext: OpenBook: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce} - %profile%\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-uTorrentBar_FR Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 21:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-583907252-602609370-842925246-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,6a,36,e8,26,2e,ae,45,a0,47,3c,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,81,22,43,cb,e2,35,4b,8f,4d,dc,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(760)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\cscui.dll
    .
    - - - - - - - > 'lsass.exe'(816)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\psbase.dll
    .
    Heure de fin: 2011-06-02 21:47:44
    ComboFix-quarantined-files.txt 2011-06-02 19:47
    ComboFix2.txt 2011-06-01 21:20
    ComboFix3.txt 2011-05-31 20:25
    .
    Avant-CF: 31 088 697 344 octets libres
    Après-CF: 31 071 481 856 octets libres
    .
    - - End Of File - - AC350C65DBB1256A79525D61D5E5C0B3
    3 Juin 2011 09:52:51

    re bonjour, juste pour te préciser que ce matin au démarrage l'ordi semble relentit.... navigation lente. j'espère qu'il est juste un peu froid :) 
    3 Juin 2011 21:10:28

    Bonsoir

    Clique ICI pour lancer une ligne de scannner ESET.

    Impératif: pour ce scan utiliser Internet Explorer
    Coche Yes ,I accept the Terms of Use
    Clique sur Start
    Autorisez le contrôle ActiveX
    Clique sur Start
    Coche les options suivantes: Remove found threats et Scan archives
    Clique sur Start
    Attend la fin du scan
    Utilise le Bloc-notes pour ouvrir le rapport situé dans C:\Program Files\ESET\ESET online Scanner\log.txt
    Copie et colle ce rapport dans ta prochaine réponse.

    AIDE
    4 Juin 2011 14:44:07

    bonjour voici le rapport:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6522
    # api_version=3.0.2
    # EOSSerial=a245c98d80ec99499bf821c539b491f2
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-06-04 12:20:19
    # local_time=2011-06-04 02:20:19 (+0100, Europe de l'Ouest (heure d'été))
    # country="France"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=768 16777215 100 0 4055042 4055042 0 0
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 164 164 0 0
    # scanned=57129
    # found=3
    # cleaned=3
    # scan_time=5010
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\62cf1e40-7099a3c8 a variant of Java/Agent.BP trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\WINDOWS\Driver Cache\i386\Temp\wfdmgr.exe.vir Win32/TrojanDownloader.Autoit.NCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{E02B439F-711A-4DC9-B227-6AAB79CB650E}\RP381\A0197949.exe Win32/TrojanDownloader.Autoit.NCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    4 Juin 2011 18:39:43

    Bonsoir



    Supprime/Désinstalle tous les programmes utilisés pour la désinfection.
    (mais garde Malwarebytes' Anti-Malware pour faire des scan réguliers (en n'omettant pas de le mettre à jour)

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

    Clique ensuite sur "Valider votre message"

    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    +++
    4 Juin 2011 19:12:49

    bonsoir à toi. merci de ton aide et de tes conseils!!! je vais faire au mieux pour ne pas revenir tout de suite....... :) 
    :hello: 
    4 Juin 2011 19:21:23

    juste une dernière question, tu m'as dit de garder Malwarebytes' Anti-Malware mais je ne l'ai pas d'installé sur mon pc???
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS