Votre question

Impossible de fermeer FORM 1

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Février 2011 20:56:28

J'ai un logiciel qui s'ouvre en permanence sur mon ordi et qui s'appelle Form1. Je peux le voir uniquement lorsque j'ouvre le gestionnaire des taches et j'ai peur qu'il ne s'agisse d'un virus ou d'un logiciel malvaillant.
J'ai suivi la procédure que vous aviez recommandé à un autre internaute et j'ai obtenu ces résultats :



Scan de dds.scr :



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by M‚lanie at 15:10:55,15 on 14/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3836.2364 [GMT 1:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Mélanie\binternet.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mélanie\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://www.cherche.us
uSearch Page = hxxp://www.cherche.us
uSearch Bar = hxxp://www.cherche.us
uDefault_Search_URL = hxxp://www.cherche.us/keyword/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-04206471363191...{searchTerms}
mStart Page = hxxp://gooofullsearch.com/bar
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Audiosurf\tbhelper.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: TBSB07458 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Audiosurf\tbcore3.dll
TB: Free software Gooofull toolbar: {c86ff9fa-aeed-451b-a9cc-39a53173ae2e} - C:\Program Files (x86)\Audiosurf\tbcore3.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [binternet] C:\Users\Mélanie\binternet.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\MLANIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\MLANIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Mélanie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Mélanie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - C:\Program Files (x86)\Audiosurf\tbcore3.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-23 273488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-3-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-23 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-23 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-21 40384]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2010-7-6 21520]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-14 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-23 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-23 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2010-7-6 162832]
S3 MBX2DFU;MBX2DFU;C:\Windows\System32\drivers\mbx2dfu.sys [2010-7-6 31120]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2010-7-6 32400]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-23 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-02-14 12:10:21 703320 ----a-w- C:\Users\Mélanie\binternet.exe
2011-02-14 11:42:48 -------- d-----w- C:\Users\Mélanie\historique_ChatLand
2011-02-11 17:57:57 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9416D6D1-3A4D-45D9-8EFD-284767547289}\mpengine.dll
2011-02-10 18:25:47 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-10 18:24:59 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-10 18:24:58 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-10 18:24:50 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-02-10 18:24:49 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-02-10 18:24:49 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-02-10 18:24:49 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-02-10 18:24:48 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-02-10 18:24:42 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-10 18:24:42 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-10 18:24:42 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-10 18:24:42 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-04 23:42:25 84621672 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcAEE2.tmp

==================== Find3M ====================

2011-02-14 12:10:13 410 ----a-w- C:\Users\Mélanie\errorlog.tmp
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-19 11:10:14 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-11-29 16:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 15:11:48,89 ===============






Scan de combofix.exe :




ComboFix 11-02-13.03 - Mélanie 15/02/2011 19:28:49.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3836.2517 [GMT 1:00]
Lancé depuis: c:\users\Mélanie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-15 au 2011-02-15 ))))))))))))))))))))))))))))))))))))
.

2011-02-15 18:35 . 2011-02-15 18:35 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-02-15 18:35 . 2011-02-15 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 12:10 . 2011-02-14 12:10 703320 ----a-w- c:\users\Mélanie\binternet.exe
2011-02-14 11:42 . 2011-02-14 11:42 -------- d-----w- c:\users\Mélanie\historique_ChatLand
2011-02-11 17:57 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9416D6D1-3A4D-45D9-8EFD-284767547289}\mpengine.dll
2011-02-10 18:25 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 18:24 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 18:24 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-10 18:24 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 18:24 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 18:24 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-10 18:24 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-10 18:24 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-10 18:24 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 18:24 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-10 18:24 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 18:24 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-05 13:04 . 2011-02-05 13:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-04 23:42 . 2011-02-04 23:42 84621672 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcAEE2.tmp
2011-01-21 18:30 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 12:10 . 2011-02-14 12:10 703320 ----a-w- c:\users\Mélanie\binternet.exe
2011-02-14 12:10 . 2011-02-14 12:10 703320 ----a-w- c:\users\Mélanie\binternet.exe
2011-02-14 12:10 . 2010-12-23 21:56 410 ----a-w- c:\users\Mélanie\errorlog.tmp
2011-02-14 12:10 . 2010-12-23 21:56 410 ----a-w- c:\users\Mélanie\errorlog.tmp
2011-01-13 08:47 . 2010-07-23 17:31 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-07-23 17:31 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-07-23 17:32 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-23 17:31 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-23 17:32 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-23 17:31 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-23 17:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-19 11:10 . 2010-12-19 11:10 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-08 21:15 . 2010-12-08 21:15 15256 ----a-w- c:\users\Mélanie\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-12-08 21:15 . 2010-12-08 21:15 15256 ----a-w- c:\users\Mélanie\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-14_14.38.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-02-14 14:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-15 18:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-14 14:26 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 18:36 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-14 14:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-14 09:06 . 2011-02-14 14:39 45956 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-15 18:38 65490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-14 14:00 65490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-22 16:58 . 2011-02-15 18:38 16834 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2834091692-1236164325-3277144727-1000_UserData.bin
- 2010-03-23 00:18 . 2011-02-14 14:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-23 00:18 . 2011-02-15 18:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-23 00:18 . 2011-02-14 14:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-23 00:18 . 2011-02-15 18:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-14 14:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 18:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-28 17:09 . 2011-02-15 10:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-28 17:09 . 2011-02-14 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-28 17:09 . 2011-02-15 10:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-28 17:09 . 2011-02-14 14:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-28 17:09 . 2011-02-15 10:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-28 17:09 . 2011-02-14 14:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-22 16:56 . 2011-02-15 18:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-22 16:56 . 2011-02-14 14:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-24 22:01 . 2011-02-14 14:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-05-24 22:01 . 2011-02-15 18:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-05-22 16:56 . 2011-02-14 14:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-22 16:56 . 2011-02-15 18:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-14 10:02 . 2011-02-15 00:15 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-02-15 00:15 . 2011-02-15 00:15 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-02-14 11:24 . 2011-02-14 11:24 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-02-15 18:36 . 2011-02-15 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-14 14:26 . 2011-02-14 14:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-15 18:36 . 2011-02-15 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-14 14:26 . 2011-02-14 14:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-25 19:04 . 2011-02-15 18:20 333398 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-05-23 10:54 . 2011-02-15 17:17 353484 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2011-02-14 15:56 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-02-14 12:10 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-05-22 17:22 . 2011-02-15 18:35 626440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-02-14 14:25 363784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-15 18:35 363784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-23 00:03 . 2010-07-23 00:03 338432 c:\windows\Installer\21a64d0.msp
- 2009-11-14 10:02 . 2011-02-14 11:23 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-14 10:02 . 2011-02-15 00:15 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-04 03:13 . 2008-11-04 03:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL
- 2010-05-22 17:23 . 2011-02-14 14:25 1454056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2834091692-1236164325-3277144727-1000-8192.dat
+ 2010-05-22 17:23 . 2011-02-15 18:35 1454056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2834091692-1236164325-3277144727-1000-8192.dat
+ 2010-08-04 14:12 . 2010-08-04 14:12 1004544 c:\windows\Installer\21a64bd.msp
+ 2009-11-14 10:02 . 2011-02-15 00:15 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-14 10:02 . 2011-02-14 11:23 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-10-26 18:52 . 2006-10-26 18:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
- 2009-07-14 02:34 . 2011-02-14 14:11 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-02-15 10:42 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\Audiosurf\tbcore3.dll" [2010-06-18 2604032]

[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"binternet"="c:\users\Mélanie\binternet.exe" [2011-02-14 703320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2008-12-03 77824]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 524288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\users\M‚lanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-03 162832]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2008-12-03 31120]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-03 32400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-03 21520]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2011-02-15 c:\windows\Tasks\HPCeeScheduleForMélanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.cherche.us/keyword/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-04206471363191...{searchTerms}
mStart Page = hxxp://gooofullsearch.com/bar
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Mélanie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Mélanie\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\Audiosurf\tbcore3.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Heure de fin: 2011-02-15 19:44:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-15 18:44
ComboFix2.txt 2011-02-14 14:42

Avant-CF: 182 678 687 744 octets libres
Après-CF: 182 265 651 200 octets libres

- - End Of File - - AC0591956C5E98901CA7CB85E880167F




Malheureusement le logiciel est toujours là. Que dois-je faire?
Cordialement,
Mélanie

Autres pages sur : impossible fermeer form

a c 295 8 Sécurité
a b 9 Windows
18 Février 2011 21:10:18

Bonjour,

  • Désinstalle pdfforge Toolbar.

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Ferme toutes les applications en cours y compris le navigateur.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    19 Février 2011 15:06:32

    J'ai lancé le nettoyage et voilà le rapport:

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 16/02/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:45:21 le 19/02/2011, Mode normal

    Microsoft Windows 7 Édition Familiale Premium (X64)
    Mélanie@MÉLANIE-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC)

    ============== ACTION(S) ==============

    Service: "Application Updater" Stoppé et supprimé

    Fichier supprimé: C:\Users\Mélanie\binternet.exe
    Fichier supprimé: C:\Users\Mélanie\scriptjava.html
    Dossier supprimé: C:\Users\Mélanie\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files (x86)\Application Updater
    Dossier supprimé: C:\Users\Mélanie\AppData\LocalLow\pdfforge
    Dossier supprimé: C:\Program Files (x86)\pdfforge Toolbar
    Dossier supprimé: C:\Users\Mélanie\AppData\LocalLow\Search Settings
    Dossier supprimé: C:\Program Files (x86)\Common Files\Spigot
    Dossier supprimé: C:\Users\Mélanie\AppData\LocalLow\Toolbar4

    (!) -- Fichiers temporaires supprimés.


    Clé supprimée: HKLM\Software\Application Updater
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\pdfforge
    Clé supprimée: HKLM\Software\Search Settings
    Clé supprimée: HKCU\Software\PopCap
    Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge
    Clé supprimée: HKCU\Software\AppDataLow\Software\Search Settings
    Clé supprimée: HKLM\Software\Classes\Installer\Products\B6FDFB1B30C3ef645B7DABBB00368D0E
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}
    Clé supprimée: HKLM\Software\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
    Clé supprimée: HKLM\Software\Classes\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE}
    Clé supprimée: HKLM\Software\Classes\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D}
    Clé supprimée: HKLM\Software\Classes\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306}

    Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|binternet


    ============== SCAN ADDITIONNEL ==============

    **** Internet Explorer Version [8.0.7600.16385] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B} - "Google Customized Web Search" (hxxp://www.gooofullsearch.com/google?q={searchTerms}&cx=partner-pub-644651472115...)
    HKCU_Toolbar\WebBrowser|{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} (C:\Program Files (x86)\Audiosurf\tbcore3.dll)
    HKLM_Toolbar|{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} (C:\Program Files (x86)\Audiosurf\tbcore3.dll)
    HKLM_ElevationPolicy\545f8b57-dc18-4f16-b96c-6e832994ca0c - C:\Program Files (x86)\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (x)
    HKLM_ElevationPolicy\8b7c8e18-db2e-459d-8a06-3832e7f01f1c - C:\Program Files (x86)\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (x)
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
    HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\symerr.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{11AF66E1-6BDE-4AA0-A061-65188608936B} - C:\Program Files (x86)\Audiosurf\PlayerPlug.exe (?)
    HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Program Files (x86)\Audiosurf\TbHelper2.exe (?)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
    HKLM_ElevationPolicy\{973F1DA1-9BE8-49C1-A68D-EAA0D9847898} - C:\Program Files (x86)\Audiosurf\PropMgrAsync.exe (?)
    HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
    HKLM_ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595} - C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe (?)
    HKLM_Extensions\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - "Free software Gooofull toolbar" (C:\Program Files (x86)\Audiosurf\favicon.ico)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
    BHO\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - "TBSB07458 Class" (C:\Program Files (x86)\Audiosurf\tbcore3.dll)

    ========================================

    C:\Program Files (x86)\Ad-Remover\Quarantine: 135 Fichier(s)
    C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 19/02/2011 14:45:29 (5229 Octet(s))

    Fin à: 14:47:01, 19/02/2011

    ============== E.O.F ==============

    C'est bon?
    Contenus similaires
    26 Février 2011 11:47:39

    Voilà, j'ai lancé le scan avec Malewaresbyte et voici le rapport que j'ai obtenu :



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5878

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    26/02/2011 11:37:00
    mbam-log-2011-02-26 (11-37-00).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 419183
    Temps écoulé: 59 minute(s), 0 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Qoobox\quarantine\C\program files (x86)\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll.vir (PUP.Dealio) -> Not selected for removal.

    a c 295 8 Sécurité
    a b 9 Windows
    26 Février 2011 14:28:07

    Plus de souci ?
    1 Mars 2011 23:13:57

    Visiblement non, il ne se passe plus rien et FORM1 n'apparait pas dans le gestionnaire des tâches.
    C'est bon je suis débarassée?
    a c 295 8 Sécurité
    a b 9 Windows
    2 Mars 2011 10:09:32

    Pour finir :


    1/

  • Télécharge DelFix sur ton Bureau.
  • Clique droit sur DelFix et choisis Exécuter en tant qu'administrateur.
  • Clique sur le bouton Suppression.
  • Poste le rapport (C:\DelFixSuppr.txt).
  • Supprime DelFix.


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de supprimer les points de restauration.


    ==Prévention==

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    ;) 
    2 Mars 2011 20:22:56

    Rapport DELFIX :


    # DelFix v7.5 - Rapport créé le 02/03/2011 à 20:22
    # Mis à jour le 02/03/11 à 20h par Xplode
    # Système d'exploitation : Windows 7 Home Premium (64 bits) [version 6.1.7600]
    # Nom d'utilisateur : Mélanie - MÉLANIE-PC (Administrateur)
    # Exécuté depuis : C:\Users\Mélanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOCBU1MP\DelFix[1].exe
    # Option [Suppression]


    ~~~~~~ Dossier(s) ~~~~~~

    -> C:\Qoobox\BackEnv ... ACL modifié avec succès.
    Supprimé : C:\Qoobox

    ~~~~~~ Fichier(s) ~~~~~~

    Supprimé : C:\ComboFix.txt
    Supprimé : C:\Windows\grep.exe
    Supprimé : C:\Windows\PEV.exe
    Supprimé : C:\Windows\NIRCMD.exe
    Supprimé : C:\Windows\MBR.exe
    Supprimé : C:\Windows\sed.exe
    Supprimé : C:\Windows\SWREG.exe
    Supprimé : C:\Windows\SWSC.exe
    Supprimé : C:\Windows\SWXCACLS.exe
    Supprimé : C:\Windows\zip.exe
    Supprimé : C:\Users\Mélanie\Desktop\dds.scr
    Supprimé : C:\Users\Mélanie\Desktop\DDS.txt
    Supprimé : C:\Users\Mélanie\Desktop\ComboFix.exe

    ~~~~~~ Registre ~~~~~~

    Clé Supprimée : HKLM\Software\swearware
    Clé Supprimée : HKLM\Software\Classes\.cfxxe
    Clé Supprimée : HKLM\Software\Classes\cfxxefile
    Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

    ~~~~~~ Autre ~~~~~~

    -> Prefetch vidé

    ########## EOF - "C:\DelFixSuppr.txt" - [1391 octets] ##########
    a c 295 8 Sécurité
    a b 9 Windows
    2 Mars 2011 20:33:42

    Ok.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS