Votre question

[RESOLU] Probleme Pc Infectés

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Août 2010 11:26:02

Probleme , mon pc est infectés

Pc equipé de Windows XP

Rapport scan Malwarbyte :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4500

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/08/2010 11:13:31
mbam-log-2010-08-29 (11-13-31).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 164666
Temps écoulé: 12 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 80

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\idwbho2.idwbhocl (Adware.SpeedDownloader) -> No action taken.
HKEY_CLASSES_ROOT\idwbho2.idwbhocl.1 (Adware.SpeedDownloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c3b806c-c5da-4f6e-ba43-b1ff982f0a02} (Adware.SpeedDownloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84febff8-945b-4f9a-b9b8-b68ec5020770} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winxpservice (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
D:\Program Files\bfgtoolbar (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\NewCfg (Adware.OneToolBar) -> No action taken.
D:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
D:\Program Files\NetPumper (Adware.NetPumper) -> No action taken.
D:\Documents and Settings\PC\Menu Démarrer\Programmes\Spyware-Secure (Rogue.SpywareSecure) -> No action taken.

Fichier(s) infecté(s):
D:\Documents and Settings\PC\Local Settings\Application Data\aagqgko_navps.dat (Adware.Navipromo.H) -> No action taken.
D:\Documents and Settings\PC\Local Settings\Application Data\aagqgko_nav.dat (Adware.Navipromo.H) -> No action taken.
D:\Documents and Settings\PC\Local Settings\Application Data\aagqgko.dat (Adware.Navipromo.H) -> No action taken.
D:\Program Files\bfgtoolbar\install.ico (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\1.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\10.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\2.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\20off.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\3.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\4.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\5.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\6.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\7.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\8.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\9.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\a.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\action.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\atlantis.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\bfgtoolbartb0401.cfg (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\bfg_greetings.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\card.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\COMBOSEARCH.acs (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\ErrorLog.txt (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\fgh.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\ivillage.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\le.txt (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\logo.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\mahjong.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\mygames.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\mygamestoolbar.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\new.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\newgames.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\newgames3.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\nick.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\nickjr.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\puzzle.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\search.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\thelagoon.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\thereef.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\topten.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\topten2.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\topten3.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\topten4.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\topten5.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\webgames.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\word.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\bfgtoolbar\Cache\y.bmp (Adware.OneToolBar) -> No action taken.
D:\Program Files\InternetGameBox\Conditions générales.url (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\Confidentialité.url (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\InternetGameBox.url (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\Website.url (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv3_en.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv3_es.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\configv3_fr.xml (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
D:\Program Files\InternetGameBox\skins\skinv3.skn (Adware.EGDAccess) -> No action taken.
D:\Program Files\NetPumper\icon-uninstall.ico (Adware.NetPumper) -> No action taken.
D:\Documents and Settings\PC\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure trial.lnk (Rogue.SpywareSecure) -> No action taken.
D:\Documents and Settings\PC\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk (Rogue.SpywareSecure) -> No action taken.
D:\Documents and Settings\WIN\Favoris\Online Security Test.url (Rogue.Link) -> No action taken.
D:\tmp03sz.exe (Trojan.Dropper) -> No action taken.
D:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> No action taken.
D:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> No action taken.
D:\WINDOWS1\system32\eabigetkix_nav.dat (Adware.NaviPromo) -> No action taken.
D:\WINDOWS1\system32\eabigetkix_navps.dat (Adware.NaviPromo) -> No action taken.
D:\WINDOWS1\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
D:\WINDOWS1\system32\mcrh.tmp (Malware.Trace) -> No action taken.
D:\WINDOWS1\cookies.ini (Malware.Trace) -> No action taken.
D:\WINDOWS1\ctfmon.exe (Trojan.Agent) -> No action taken.
D:\WINDOWS1\Microsoft.exe (Trojan.Downloader) -> No action taken.

Autres pages sur : resolu probleme infectes

29 Août 2010 11:55:06

Oupsss desolé, tellement preoccupé que j'avais oublié l'essentiel Bonjour :) 
29 Août 2010 16:43:56

442067,1,694391 a dit :
Probleme , mon pc est infectés

Pc equipé de Windows XP

a dit :


:hello:  Bonjour,

D'aprés votre rapport, on ne peut pas dire que vous n'êtes pas infecté, c'est la totale.
Vous avez l'infection Vundo, l'infection Navipromo, l'infection de barres d'outils, ...
Je suis en formation d'helper et, conformément à la charte de formation, je n'ai pas le droit de désinfecter sur le forum donc attendez qu'un membre sécurité vous prenne en charge.

Bon courage.
Contenus similaires
29 Août 2010 18:47:45

bonjour
lis tes mp franqui :D 
Citation :
Je suis en formation d'helper

Pas sur SX :D 

++++++++++++++++++++++
snoop12
Citation :
HKEY_CLASSES_ROOT\idwbho2.idwbhocl (Adware.SpeedDownloader) -> No action taken.

relis ce tuto:
Aide :
  • Comment utiliser MBAM.

    Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection".

    puis

    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.





    29 Août 2010 21:16:12

    Merci pour vos reponse, je ferai sa au plus vite et posterai le rapport DDS (DDS.txt).

    Encore une petite chose, c'est quand meme etonnant que mon Kapersky pure ne ce declenche que maintenant ? non ?
    31 Août 2010 16:07:17

    Bonjour, donc comme prevu je vous post le rapport DDS , desolé du retard...


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by PC at 16:01:50,96 on 31/08/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.345 [GMT 2:00]

    AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    D:\WINDOWS1\system32\Ati2evxx.exe
    D:\WINDOWS1\system32\svchost -k DcomLaunch
    svchost.exe
    D:\WINDOWS1\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    D:\WINDOWS1\system32\spoolsv.exe
    D:\WINDOWS1\system32\Ati2evxx.exe
    D:\WINDOWS1\Explorer.EXE
    D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\WINDOWS1\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\WINDOWS1\system32\rundll32.exe
    D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    D:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    D:\Program Files\DivX\DivX Update\DivXUpdate.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\WINDOWS1\system32\ctfmon.exe
    D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    svchost.exe
    D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    D:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
    svchost.exe
    D:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    D:\WINDOWS1\system32\svchost.exe -k imgsvc
    D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
    D:\WINDOWS1\system32\wbem\wmiapsrv.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\aMSN\bin\wish.exe
    D:\WINDOWS1\system32\wscntfy.exe
    D:\Documents and Settings\PC\Mes documents\Téléchargements\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://aliceadsl.fr/
    uSearch Page = hxxp://www.durable.com/recherche
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%...{searchTerms}
    uDefault_Search_URL = hxxp://www.durable.com/recherche
    mSearch Page = hxxp://www.durable.com/recherche
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.durable.com/recherche
    uSearchURL,(Default) = hxxp://www.durable.com/recherche
    mSearchAssistant = hxxp://www.durable.com/recherche
    uURLSearchHooks: Jeux.fr Toolbar: {ee0aa284-e014-41ce-9a4f-fc3d045fb9dd} - d:\program files\jeux.fr\tbJeux.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    {0e623544-e89d-4a55-b942-a1893e7d9765}
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    {51304000-91fb-4cd4-8e6d-eabe1607c41b}
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    {71de36d9-4d71-4a48-83c0-80a86491d16f}
    BHO: {8419313A-122E-4A08-84E3-F0C7A35B1065} - No File
    {8b1049ef-2b3d-4f93-b267-375a8a69c288}
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
    BHO: {CBA0F1DC-D2E7-43A8-B59B-CBBBF5E49041} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - d:\program files\windows live\toolbar\wltcore.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    BHO: Jeux.fr Toolbar: {ee0aa284-e014-41ce-9a4f-fc3d045fb9dd} - d:\program files\jeux.fr\tbJeux.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - d:\program files\windows live\toolbar\wltcore.dll
    TB: Jeux.fr Toolbar: {ee0aa284-e014-41ce-9a4f-fc3d045fb9dd} - d:\program files\jeux.fr\tbJeux.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [swg] d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] d:\windows1\system32\ctfmon.exe
    uRun: [EPSON Stylus DX8400 Series] d:\windows1\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "d:\windows1\temp\E_S133.tmp" /EF "HKCU"
    uRun: [fsm]
    uRun: [LogitechSoftwareUpdate] "d:\program files\logitech\video\ManifestEngine.exe" boot
    uRunOnce: [Shockwave Updater] d:\windows1\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www7.jeux.com/jeux/jeux.php?VIDJeux=2174"
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [NeroFilterCheck] d:\windows1\system32\NeroCheck.exe
    mRun: [CamMonitor] d:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe
    mRun: [Share-to-Web Namespace Daemon] d:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [AliceSAV] d:\program files\techcity solutions\alicesav\AliceAgent.exe
    mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
    mRun: [LVCOMSX] d:\windows1\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] d:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] d:\program files\logitech\video\LogiTray.exe
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [SunJavaUpdateSched] "d:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [ISUSScheduler] "d:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "d:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVP] "d:\program files\kaspersky lab\kaspersky pure\avp.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ArcSoft Connection Service] d:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    dRun: [CTFMON.EXE] d:\windows1\system32\CTFMON.EXE
    dRun: [ALUAlert] d:\program files\symantec\liveupdate\ALUNotify.exe
    StartupFolder: d:\docume~1\pc\menudm~1\progra~1\dmarra~1\euroba~1.lnk - d:\program files\eurobarre\eb.exe
    StartupFolder: d:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~1\hppsc2~1.lnk - d:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
    StartupFolder: d:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~1\hpoddt~1.lnk - d:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: &Search - ?p=ZJxdm131YYFR
    IE: Ajouter à l'Anti-bannière - d:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
    IE: E&xporter vers Microsoft Excel - d:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
    DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: klogon - d:\windows1\system32\klogon.dll
    AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows1\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 d:\windows1\system32\xxyYPHBr

    ================= FIREFOX ===================

    FF - ProfilePath - d:\docume~1\pc\applic~1\mozilla\firefox\profiles\e4qyij7z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
    FF - plugin: d:\documents and settings\all users.windows1\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: d:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: d:\program files\microsoft\office live\npOLW.dll
    FF - plugin: d:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows1\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;d:\windows1\system32\drivers\CSCrySec.sys [2010-5-5 88632]
    R0 KLBG;Kaspersky Lab Boot Guard Driver;d:\windows1\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;d:\windows1\system32\drivers\CSVirtualDiskDrv.sys [2010-5-5 39352]
    R1 kl1;Kl1;d:\windows1\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;d:\windows1\system32\drivers\klif.sys [2010-5-5 315408]
    R2 AVP;Kaspersky PURE;d:\program files\kaspersky lab\kaspersky pure\avp.exe [2009-12-25 340456]
    R2 CSObjectsSrv;Service de gestion du système CryproStorage;d:\program files\fichiers communs\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\firebird\firebird_1_5\bin\fbguard.exe -s --> d:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]
    R2 fssfltr;FssFltr;d:\windows1\system32\drivers\fssfltr_tdi.sys [2009-4-27 54752]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\firebird\firebird_1_5\bin\fbserver.exe -s --> d:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows1\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows1\system32\drivers\klmouflt.sys [2009-10-2 19472]
    S2 gupdate1c9d25074b8a846;Service Google Update (gupdate1c9d25074b8a846);d:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]
    S3 APL531;OVT Scanner;d:\windows1\system32\drivers\ov550i.sys [2006-7-31 580992]
    S3 Boonty Games;Boonty Games;d:\program files\fichiers communs\boonty shared\service\Boonty.exe [2007-8-12 69120]
    S3 fsssvc;Service Windows Live Contrôle parental;d:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

    =============== Created Last 30 ================

    2010-08-29 08:47:19 0 d-----w- d:\docume~1\pc\applic~1\Malwarebytes
    2010-08-29 08:46:55 38224 ----a-w- d:\windows1\system32\drivers\mbamswissarmy.sys
    2010-08-29 08:46:53 0 d-----w- d:\docume~1\alluse~1.win\applic~1\Malwarebytes
    2010-08-29 08:46:52 20952 ----a-w- d:\windows1\system32\drivers\mbam.sys
    2010-08-29 08:46:52 0 d-----w- d:\program files\Malwarebytes' Anti-Malware
    2010-08-28 17:59:30 0 d-----w- d:\documents and settings\pc\amsn
    2010-08-28 17:41:37 0 d-----w- d:\program files\aMSN
    2010-08-28 10:54:00 0 d-----w- d:\docume~1\alluse~1.win\applic~1\My Games
    2010-08-18 09:41:50 0 d-----w- d:\program files\Mystère a Londres
    2010-08-05 08:30:52 0 d-----w- d:\docume~1\alluse~1.win\applic~1\ArcSoft
    2010-08-05 08:29:57 245408 ----a-w- d:\windows1\system32\unicows.dll
    2010-08-05 08:29:57 18688 ----a-w- d:\windows1\system32\drivers\afc.sys
    2010-08-05 08:29:07 0 d-----w- d:\program files\fichiers communs\ArcSoft
    2010-08-05 08:27:45 0 d-----w- d:\windows1\OvtCam
    2010-08-05 08:27:45 0 d-----w- d:\windows1\OVT
    2010-08-05 08:27:40 0 d-----w- d:\program files\OVT

    ==================== Find3M ====================

    2010-08-13 08:51:22 80856 ----a-w- d:\windows1\system32\perfc00C.dat
    2010-08-13 08:51:22 500814 ----a-w- d:\windows1\system32\perfh00C.dat
    2010-07-29 17:02:52 113933 ----a-w- d:\windows1\system32\drivers\klin.dat
    2010-07-29 17:02:51 97549 ----a-w- d:\windows1\system32\drivers\klick.dat
    2010-06-30 12:32:14 149504 ----a-w- d:\windows1\system32\schannel.dll
    2010-06-25 16:48:15 2653 ----a-w- d:\windows1\steam.exe
    2010-06-24 12:25:24 916480 ----a-w- d:\windows1\system32\wininet.dll
    2010-06-24 09:02:32 1852032 ----a-w- d:\windows1\system32\win32k.sys
    2010-06-17 14:03:10 80384 ----a-w- d:\windows1\system32\iccvid.dll
    2010-06-14 07:42:25 1172480 ----a-w- d:\windows1\system32\msxml3.dll
    2008-05-11 13:08:01 104576 --sha-w- d:\windows1\system32\AaHPpXyb.ini2
    2008-08-23 07:15:12 924 --sh--w- d:\windows1\system32\bsdimdqv.ini2
    2008-05-11 14:34:56 99632 --sha-w- d:\windows1\system32\hRCIknmp.ini2
    2008-05-17 17:47:36 608931 --sha-w- d:\windows1\system32\QAKjSvut.ini2
    2008-07-10 19:29:50 877 --sha-w- d:\windows1\system32\rBHPYyxx.ini2
    2008-05-16 20:51:38 675246 --sha-w- d:\windows1\system32\YyJRYJjl.ini2
    2008-09-24 10:11:52 32768 -csha-w- d:\windows1\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008092420080925\index.dat

    ============= FINISH: 16:03:13,15 ===============
    31 Août 2010 21:54:24

    re
    il en reste
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    1 Septembre 2010 18:30:26

    Salut, Voila le rapport de combofix

    ComboFix 10-08-31.03 - PC 01/09/2010 17:56:30.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.251 [GMT 2:00]
    Lancé depuis: d:\documents and settings\PC\Bureau\ComboFix.exe
    AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    D:\5696766.exe
    D:\60774436.exe
    D:\77088838.exe
    D:\7814265.exe
    D:\80039839.exe
    d:\documents and settings\PC\Application Data\Dossier de téléchargement Share-to-Web
    d:\program files\hottvplayer
    d:\program files\hottvplayer\hottv.ico
    d:\program files\hottvplayer\Ogg\ogg.dll
    d:\program files\hottvplayer\Ogg\ogg_demux.dll
    d:\program files\hottvplayer\Ogg\theora_decoder.dll
    d:\program files\hottvplayer\Ogg\vorbis.dll
    d:\program files\hottvplayer\Ogg\vorbis_decoder.dll
    d:\windows1\dmu.dll
    d:\windows1\MicrosoftUpdate.bat
    d:\windows1\pack.epk
    d:\windows1\remote.ini
    d:\windows1\root.reg
    d:\windows1\steam.exe
    d:\windows1\system32\AaHPpXyb.ini
    d:\windows1\system32\AaHPpXyb.ini2
    d:\windows1\system32\aqergmpl.ini
    d:\windows1\system32\aqvkipdc.ini
    d:\windows1\system32\bjqenble.ini
    d:\windows1\system32\broqkqej.ini
    d:\windows1\system32\bsdimdqv.ini
    d:\windows1\system32\bsdimdqv.ini2
    d:\windows1\system32\bsdimdqv.tmp
    d:\windows1\system32\cqnadfak.ini
    d:\windows1\system32\cudpinrs.ini
    d:\windows1\system32\cumtqsml.ini
    d:\windows1\system32\dktansui.ini
    d:\windows1\system32\fvnmebsu.ini
    d:\windows1\system32\fxwkheod.ini
    d:\windows1\system32\gdaccnrw.ini
    d:\windows1\system32\hRCIknmp.ini
    d:\windows1\system32\hRCIknmp.ini2
    d:\windows1\system32\husvimsf.ini
    d:\windows1\system32\ihwnfojo.ini
    d:\windows1\system32\jdcbnvws.ini
    d:\windows1\system32\jmgqluqc.ini
    d:\windows1\system32\kkjevnwu.ini
    d:\windows1\system32\ljcqaeex.ini
    d:\windows1\system32\lqwgilgy.ini
    d:\windows1\system32\ltbsothu.ini
    d:\windows1\system32\mcppondq.ini
    d:\windows1\system32\mgtsplea.ini
    d:\windows1\system32\njuqwsmm.ini
    d:\windows1\system32\nrnagxoe.ini
    d:\windows1\system32\pbpigpkh.ini
    d:\windows1\system32\pgomtdfv.ini
    d:\windows1\system32\QAKjSvut.ini
    d:\windows1\system32\QAKjSvut.ini2
    d:\windows1\system32\qaxbmhhx.ini
    d:\windows1\system32\qnmikwyg.ini
    d:\windows1\system32\rBHPYyxx.ini
    d:\windows1\system32\rBHPYyxx.ini2
    d:\windows1\system32\scrrnfr.dll
    d:\windows1\system32\shnbaggo.ini
    d:\windows1\system32\tdohrbia.ini
    d:\windows1\system32\tgtofgeo.ini
    d:\windows1\system32\tjxboudu.ini
    d:\windows1\system32\tuvmephn.ini
    d:\windows1\system32\umgkbyqr.ini
    d:\windows1\system32\vmeyvxlo.ini
    d:\windows1\system32\wfpmxwhm.ini
    d:\windows1\system32\wokpstvf.ini
    d:\windows1\system32\wrgcbbxk.ini
    d:\windows1\system32\xcpdylbv.ini
    d:\windows1\system32\yfqiolys.ini
    d:\windows1\system32\ymfdkgcu.ini
    d:\windows1\system32\yuhnwrbv.ini
    d:\windows1\system32\YyJRYJjl.ini
    d:\windows1\system32\YyJRYJjl.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-01 au 2010-09-01 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-01 16:12 . 2010-09-01 16:12 -------- d-----w- d:\documents and settings\PC\Application Data\Dossier de téléchargement Share-to-Web
    2010-09-01 16:12 . 2010-09-01 16:12 -------- d-----w- d:\documents and settings\PC\Application Data\Dossier de téléchargement Share-to-Web
    2010-08-29 08:47 . 2010-08-29 08:47 -------- d-----w- d:\documents and settings\PC\Application Data\Malwarebytes
    2010-08-29 08:46 . 2010-04-29 13:39 38224 ----a-w- d:\windows1\system32\drivers\mbamswissarmy.sys
    2010-08-29 08:46 . 2010-08-29 08:46 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\Malwarebytes
    2010-08-29 08:46 . 2010-08-29 08:47 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2010-08-29 08:46 . 2010-04-29 13:39 20952 ----a-w- d:\windows1\system32\drivers\mbam.sys
    2010-08-28 17:59 . 2010-08-28 18:07 -------- d-----w- d:\documents and settings\PC\amsn
    2010-08-28 17:41 . 2010-08-28 17:46 -------- d-----w- d:\program files\aMSN
    2010-08-28 10:54 . 2010-08-28 10:54 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\My Games
    2010-08-18 09:41 . 2010-08-18 09:42 -------- d-----w- d:\program files\Mystère a Londres
    2010-08-16 15:46 . 2010-08-16 15:46 -------- d-----w- d:\documents and settings\LocalService.AUTORITE NT\Application Data\McAfee
    2010-08-14 13:57 . 2010-08-14 13:57 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\McAfee
    2010-08-05 08:30 . 2010-08-05 08:30 -------- d-----w- d:\documents and settings\PC\Local Settings\Application Data\ArcSoft
    2010-08-05 08:30 . 2010-08-05 08:31 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\ArcSoft
    2010-08-05 08:29 . 2006-11-10 13:05 18688 ----a-w- d:\windows1\system32\drivers\afc.sys
    2010-08-05 08:29 . 2005-04-27 14:36 245408 ----a-w- d:\windows1\system32\unicows.dll
    2010-08-05 08:29 . 2010-08-05 08:30 -------- d-----w- d:\program files\Fichiers communs\ArcSoft
    2010-08-05 08:28 . 2010-08-05 12:28 -------- d-----w- d:\documents and settings\PC\Application Data\ArcSoft
    2010-08-05 08:27 . 2010-08-05 08:27 -------- d-----w- d:\windows1\OvtCam
    2010-08-05 08:27 . 2010-08-05 08:27 -------- d-----w- d:\windows1\OVT
    2010-08-05 08:27 . 2010-08-05 08:27 -------- d-----w- d:\program files\OVT

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-01 16:13 . 2008-07-10 15:44 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\Kaspersky Lab
    2010-08-31 17:26 . 2007-08-10 17:28 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\Google Updater
    2010-08-28 09:32 . 2010-05-20 09:38 -------- d-----w- d:\program files\eMule
    2010-08-27 07:04 . 2010-06-17 05:54 57344 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-27 07:04 . 2010-08-27 07:04 56765 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-27 07:04 . 2010-06-17 05:48 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX
    2010-08-27 07:03 . 2008-12-22 17:01 -------- d-----w- d:\program files\DivX
    2010-08-27 07:03 . 2010-08-27 07:03 56997 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-08-27 07:03 . 2010-08-27 07:03 53600 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Update\Uninstaller.exe
    2010-08-27 07:03 . 2010-08-27 07:03 57691 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Player\Uninstaller.exe
    2010-08-27 07:02 . 2010-08-27 07:02 84063 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-08-27 07:02 . 2010-08-27 07:02 54153 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-08-27 06:59 . 2010-08-27 07:04 185640 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Setup\finishPlugin.dll
    2010-08-27 06:59 . 2010-08-27 06:59 144696 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-27 06:59 . 2010-06-17 05:54 1062184 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Setup\Resource.dll
    2010-08-27 06:59 . 2010-06-17 05:54 850200 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Setup\DivXSetup.exe
    2010-08-25 12:16 . 2008-03-31 14:24 -------- d---a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\TEMP
    2010-08-13 08:51 . 2004-08-05 12:00 80856 ----a-w- d:\windows1\system32\perfc00C.dat
    2010-08-13 08:51 . 2004-08-05 12:00 500814 ----a-w- d:\windows1\system32\perfh00C.dat
    2010-08-08 11:50 . 2010-08-08 11:50 503808 ----a-w- d:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\msvcp71.dll
    2010-08-08 11:50 . 2010-08-08 11:50 499712 ----a-w- d:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\jmc.dll
    2010-08-08 11:50 . 2010-08-08 11:50 348160 ----a-w- d:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\msvcr71.dll
    2010-08-08 11:50 . 2010-08-08 11:50 61440 ----a-w- d:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c9da226-n\decora-sse.dll
    2010-08-08 11:50 . 2010-08-08 11:50 12800 ----a-w- d:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c9da226-n\decora-d3d.dll
    2010-08-06 08:22 . 2006-07-03 13:45 -------- d--h--w- d:\program files\InstallShield Installation Information
    2010-08-05 15:15 . 2006-10-18 15:46 -------- d-----w- d:\program files\Micro Application
    2010-08-05 15:07 . 2006-08-08 06:51 -------- d-----w- d:\program files\Gamenext
    2010-08-05 15:06 . 2006-07-15 11:09 -------- d-----w- d:\program files\Zylom Games
    2010-08-05 08:29 . 2006-07-03 12:56 -------- d-----w- d:\program files\ArcSoft
    2010-08-03 13:56 . 2007-08-18 16:41 -------- d-----w- d:\documents and settings\All Users.WINDOWS1\Application Data\JollyBear
    2010-07-29 17:02 . 2010-05-05 08:14 113933 ----a-w- d:\windows1\system32\drivers\klin.dat
    2010-07-29 17:02 . 2010-05-05 08:14 97549 ----a-w- d:\windows1\system32\drivers\klick.dat
    2010-07-17 16:34 . 2008-12-22 17:07 -------- d-----w- d:\documents and settings\PC\Application Data\DivX
    2010-07-07 17:30 . 2010-07-07 17:30 -------- d-----w- d:\documents and settings\PC\Application Data\Azuaz Games
    2010-07-04 06:30 . 2006-07-08 08:55 -------- d-----w- d:\program files\Google
    2010-06-30 12:32 . 2004-08-05 12:00 149504 ----a-w- d:\windows1\system32\schannel.dll
    2010-06-25 16:53 . 2010-06-25 16:53 119 ----a-w- d:\windows1\e3.reg
    2010-06-24 12:25 . 2004-08-05 12:00 916480 ----a-w- d:\windows1\system32\wininet.dll
    2010-06-24 09:02 . 2004-08-05 12:00 1852032 ----a-w- d:\windows1\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-05 12:00 354304 ----a-w- d:\windows1\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-05 12:00 80384 ----a-w- d:\windows1\system32\iccvid.dll
    2010-06-17 05:53 . 2010-06-17 05:53 57054 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 54166 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 57532 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 56458 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 54174 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 54128 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Converter\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 54644 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 54101 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 57409 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-06-17 05:52 . 2010-06-17 05:52 52963 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-17 05:51 . 2010-06-17 05:51 54073 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-06-17 05:51 . 2010-06-17 05:51 56969 ----a-w- d:\documents and settings\All Users.WINDOWS1\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-06-17 05:48 . 2010-06-05 14:14 83 ----a-w- d:\windows1\system2.bat
    2010-06-14 14:31 . 2007-08-02 08:01 744448 ----a-w- d:\windows1\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:42 . 2004-08-05 12:00 1172480 ----a-w- d:\windows1\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}"= "d:\program files\Jeux.fr\tbJeux.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]
    2009-11-09 17:38 2331672 ----a-w- d:\program files\Jeux.fr\tbJeux.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}"= "d:\program files\Jeux.fr\tbJeux.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EE0AA284-E014-41CE-9A4F-FC3D045FB9DD}"= "d:\program files\Jeux.fr\tbJeux.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2009-12-25 14:42 129552 ----a-w- d:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "LogitechSoftwareUpdate"="d:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]
    "NeroFilterCheck"="d:\windows1\system32\NeroCheck.exe" [2001-07-09 155648]
    "CamMonitor"="d:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
    "Share-to-Web Namespace Daemon"="d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "AliceSAV"="d:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408]
    "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-01-14 98304]
    "LVCOMSX"="d:\windows1\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="d:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="d:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "SunJavaUpdateSched"="d:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ISUSScheduler"="d:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="d:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "AVP"="d:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
    "ArcSoft Connection Service"="d:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows1\system32\CTFMON.EXE" [2008-04-14 15360]

    d:\documents and settings\All Users.WINDOWS1\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 2000 Series.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
    hpoddt01.exe.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;d:\windows1\system32\drivers\CSCrySec.sys [05/05/2010 10:14 88632]
    R0 KLBG;Kaspersky Lab Boot Guard Driver;d:\windows1\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;d:\windows1\system32\drivers\CSVirtualDiskDrv.sys [05/05/2010 10:14 39352]
    R2 CSObjectsSrv;Service de gestion du système CryproStorage;d:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> d:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> d:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows1\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows1\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
    S2 gupdate1c9d25074b8a846;Service Google Update (gupdate1c9d25074b8a846);d:\program files\Google\Update\GoogleUpdate.exe [11/05/2009 17:52 133104]
    S3 APL531;OVT Scanner;d:\windows1\system32\drivers\ov550i.sys [31/07/2006 07:44 580992]
    .
    Contenu du dossier 'Tâches planifiées'

    2007-09-25 d:\windows1\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8188147927.job
    - d:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

    2008-03-03 d:\windows1\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8190895678.job
    - d:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

    2010-09-01 d:\windows1\Tasks\Google Software Updater.job
    - d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-10 07:49]

    2010-09-01 d:\windows1\Tasks\GoogleUpdateTaskMachineCore.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 15:51]

    2010-09-01 d:\windows1\Tasks\GoogleUpdateTaskMachineUA.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 15:51]

    2010-09-01 d:\windows1\Tasks\User_Feed_Synchronization-{26E27445-6018-4134-B97B-ECBA04A95D2A}.job
    - d:\windows1\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://aliceadsl.fr/
    uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%...{searchTerms}
    uDefault_Search_URL = hxxp://www.durable.com/recherche
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.durable.com/recherche
    uSearchURL,(Default) = hxxp://www.durable.com/recherche
    IE: Ajouter à l'Anti-bannière - d:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
    IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
    DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - d:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\e4qyij7z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
    FF - plugin: d:\documents and settings\All Users.WINDOWS1\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0E623544-E89D-4A55-B942-A1893E7D9765} - (no file)
    BHO-{51304000-91FB-4CD4-8E6D-EABE1607C41B} - (no file)
    BHO-{71DE36D9-4D71-4A48-83C0-80A86491D16F} - (no file)
    BHO-{8419313A-122E-4A08-84E3-F0C7A35B1065} - (no file)
    BHO-{8B1049EF-2B3D-4F93-B267-375A8A69C288} - (no file)
    BHO-{CBA0F1DC-D2E7-43A8-B59B-CBBBF5E49041} - (no file)
    Toolbar-SITEguard - (no file)
    HKCU-Run-fsm - (no file)
    HKU-Default-Run-ALUAlert - d:\program files\Symantec\LiveUpdate\ALUNotify.exe
    Notify-wvUnNedc - (no file)
    AddRemove-OVT Scanner - d:\windows1\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-01 18:14
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AliceSAV = d:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1417001333-117609710-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:f7,34,57,8e,ec,67,d2,41,d9,c4,70,e2,86,49,ec,f3,96,e9,2f,b1,e1,
    1a,fd,b6,00,f7,6a,c2,39,8b,04,cd,7c,ef,5d,f8,63,0f,3d,79,5f,a2,58,66,22,9a,\
    "rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@d:\\WINDOWS1\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="d:\\WINDOWS1\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="D?\\WINDOWS1\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(888)
    d:\windows1\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1760)
    d:\windows1\system32\eappprxy.dll
    d:\windows1\system32\webcheck.dll
    d:\windows1\system32\WPDShServiceObj.dll
    d:\windows1\system32\PortableDeviceTypes.dll
    d:\windows1\system32\PortableDeviceApi.dll
    d:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    d:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    .
    ------------------------ Autres processus actifs ------------------------
    .
    d:\windows1\system32\Ati2evxx.exe
    d:\windows1\system32\Ati2evxx.exe
    d:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    d:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
    d:\program files\Java\jre6\bin\jqs.exe
    d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    d:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    d:\windows1\system32\rundll32.exe
    d:\program files\Logitech\Video\FxSvr2.exe
    d:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
    d:\windows1\system32\wbem\wmiapsrv.exe
    d:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-01 18:25:05 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-01 16:24

    Avant-CF: 53 824 929 792 octets libres
    Après-CF: 54 028 681 216 octets libres

    - - End Of File - - 971576CAD96B8EF8B4F8B41967AFB348
    1 Septembre 2010 21:42:43

    Bonsoir
    Copie (Ctrl+C) le texte ci-dessous :
    File::
    d:\windows1\e3.reg
    d:\windows1\system2.bat


    Folder::
    d:\program files\Jeux.fr

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}"=-
    [-HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}"=-
    [-HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EE0AA284-E014-41CE-9A4F-FC3D045FB9DD}"=-
    [-HKEY_CLASSES_ROOT\clsid\{ee0aa284-e014-41ce-9a4f-fc3d045fb9dd}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    2 Septembre 2010 14:11:24

    Salut, voici le rapport :

    ComboFix 10-09-01.03 - PC 02/09/2010 13:36:14.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.314 [GMT 2:00]
    Lancé depuis: D:\Documents and Settings\PC\Bureau\ComboFix.exe
    Commutateurs utilisés :: D:\Documents and Settings\PC\Bureau\CFScript.txt
    AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FILE ::
    "d:\windows1\e3.reg"
    "d:\windows1\system2.bat"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\program files\Jeux.fr
    d:\program files\Jeux.fr\spill_fr.ico
    d:\program files\Jeux.fr\tbJeux.dll
    d:\windows1\e3.reg
    d:\windows1\system2.bat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-02 au 2010-09-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-01 16:12:57 . 2010-09-01 16:12:57 -------- d-----w- D:\Documents and Settings\PC\Application Data\Dossier de téléchargement Share-to-Web
    2010-09-01 16:12:57 . 2010-09-01 16:12:57 -------- d-----w- D:\Documents and Settings\PC\Application Data\Dossier de téléchargement Share-to-Web
    2010-08-29 08:47:19 . 2010-08-29 08:47:19 -------- d-----w- D:\Documents and Settings\PC\Application Data\Malwarebytes
    2010-08-29 08:46:55 . 2010-04-29 13:39:38 38224 ----a-w- D:\WINDOWS1\system32\drivers\mbamswissarmy.sys
    2010-08-29 08:46:53 . 2010-08-29 08:46:53 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\Malwarebytes
    2010-08-29 08:46:52 . 2010-08-29 08:47:08 -------- d-----w- D:\Program Files\Malwarebytes' Anti-Malware
    2010-08-29 08:46:52 . 2010-04-29 13:39:26 20952 ----a-w- D:\WINDOWS1\system32\drivers\mbam.sys
    2010-08-28 17:59:30 . 2010-09-01 16:32:41 -------- d-----w- D:\Documents and Settings\PC\amsn
    2010-08-28 17:41:37 . 2010-08-28 17:46:39 -------- d-----w- D:\Program Files\aMSN
    2010-08-28 10:54:00 . 2010-08-28 10:54:00 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\My Games
    2010-08-18 09:41:50 . 2010-08-18 09:42:07 -------- d-----w- D:\Program Files\Mystère a Londres
    2010-08-16 15:46:15 . 2010-08-16 15:46:15 -------- d-----w- D:\Documents and Settings\LocalService.AUTORITE NT\Application Data\McAfee
    2010-08-14 13:57:34 . 2010-08-14 13:57:34 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\McAfee
    2010-08-05 08:30:59 . 2010-08-05 08:30:59 -------- d-----w- D:\Documents and Settings\PC\Local Settings\Application Data\ArcSoft
    2010-08-05 08:30:52 . 2010-08-05 08:31:05 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\ArcSoft
    2010-08-05 08:29:57 . 2006-11-10 13:05:00 18688 ----a-w- D:\WINDOWS1\system32\drivers\afc.sys
    2010-08-05 08:29:57 . 2005-04-27 14:36:00 245408 ----a-w- D:\WINDOWS1\system32\unicows.dll
    2010-08-05 08:29:07 . 2010-08-05 08:30:02 -------- d-----w- D:\Program Files\Fichiers communs\ArcSoft
    2010-08-05 08:28:23 . 2010-08-05 12:28:16 -------- d-----w- D:\Documents and Settings\PC\Application Data\ArcSoft
    2010-08-05 08:27:45 . 2010-08-05 08:27:46 -------- d-----w- D:\WINDOWS1\OvtCam
    2010-08-05 08:27:45 . 2010-08-05 08:27:45 -------- d-----w- D:\WINDOWS1\OVT
    2010-08-05 08:27:40 . 2010-08-05 08:27:40 -------- d-----w- D:\Program Files\OVT

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-02 06:52:54 . 2008-07-10 15:44:46 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\Kaspersky Lab
    2010-09-01 18:27:19 . 2007-08-10 17:28:27 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\Google Updater
    2010-08-28 09:32:27 . 2010-05-20 09:38:53 -------- d-----w- D:\Program Files\eMule
    2010-08-27 07:04:12 . 2010-06-17 05:54:53 57344 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-27 07:04:00 . 2010-08-27 07:04:00 56765 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-27 07:04:00 . 2010-06-17 05:48:29 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX
    2010-08-27 07:03:59 . 2008-12-22 17:01:19 -------- d-----w- D:\Program Files\DivX
    2010-08-27 07:03:57 . 2010-08-27 07:03:57 56997 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-08-27 07:03:47 . 2010-08-27 07:03:47 53600 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Update\Uninstaller.exe
    2010-08-27 07:03:41 . 2010-08-27 07:03:41 57691 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Player\Uninstaller.exe
    2010-08-27 07:02:48 . 2010-08-27 07:02:48 84063 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-08-27 07:02:34 . 2010-08-27 07:02:34 54153 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-08-27 06:59:40 . 2010-08-27 07:04:03 185640 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Setup\finishPlugin.dll
    2010-08-27 06:59:36 . 2010-08-27 06:59:35 144696 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-27 06:59:34 . 2010-06-17 05:54:24 1062184 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Setup\Resource.dll
    2010-08-27 06:59:27 . 2010-06-17 05:54:24 850200 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Setup\DivXSetup.exe
    2010-08-25 12:16:07 . 2008-03-31 14:24:58 -------- d---a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\TEMP
    2010-08-13 08:51:22 . 2004-08-05 12:00:00 80856 ----a-w- D:\WINDOWS1\system32\perfc00C.dat
    2010-08-13 08:51:22 . 2004-08-05 12:00:00 500814 ----a-w- D:\WINDOWS1\system32\perfh00C.dat
    2010-08-08 11:50:38 . 2010-08-08 11:50:38 503808 ----a-w- D:\Documents and Settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\msvcp71.dll
    2010-08-08 11:50:38 . 2010-08-08 11:50:38 499712 ----a-w- D:\Documents and Settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\jmc.dll
    2010-08-08 11:50:38 . 2010-08-08 11:50:38 348160 ----a-w- D:\Documents and Settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6495ff68-n\msvcr71.dll
    2010-08-08 11:50:37 . 2010-08-08 11:50:37 61440 ----a-w- D:\Documents and Settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c9da226-n\decora-sse.dll
    2010-08-08 11:50:37 . 2010-08-08 11:50:37 12800 ----a-w- D:\Documents and Settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4c9da226-n\decora-d3d.dll
    2010-08-06 08:22:08 . 2006-07-03 13:45:49 -------- d--h--w- D:\Program Files\InstallShield Installation Information
    2010-08-05 15:15:38 . 2006-10-18 15:46:40 -------- d-----w- D:\Program Files\Micro Application
    2010-08-05 15:07:19 . 2006-08-08 06:51:05 -------- d-----w- D:\Program Files\Gamenext
    2010-08-05 15:06:44 . 2006-07-15 11:09:47 -------- d-----w- D:\Program Files\Zylom Games
    2010-08-05 08:29:07 . 2006-07-03 12:56:07 -------- d-----w- D:\Program Files\ArcSoft
    2010-08-03 13:56:48 . 2007-08-18 16:41:13 -------- d-----w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\JollyBear
    2010-07-29 17:02:52 . 2010-05-05 08:14:56 113933 ----a-w- D:\WINDOWS1\system32\drivers\klin.dat
    2010-07-29 17:02:51 . 2010-05-05 08:14:56 97549 ----a-w- D:\WINDOWS1\system32\drivers\klick.dat
    2010-07-17 16:34:24 . 2008-12-22 17:07:11 -------- d-----w- D:\Documents and Settings\PC\Application Data\DivX
    2010-07-07 17:30:26 . 2010-07-07 17:30:26 -------- d-----w- D:\Documents and Settings\PC\Application Data\Azuaz Games
    2010-06-30 12:32:14 . 2004-08-05 12:00:00 149504 ----a-w- D:\WINDOWS1\system32\schannel.dll
    2010-06-24 12:25:24 . 2004-08-05 12:00:00 916480 ----a-w- D:\WINDOWS1\system32\wininet.dll
    2010-06-24 09:02:32 . 2004-08-05 12:00:00 1852032 ----a-w- D:\WINDOWS1\system32\win32k.sys
    2010-06-21 15:27:11 . 2004-08-05 12:00:00 354304 ----a-w- D:\WINDOWS1\system32\drivers\srv.sys
    2010-06-17 14:03:10 . 2004-08-05 12:00:00 80384 ----a-w- D:\WINDOWS1\system32\iccvid.dll
    2010-06-17 05:53:00 . 2010-06-17 05:53:00 57054 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-06-17 05:52:58 . 2010-06-17 05:52:58 54166 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-17 05:52:56 . 2010-06-17 05:52:56 57532 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-17 05:52:53 . 2010-06-17 05:52:53 56458 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-06-17 05:52:52 . 2010-06-17 05:52:52 54174 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-06-17 05:52:47 . 2010-06-17 05:52:47 54128 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Converter\Uninstaller.exe
    2010-06-17 05:52:45 . 2010-06-17 05:52:45 54644 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-06-17 05:52:32 . 2010-06-17 05:52:32 54101 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-06-17 05:52:31 . 2010-06-17 05:52:31 57409 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-06-17 05:52:29 . 2010-06-17 05:52:29 52963 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-06-17 05:51:42 . 2010-06-17 05:51:42 54073 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-06-17 05:51:23 . 2010-06-17 05:51:23 56969 ----a-w- D:\Documents and Settings\All Users.WINDOWS1\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-06-14 14:31:20 . 2007-08-02 08:01:34 744448 ----a-w- D:\WINDOWS1\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:42:25 . 2004-08-05 12:00:00 1172480 ----a-w- D:\WINDOWS1\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2009-12-25 14:42:58 129552 ----a-w- D:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 17:28:30 68856]
    "SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 09:43:40 2097488]
    "LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44:14 196608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 01:35:38 50176]
    "NeroFilterCheck"="D:\WINDOWS1\system32\NeroCheck.exe" [2001-07-09 08:50:42 155648]
    "CamMonitor"="D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 22:23:20 90112]
    "Share-to-Web Namespace Daemon"="D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 08:42:56 69632]
    "AliceSAV"="D:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 16:57:42 81408]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2009-01-14 11:16:40 98304]
    "LVCOMSX"="D:\WINDOWS1\system32\LVCOMSX.EXE" [2005-07-19 16:32:18 221184]
    "LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24:32 458752]
    "LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14:44 217088]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:34:30 110592]
    "SunJavaUpdateSched"="D:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 09:43:18 248040]
    "ISUSScheduler"="D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 04:03:38 81920]
    "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
    "Adobe ARM"="D:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]
    "AVP"="D:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 14:43:40 340456]
    "ArcSoft Connection Service"="D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 09:19:26 207360]
    "DivXUpdate"="D:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 19:45:26 1164584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS1\system32\CTFMON.EXE" [2008-04-14 02:33:59 15360]

    D:\Documents and Settings\All Users.WINDOWS1\Menu D‚marrer\Programmes\D‚marrage\
    hp psc 2000 Series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
    hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;D:\WINDOWS1\system32\drivers\CSCrySec.sys [05/05/2010 10:14:01 88632]
    R0 KLBG;Kaspersky Lab Boot Guard Driver;D:\WINDOWS1\system32\drivers\klbg.sys [14/10/2009 20:18:34 36880]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;D:\WINDOWS1\system32\drivers\CSVirtualDiskDrv.sys [05/05/2010 10:14:06 39352]
    R2 CSObjectsSrv;Service de gestion du système CryproStorage;D:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34:38 743992]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> D:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> D:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS1\system32\drivers\klim5.sys [14/09/2009 13:42:46 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;D:\WINDOWS1\system32\drivers\klmouflt.sys [02/10/2009 18:39:44 19472]
    S2 gupdate1c9d25074b8a846;Service Google Update (gupdate1c9d25074b8a846);D:\Program Files\Google\Update\GoogleUpdate.exe [11/05/2009 17:52:09 133104]
    S3 APL531;OVT Scanner;D:\WINDOWS1\system32\drivers\ov550i.sys [31/07/2006 07:44:00 580992]
    .
    Contenu du dossier 'Tâches planifiées'

    2007-09-25 D:\WINDOWS1\Tasks\FRU Task 2003-04-06 08:52:06ewlett-Packard2003-04-06 08:52:06p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8188147927.job
    - D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52:08 . 2003-04-05 22:52:08]

    2008-03-03 D:\WINDOWS1\Tasks\FRU Task 2003-04-06 08:52:06ewlett-Packard2003-04-06 08:52:06p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8190895678.job
    - D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52:08 . 2003-04-05 22:52:08]

    2010-09-02 D:\WINDOWS1\Tasks\Google Software Updater.job
    - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-10 17:19:42 . 2009-03-23 07:49:50]

    2010-09-02 D:\WINDOWS1\Tasks\GoogleUpdateTaskMachineCore.job
    - D:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 15:52:09 . 2009-05-11 15:51:54]

    2010-09-02 D:\WINDOWS1\Tasks\GoogleUpdateTaskMachineUA.job
    - D:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-11 15:52:09 . 2009-05-11 15:51:54]

    2010-09-02 D:\WINDOWS1\Tasks\User_Feed_Synchronization-{26E27445-6018-4134-B97B-ECBA04A95D2A}.job
    - D:\WINDOWS1\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 02:31:54]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://aliceadsl.fr/
    uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%...{searchTerms}
    uDefault_Search_URL = hxxp://www.durable.com/recherche
    mStart Page = about:blank
    uSearchAssistant = hxxp://www.durable.com/recherche
    uSearchURL,(Default) = hxxp://www.durable.com/recherche
    IE: Ajouter à l'Anti-bannière - D:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
    IE: E&xporter vers Microsoft Excel - D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
    DPF: {596B26AA-E941-4FB5-8F91-0762447578F0} - hxxp://games.bigfishgames.com/fr_dream-chronicles/online/dream.1.0.0.17_fr.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - D:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\e4qyij7z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.aliceadsl.fr/
    FF - plugin: D:\Documents and Settings\All Users.WINDOWS1\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: D:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: D:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: D:\Program Files\Microsoft\Office Live\npOLW.dll
    FF - plugin: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\WINDOWS1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    D:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    D:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    D:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    Donc, apparement pas de souci dans le pc, et legere amelioriation dans la vitesse du pc et dans la connexion.

    En esperant avoir eradiquer ces "saloperie " lol , merci encore.

    Dans l'attente...
    2 Septembre 2010 18:05:11

    re
    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.





    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!


    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    2 Septembre 2010 20:54:18

    Ok , merci pour toutes tes réponses et soluces, ton aide m'a était precieuse et, en meme temp, m'a instruie.

    Je fesai sa pour ma tante, j'ai quelque base mais ne voulais pas m'avancer dans des chose que je conai que de loin et me planter car se n'est pas mon pc.

    Chaque fois un peu tard car elle habite a 900 km de chez moi :) 

    Bref, on y est arriver grace à ton aide encore merci :) 

    Continuez se que vous faites, c'est tous simplement genial :) , à bientot.
    2 Septembre 2010 20:58:08

    Euhh, derniere chose, ou dois-je cliquer pour élire meilleur reponse? :) 
    4 Septembre 2010 15:45:01

    de rien
    bon surf
    Citation :
    Euhh, derniere chose, ou dois-je cliquer pour élire meilleur reponse? :) 


    aucune importance
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS