Votre question

[Résolu] Interpretation de rapport Hijackthis

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Avril 2010 12:11:29

Bonjour,

J'ai depuis 2 jours, des pages internet qui s'ouvrent toutes seules. J'ai lancé un scan complet de l'ordinateur avec Avira Antivir personnal qui n'a rien donné. J'ai aussi lancé un scan avec Spybot, Search & Destroy. Il m'a trouvé un malware que je lui ai ordonné de supprimer, mais j'ai toujours des pages web ( publicités ) qui s'ouvrent toutes seules.
J'ai donc téléchargé Hijackthis, en éspérant que quelqu'un pourait m'interpréter mon rapport.

Merci d'avance.

Rapport :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:32, on 15/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Shiqoa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\osd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\HiJackThis.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon Manager] C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 15933 bytes

Autres pages sur : resolu interpretation rapport hijackthis

a c 295 8 Sécurité
15 Avril 2010 12:15:39

Bonjour,

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    15 Avril 2010 12:38:58

    Merci Beaucoup pour votre réponse. Voila le rapport de AD-R :

    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 31/03/10 à 21:30
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 12:19:10 le 15/04/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 3 - X86
    Nom du PC: NOM-FB9B15D2723 | Utilisateur actuel: HP_Administrateur (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: *Application Updater*
    .
    C:\Documents and Settings\HP_Administrateur\Application Data\Dealio
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0xdxne9f.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\FireFox\Profiles\0xdxne9f.default\searchplugins\ask.xml
    ERREUR SUPPRESSION !! : C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings
    C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Ask Search Assistant
    C:\Program Files\Application Updater
    C:\Program Files\Ask Search Assistant
    C:\Program Files\AskBarDis
    C:\Program Files\Dealio Toolbar
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Program Files\Mozilla FireFox\extensions\dealio@mybrowserbar.com
    C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
    C:\Program Files\Search Settings

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\AppDataLow\AskBarDis
    HKCU\Software\AppDataLow\Software\Dealio
    HKCU\Software\AskBarDis
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Search Settings
    HKLM\Software\Application Updater
    HKLM\Software\AskBarDis
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton
    HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
    HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
    HKLM\Software\Classes\AskToolBar.SettingsPlugin
    HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
    HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
    HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
    HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    HKLM\Software\Dealio
    HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
    HKLM\Software\Search Settings
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome.manifest
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\install.rdf
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\install.rdf
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettingsRes409.dll
    .
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.6.3 (fr) *
    .
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\HP_Administrateur\\Bureau
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.search.defaultenginename: Yahoo
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.search.defaulturl: hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.search.selectedEngine: Recherche de vidéos YouTube
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.startup.homepage: hxxp://www.facebook.com/home.php
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
    C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - keyword.URL: hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
    .
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - user_pref("extensions.opensearch@ask.com.install-event-fired", true);
    EFFACÉ: C:\Documents and Settings\HP_Administrateur\..\0xdxne9f.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    AutoHide: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ============== SUSPECT(S) ==============
    .
    C:\Documents and Settings\HP_Administrateur\Mes documents\Demos\ENGLISH\patch_1.2_1.3_1.4.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\candide_patch14.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\data\library.zip
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.025beta-Patch-Windows\data\library.zip
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.025beta-Patch-Windows\FretsOnFire.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.025beta-Patch-Windows\w9xpopen.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.025beta-Patch-Windows.rar
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.030-Full-Windows\data\library.zip
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.030-Full-Windows\FretsOnFire.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FoFiX-3.030-Full-Windows\w9xpopen.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\FretsOnFire.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\IMGTool.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\jibberish deluxe beta\Jibdeluxebeta.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\jibberish deluxe beta\Uninstal.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\Jibbin+_Rc_install.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\koruldia.zip
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\Max_Payne_JeuxVideo.com_3779.zip
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\Ski_Stunt_Simulator_PC_jeu_gratuit.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\StudioPatch10_7_0.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\StudioPatch10_8.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\THEME3_000-Guitar Hero III.rar
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\trackmania_nations_forever_jeu_complet_multi-langues_240580.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Jeux - Patches\w9xpopen.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\tony_hawk_american_wasteland_patch_1.01.exe
    .
    ========================================
    .
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp: 4 Fichier(s), 18 Dossier(s)
    C:\WINDOWS\temp: 2 Fichier(s), 331 Dossier(s)
    Temporary Internet Files: 5 Fichier(s), 7 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 23 Fichier(s)
    C:\Ad-Remover\Backup: 14 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 12807 Octet(s)
    .
    Fin à: 12:30:16, 15/04/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    Contenus similaires
    15 Avril 2010 12:55:21

    P.S : Je me permets de re-poster une réponse, pour ne pas qu'un Edit vienne gêner la lecture du rapport. : J'ai toujours ces pages web publicitaires qui s'ouvrent automatiquement... :( 
    a c 295 8 Sécurité
    15 Avril 2010 13:16:14

  • Relance Ad-Remover et choisis Désinstaller.

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    a c 295 8 Sécurité
    15 Avril 2010 20:55:14

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    FF - prefs.js..browser.search.order.1: "Ask"
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2010/04/14 21:01:41 | 000,160,256 | ---- | C] () -- C:\WINDOWS\Shiqoa.exe
    [2010/04/14 21:01:41 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/04/14 21:01:36 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

    :files
    C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    15 Avril 2010 21:08:33

    Est-ce normal que pendant la "Correction" avec OTL, mon antivirus ( Avira Antivir Personnal ) a détecté deux Chevaux de Troie ?

    Voici le rapport :

    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask" removed from browser.search.order.1
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    File move failed. C:\WINDOWS\Shiqoa.exe scheduled to be moved on reboot.
    C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
    C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
    ========== FILES ==========
    C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings\kb130\temp folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings\kb130 folder moved successfully.
    C:\Documents and Settings\HP_Administrateur\Application Data\Search Settings folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: HP_Administrateur
    ->Temp folder emptied: 68018827 bytes
    ->Temporary Internet Files folder emptied: 47387053 bytes
    ->Java cache emptied: 12068653 bytes
    ->FireFox cache emptied: 71684464 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 137146 bytes
    ->Flash cache emptied: 1533257 bytes

    User: LocalService
    ->Temp folder emptied: 66531 bytes
    ->Temporary Internet Files folder emptied: 3421556 bytes

    User: NetworkService
    ->Temp folder emptied: 68496 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 27047984 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25587 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 24000895 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 244,00 mb


    OTL by OldTimer - Version 3.2.1.1 log created on 04152010_205838

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\Shiqoa.exe not found!

    Registry entries deleted on Reboot...
    15 Avril 2010 21:10:47

    P.S : Les chevaux de troie étaient soit disant situés dans " C:/WINDOWS/Shiqoa.exe "
    a c 295 8 Sécurité
    15 Avril 2010 21:16:19

    Bien ;) 

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    15 Avril 2010 21:27:16

    Avant de faire cette étape, dois-je désinstaller OTL ?
    a c 295 8 Sécurité
    15 Avril 2010 21:38:50

    Non.
    15 Avril 2010 21:47:02

    Merci infiniment pour votre aide. Voici le rapport de MBAM :
    (rapport posté avant d'avoir redémarré l'ordinateur)


    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 3993

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    15/04/2010 21:44:01
    mbam-log-2010-04-15 (21-44-01).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 115359
    Temps écoulé: 8 minute(s), 5 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\BitDownload\BitDownload Setup Components (Trojan.Swizzor) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    15 Avril 2010 21:49:07

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan OTL et poste le rapport OTL.
    15 Avril 2010 22:20:36

    J'ai suivi la même démarche que pour le premier scan OTL :




    OTL logfile created on: 15/04/2010 22:11:54 - Run 2
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\HP_Administrateur\Bureau
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 022,00 Mb Total Physical Memory | 394,00 Mb Available Physical Memory | 39,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 291,08 Gb Total Space | 178,13 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
    Drive D: | 7,00 Gb Total Space | 0,77 Gb Free Space | 10,94% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: NOM-FB9B15D2723
    Current User Name: HP_Administrateur
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
    PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe ()
    PRC - C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe (ACD Systems, Ltd.)
    PRC - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    PRC - C:\WINDOWS\osd.exe (Netropa Corp.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
    PRC - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    PRC - C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe (Motive Communications, Inc.)
    PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
    PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
    SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
    SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
    DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd)
    DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
    DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
    DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
    DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
    DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
    DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
    DRV - (WN5301) -- C:\WINDOWS\system32\drivers\wn5301.sys (Liteon Technology Inc.)
    DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (ASUSTek)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
    DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
    DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
    DRV - (PAC207) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
    DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
    DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
    DRV - (WN5401) -- C:\WINDOWS\system32\drivers\wn5401.sys (Liteon Technology Corp.)
    DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
    DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
    DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
    DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
    DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
    DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.selectedEngine: "Recherche de vidéos YouTube"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.3.3
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
    FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.2.2
    FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100307
    FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=u..."


    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/13 10:56:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/16 17:57:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 12:29:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 22:09:05 | 000,000,000 | ---D | M]

    [2008/12/17 14:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions
    [2010/04/15 21:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions
    [2009/09/03 16:32:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/12/22 13:04:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2009/11/09 18:25:37 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
    [2010/03/25 18:54:23 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2010/02/10 14:33:22 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [2010/04/14 21:49:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/03/25 13:36:19 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    [2009/06/28 22:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\bloodfire@example.com
    [2010/03/15 17:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\chromifox@altmusictv.com
    [2010/03/15 17:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\nasanightlaunch@example.com
    [2010/03/24 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\personas@christopher.beard
    [2009/06/28 22:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\searchrecs@veoh.com
    [2010/03/21 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\unplug@compunach
    [2010/02/10 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2010/02/10 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/02/10 14:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2010/02/10 14:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/01/18 17:30:59 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\searchplugins\ask.uk.xml
    [2008/12/17 15:24:47 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\searchplugins\live-search.xml
    [2009/03/07 14:47:55 | 000,002,069 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\0xdxne9f.default\searchplugins\recherche-de-vidos-youtube.xml
    [2010/04/15 21:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/08/13 10:54:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/03/13 23:32:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/04/15 21:58:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2008/08/13 10:54:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/02/09 13:17:14 | 001,933,312 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
    [2010/03/12 18:42:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/03/12 18:42:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/03/12 18:42:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/03/12 18:42:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2010/03/23 21:51:04 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2010/04/14 23:35:56 | 000,306,040 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 10536 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [Device Detector] File not found
    O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [OSD] C:\WINDOWS\osd.exe (Netropa Corp.)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [UberIcon Manager] C:\WINDOWS\Resources\Themes\VistaXP\ui\UberIcon Manager.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5... (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.... (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca... (UnoCtrl Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scan... (Windows Live Safety Center Base Module)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca... (MSN Games - Installer)
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.... (CBreakshotControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-wind... (Java Plug-in 1.6.0_20)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/01/01 16:11:39 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/15 22:02:38 | 027,565,744 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrateur\Bureau\AdbeRdr930_fr_FR.exe
    [2010/04/15 21:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/04/15 21:58:55 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/04/15 21:58:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/04/15 21:58:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/04/15 21:58:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/04/15 21:57:29 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Administrateur\Bureau\jxpiinstall.exe
    [2010/04/15 21:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
    [2010/04/15 21:32:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/15 21:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/04/15 21:32:03 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/15 21:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/15 21:30:02 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrateur\Bureau\mbam-setup.exe
    [2010/04/15 20:58:38 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/04/15 13:23:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
    [2010/04/15 13:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2010/04/15 12:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\No Company Name
    [2010/04/15 12:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Mes documents\Adobe
    [2010/04/15 11:48:37 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrateur\Mes documents\HiJackThis.exe
    [2010/04/14 21:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/04/14 21:48:20 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\HP_Administrateur\Mes documents\ccsetup230.exe
    [2010/04/14 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Macrovision Shared
    [2010/04/14 15:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Bureau\Adobe Premiere Elements 8
    [2010/04/14 15:36:34 | 006,852,616 | ---- | C] (ESTsoft Corp. ) -- C:\Documents and Settings\HP_Administrateur\Mes documents\ALZip.exe
    [2010/04/14 12:36:13 | 001,228,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrateur\Mes documents\PremiereElements_8_LS8.exe
    [2010/03/28 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Mes documents\virtualdub_virtualdub_1.9.8_anglais_10126
    [2010/03/27 15:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Mes documents\icono_bmx
    [2010/03/24 21:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Mes documents\Clé USB
    [2010/02/27 13:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/02/27 13:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2009/04/03 21:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2008/12/17 14:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
    [2008/11/28 18:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2007/11/05 09:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2007/05/04 19:52:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2007/04/30 19:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2005/09/24 08:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
    [2005/01/01 15:27:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/04/15 22:09:06 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2010/04/15 22:06:37 | 027,565,744 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrateur\Bureau\AdbeRdr930_fr_FR.exe
    [2010/04/15 21:57:36 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\HP_Administrateur\Bureau\jxpiinstall.exe
    [2010/04/15 21:55:59 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2010/04/15 21:54:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/15 21:54:13 | 000,000,032 | ---- | M] () -- C:\WINDOWS\lvkosd.ini
    [2010/04/15 21:52:30 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/15 21:52:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/15 21:52:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/15 21:52:19 | 1072,123,904 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/15 21:51:16 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\ntuser.dat
    [2010/04/15 21:51:16 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\HP_Administrateur\ntuser.ini
    [2010/04/15 21:50:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/15 21:32:10 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/04/15 21:31:25 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrateur\Bureau\mbam-setup.exe
    [2010/04/15 21:29:00 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3167024290-2374997131-616883619-1007UA.job
    [2010/04/15 21:05:42 | 000,079,480 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/04/15 21:02:46 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/04/15 19:14:06 | 000,004,908 | -H-- | M] () -- C:\ffastun.ffa
    [2010/04/15 19:14:05 | 008,261,632 | -H-- | M] () -- C:\ffastun0.ffx
    [2010/04/15 19:14:05 | 002,678,784 | -H-- | M] () -- C:\ffastun.ffl
    [2010/04/15 19:14:05 | 000,131,072 | -H-- | M] () -- C:\ffastun.ffo
    [2010/04/15 18:29:01 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3167024290-2374997131-616883619-1007Core.job
    [2010/04/15 13:23:58 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe
    [2010/04/15 11:48:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrateur\Mes documents\HiJackThis.exe
    [2010/04/14 23:35:56 | 000,306,040 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/04/14 21:49:19 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\CCleaner.lnk
    [2010/04/14 21:48:42 | 003,376,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\HP_Administrateur\Mes documents\ccsetup230.exe
    [2010/04/14 21:10:59 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/14 16:03:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/04/14 15:55:05 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
    [2010/04/14 15:38:51 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ALZip.lnk
    [2010/04/14 15:37:58 | 006,852,616 | ---- | M] (ESTsoft Corp. ) -- C:\Documents and Settings\HP_Administrateur\Mes documents\ALZip.exe
    [2010/04/14 14:12:12 | 1281,523,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\PremiereElements_8_LS8.7z
    [2010/04/14 12:36:23 | 001,228,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrateur\Mes documents\PremiereElements_8_LS8.exe
    [2010/04/14 11:48:22 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
    [2010/04/13 23:36:40 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
    [2010/04/13 19:51:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
    [2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/04/11 12:42:35 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\DVDVideoSoft Free Studio.lnk
    [2010/04/11 12:17:27 | 017,623,166 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Documents and Settings\HP_Administrateur\Mes documents\FreeYouTubeToMp3Converter.exe
    [2010/04/05 19:29:41 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Google Chrome.lnk
    [2010/04/01 21:10:17 | 001,126,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/01 21:10:17 | 000,511,874 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/04/01 21:10:17 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/01 21:10:17 | 000,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/04/01 21:10:17 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/28 13:53:28 | 001,704,669 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\virtualdub_virtualdub_1.9.8_anglais_10126.zip
    [2010/03/27 15:34:43 | 000,022,523 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\icono_bmx.zip
    [2010/03/24 15:54:49 | 000,001,077 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/03/18 19:58:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2010/03/18 19:57:55 | 000,000,289 | RHS- | M] () -- C:\boot.ini
    [2010/03/18 19:57:55 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/03/18 19:56:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Ÿ9Ÿ9

    ========== Files Created - No Company Name ==========

    [2010/04/15 22:09:06 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2010/04/15 21:32:10 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/04/14 21:49:19 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\CCleaner.lnk
    [2010/04/14 15:55:05 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
    [2010/04/14 15:38:51 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ALZip.lnk
    [2010/04/14 12:36:13 | 1281,523,585 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\PremiereElements_8_LS8.7z
    [2010/03/28 13:53:14 | 001,704,669 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\virtualdub_virtualdub_1.9.8_anglais_10126.zip
    [2010/03/27 15:34:41 | 000,022,523 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\icono_bmx.zip
    [2010/02/22 01:41:55 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\HP_Administrateur.lnk
    [2009/12/13 10:52:23 | 000,000,032 | ---- | C] () -- C:\WINDOWS\lvkosd.ini
    [2009/08/09 12:18:51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pspvc_path.ini
    [2009/03/25 19:08:21 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/11 12:01:05 | 014,680,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\ntuser.dat
    [2009/01/04 17:31:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/01/04 17:31:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
    [2008/11/24 19:22:52 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\HPSU_48BitScanUpdate.log
    [2008/11/24 19:22:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2008/11/17 18:50:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Ÿ9Ÿ9
    [2008/11/02 22:16:55 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
    [2008/11/02 20:40:52 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
    [2008/11/02 20:27:09 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
    [2008/11/02 20:27:09 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
    [2008/11/02 20:27:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
    [2008/11/02 20:27:09 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
    [2008/11/02 20:27:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
    [2008/10/29 12:22:20 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/10/29 12:22:04 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\PnkBstrK.sys
    [2008/10/28 21:50:33 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    [2008/08/03 11:43:27 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2008/08/03 11:43:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2008/03/26 19:11:18 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom24.dll
    [2008/03/26 19:11:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes24.dll
    [2008/01/18 22:18:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\game.ini
    [2007/10/27 15:12:09 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/09/03 12:53:21 | 000,081,332 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
    [2007/08/25 11:25:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
    [2007/07/31 12:03:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
    [2007/06/16 17:15:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\NWDECDU.INI
    [2007/05/17 15:00:06 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
    [2007/05/17 15:00:04 | 000,000,616 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/04/30 18:57:03 | 000,038,609 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
    [2007/04/29 20:21:20 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/29 20:08:43 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
    [2007/04/29 19:41:06 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\fusioncache.dat
    [2007/04/29 19:41:02 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\HP_Administrateur\ntuser.dat.LOG
    [2007/04/29 19:41:02 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\HP_Administrateur\ntuser.ini
    [2007/04/29 19:40:17 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
    [2007/04/29 19:40:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    [2005/12/09 23:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/05 23:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/05/27 14:57:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
    [2005/01/25 15:15:42 | 000,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
    [2005/01/01 16:36:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/01/01 16:16:27 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2005/01/01 16:14:00 | 000,014,397 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2005/01/01 16:13:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2005/01/01 16:06:22 | 000,000,111 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2005/01/01 15:54:30 | 000,002,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2005/01/01 15:53:40 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/01/01 15:51:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
    [2005/01/01 15:48:11 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2005/01/01 15:29:06 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2005/01/01 15:29:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2005/01/01 15:28:51 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/12/20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
    [2003/06/24 19:20:22 | 000,000,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2002/05/28 03:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
    [2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
    [2001/07/06 23:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
    [2001/06/24 11:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
    [1997/08/01 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
    [1997/08/01 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
    [1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1997/08/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    ========== LOP Check ==========

    [2009/06/01 19:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2008/05/18 12:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
    [2007/11/01 20:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
    [2009/02/18 14:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
    [2010/01/18 19:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2007/05/21 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2008/11/02 21:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2009/01/04 17:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
    [2007/08/25 12:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2009/01/04 18:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2008/11/05 15:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/29 01:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
    [2008/10/29 11:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2009/11/21 13:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/10 10:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    ========== Purity Check ==========


    < End of report >
    a c 295 8 Sécurité
    15 Avril 2010 22:56:41

    Plus de souci ?
    15 Avril 2010 23:05:20

    Non , les pages internet ublicitaires ne s'ouvrent plus, Merci beaucoup pour votre aide ! J'apprécie beaucoup d'avoir pu me débarasser si rapidement de ces malwares ! :) 
    Juste une dernière question: Puis-je supprimer OTL et MBAM ou dois-je les garder en cas de besoin ?
    En tous cas félicitations pour tout ce que vous faites, je trouve ça très sympa de votre part !
    a c 295 8 Sécurité
    15 Avril 2010 23:38:03

    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    22 Avril 2010 11:50:44

    Merci, désolé de mon absence, je fais les étapes et je poste le rapport dès que j'ai terminé
    22 Avril 2010 11:57:56

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Documents and Settings\HP_Administrateur\Mes documents\HijackThis.exe: trouvé !
    C:\Documents and Settings\HP_Administrateur\Mes documents\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\HP_Administrateur\Mes documents\HijackThis.exe: supprimé !
    C:\Documents and Settings\HP_Administrateur\Mes documents\hijackthis.log: supprimé !

    Corbeille vidée!
    a c 295 8 Sécurité
    22 Avril 2010 16:26:41

    Tu peux supprimer ToolsCleaner ;) 
    22 Avril 2010 21:59:06

    Merci encore énormément, je ferai désormais attention en surfant sur le net.
    Encore bravo pour les gestes que vous faites chaque jour pour aider les internautes, c'est très courageux et ça ne doit pas être toujours facile.
    Sur ce, bonne soirée. :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS