Se connecter / S'enregistrer
Votre question

Pc infecté par trojan keylogger

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Mars 2010 21:14:56

Bonjour à tous,

Mon PC qui tourne avec windows XP est infecté par un trojan keylogger, selon les discussions déjà suivie dans le forum j'ai commencé par passé un Scan avec OTL, ça m'en a sorti 2 fichiers OTL.txt et Extras.txt que j'ai mis sur cijoint :
http://www.cijoint.fr/cjlink.php?file=cj201003/cijwQQul...
http://www.cijoint.fr/cjlink.php?file=cj201003/cij59x3v...

Y a t il quelqu'un qui peut me guider pour la suite SVP ?

Autres pages sur : infecte trojan keylogger

a c 267 8 Sécurité
28 Mars 2010 21:39:06

Bonjour,

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    PRC - C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe ()
    O2 - BHO: (Need2Find Bar BHO) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL File not found
    O2 - BHO: (SponsorAdulto Class) - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll File not found
    O3 - HKLM\..\Toolbar: (RX Toolbar) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (RX Toolbar) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll File not found
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
    O4 - HKLM\..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()
    O4 - HKCU\..\Run: [syncman] c:\documents and settings\florentin\wuaucldt.exe File not found
    O4 - Startup: C:\Documents and Settings\Florentin\Menu Démarrer\Programmes\Démarrage\syspck32.exe ()
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O33 - MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\Shell\AutoRun\command - "" = K:\ranvrgn.exe -- File not found
    O33 - MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\Shell\explore\Command - "" = K:\ranvrgn.exe -- File not found
    O33 - MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\Shell\open\Command - "" = K:\ranvrgn.exe -- File not found
    O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe" /START "%1" %* ()
    [2010/03/27 10:44:29 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Florentin\oashdihasidhasuidhiasdhiashdiuasdhasd
    [2010/03/27 10:42:15 | 000,015,832 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f8op027cwq
    [2010/03/27 10:42:14 | 000,015,832 | -HS- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\f8op027cwq
    [2010/03/22 18:32:38 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\jasltw.dat
    [2010/03/22 18:32:02 | 000,015,154 | -HS- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\VH56DJI7u87yo
    [2010/03/22 18:32:02 | 000,015,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
    [2010/03/22 18:31:57 | 000,202,752 | -HS- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\av.exe
    [2010/03/21 23:12:38 | 000,011,742 | -HS- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\wo588q8Gd1tnB
    [2010/03/21 23:12:38 | 000,011,742 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB
    [2010/03/21 23:12:37 | 000,202,752 | -HS- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe
    [2010/03/21 10:08:08 | 000,029,764 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
    [2010/03/21 10:08:07 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
    [2010/03/21 10:07:57 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\avdrn.dat
    [2008/08/15 09:58:35 | 000,000,584 | ---- | C] () -- C:\WINDOWS\smdat32a.sys
    [2008/08/15 09:58:35 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys

    :files
    C:\Program Files\Need2Find
    C:\Program Files\RXToolBar

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Run Fix en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    11 Avril 2010 22:12:35

    Bonsoir,

    Mille excuses pour une réponse si tardive, j'avais quelques autres priorités ces derniers temps que de m'occuper de mon PC perso. Ci dessous le compte rendu :

    All processes killed
    ========== OTL ==========
    No active process named ave.exe was found!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511F9316-771B-4953-A268-1C36DA667FE9}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    C:\WINDOWS\system32\wuaucldt.exe moved successfully.
    Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
    C:\Documents and Settings\Florentin\Menu Démarrer\Programmes\Démarrage\syspck32.exe moved successfully.
    Starting removal of ActiveX control {1D6711C8-7154-40BB-8380-3DEA45B69CBF}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{244497a8-76e5-11db-87b2-4d6564696130}\ not found.
    File K:\ranvrgn.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{244497a8-76e5-11db-87b2-4d6564696130}\ not found.
    File K:\ranvrgn.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244497a8-76e5-11db-87b2-4d6564696130}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{244497a8-76e5-11db-87b2-4d6564696130}\ not found.
    File K:\ranvrgn.exe not found.
    Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    C:\Documents and Settings\Florentin\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
    C:\Documents and Settings\All Users\Application Data\f8op027cwq moved successfully.
    C:\Documents and Settings\Florentin\Local Settings\Application Data\f8op027cwq moved successfully.
    C:\Documents and Settings\Florentin\Application Data\jasltw.dat moved successfully.
    C:\Documents and Settings\Florentin\Local Settings\Application Data\VH56DJI7u87yo moved successfully.
    C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo moved successfully.
    C:\Documents and Settings\Florentin\Local Settings\Application Data\av.exe moved successfully.
    C:\Documents and Settings\Florentin\Local Settings\Application Data\wo588q8Gd1tnB moved successfully.
    C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB moved successfully.
    C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe moved successfully.
    File C:\WINDOWS\System32\wuaucldt.exe not found.
    C:\Documents and Settings\NetworkService\Application Data\jasltw.dat moved successfully.
    C:\Documents and Settings\Florentin\Application Data\avdrn.dat moved successfully.
    C:\WINDOWS\smdat32a.sys moved successfully.
    C:\WINDOWS\smdat32m.sys moved successfully.
    ========== FILES ==========
    C:\Program Files\Need2Find\bar\Settings folder moved successfully.
    C:\Program Files\Need2Find\bar\History folder moved successfully.
    C:\Program Files\Need2Find\bar\Cache folder moved successfully.
    C:\Program Files\Need2Find\bar\1.bin folder moved successfully.
    C:\Program Files\Need2Find\bar folder moved successfully.
    C:\Program Files\Need2Find folder moved successfully.
    C:\Program Files\RXToolBar\HTML folder moved successfully.
    C:\Program Files\RXToolBar\graphics folder moved successfully.
    C:\Program Files\RXToolBar\Cache folder moved successfully.
    C:\Program Files\RXToolBar folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Florentin
    ->Temp folder emptied: 389703263 bytes
    ->Temporary Internet Files folder emptied: 56917074 bytes
    ->Java cache emptied: 9281932 bytes
    ->FireFox cache emptied: 17874930 bytes
    ->Flash cache emptied: 13550895 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 15023829 bytes
    ->FireFox cache emptied: 5022592 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1257178 bytes

    User: Séverine
    ->Temp folder emptied: 9160262 bytes
    ->Temporary Internet Files folder emptied: 39441308 bytes
    ->FireFox cache emptied: 7679771 bytes
    ->Flash cache emptied: 661 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2114937 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34769237 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1957530841 bytes

    Total Files Cleaned = 2 441,00 mb


    OTL by OldTimer - Version 3.1.37.3 log created on 04112010_214705

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Florentin\Local Settings\Temp\Temporary Internet Files\Content.IE5\M135XW48\nt%26l%3DSKY%26f%3D150551152%26id%3D5%26cbk%3DfcLoaded%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%26em%3D%25257B%252522site-attribute%252522%25253A%252522content%25253D%25255&r=0 not found!
    File\Folder C:\Documents and Settings\Florentin\Local Settings\Temp\Temporary Internet Files\Content.IE5\IN2TWB65\click2,VaUDAK9ACwDXUzMAAAAAALZYDgAAAAAAAgAEAAEAAAAAAP8AAAAEFmcwAgAAAAAAhz8UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqjQIAAAAAAAIAAgAAAAAA30[1].htm not found!
    File\Folder C:\Documents and Settings\Florentin\Local Settings\Temp\Temporary Internet Files\Content.IE5\0P2FK9MV\nt%26l%3DSKY%26f%3D150551781%26id%3D3%26cbk%3DfcLoaded%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%26em%3D%25257B%252522site-attribute%252522%25253A%252522content%25253D%25255&r=0 not found!
    File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat not found!

    Registry entries deleted on Reboot...
    Contenus similaires
    a c 267 8 Sécurité
    12 Avril 2010 00:08:27

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    17 Avril 2010 09:36:26

    Bonjour,

    Ci dessous le résultat du scan Malwarebytes :
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 4000

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    17/04/2010 09:32:40
    mbam-log-2010-04-17 (09-32-40).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 109337
    Temps écoulé: 14 minute(s), 39 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 6
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 17

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{273773ea-e96d-49f8-9ab1-eaec34a97347} (Trojan.Dialer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{511f9316-771b-4953-a268-1c36da667fe9} (Trojan.Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{511f9316-771b-4953-a268-1c36da667fe9} (Trojan.Dialer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gearaspiwdm (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpzid412 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpzipr12 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb wireless usb adapter(r) (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ikanloader2 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e4usbaw (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpzius12 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\drivers\gearaspiwdm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe" /START "C:\PROGRA~1\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Florentin\Local Settings\Application Data\ave.exe" /START "C:\PROGRA~1\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\AdCache (AdWare.Cydoor) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\pcandis5.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\SystemProfile\wuaucldt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\adildr.sys (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\gearaspiwdm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\hpzid412.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\hpzipr12.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\vnetusbr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\Cdaudio.sys (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\dmusic.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\e4ldr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\e4usbaw.sys (Rootkit.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\hpzius12.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\sig29.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Petit Ours Brun.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
    a c 267 8 Sécurité
    17 Avril 2010 13:03:24

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan OTL et poste le rapport OTL.
    19 Avril 2010 22:30:56

    Bonjour,

    Ci dessous le résultat du scan
    OTL logfile created on: 19/04/2010 22:22:26 - Run 2
    OTL by OldTimer - Version 3.1.37.3 Folder = K:\
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    447,00 Mb Total Physical Memory | 143,00 Mb Available Physical Memory | 32,00% Memory free
    1,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39,06 Gb Total Space | 16,96 Gb Free Space | 43,42% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 150,85 Gb Total Space | 134,58 Gb Free Space | 89,22% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive K: | 983,72 Mb Total Space | 956,78 Mb Free Space | 97,26% Space Free | Partition Type: FAT

    Computer Name: LEMERCIE-8AC0BA
    Current User Name: Florentin
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - K:\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Fichiers communs\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
    PRC - C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
    PRC - C:\Program Files\Fichiers communs\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe (RapidSolution Software AG)
    PRC - C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\IncrediMail\bin\IMApp.exe (IncrediMail, Ltd.)
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
    PRC - C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
    PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
    PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
    PRC - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
    PRC - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe (STOIK Imaging (www.stoik.com))
    PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)


    ========== Modules (SafeList) ==========

    MOD - K:\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Common Toolkit Service) -- C:\Program Files\Fichiers communs\Common Toolkit Suite\FighterSuiteService.exe (SPAMfighter)
    SRV - (AV Engine Scanning Service) -- C:/Program Files/Fichiers communs/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (FTRTSVC) -- C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
    SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)


    ========== Driver Services (SafeList) ==========

    DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
    DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
    DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
    DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
    DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Ahead Software AG)
    DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
    DRV - (DMusic) -- C:\WINDOWS\system32\drivers\dmusic.sys.bak (Microsoft Corporation)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys.bak (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
    DRV - (Cdaudio) -- C:\WINDOWS\system32\drivers\Cdaudio.sys.bak (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: " fficial" rel="nofollow" target="_blank">http://en-us.start.mozilla.com/firefox?client=firefox-a..."
    FF - prefs.js..keyword.URL: "http://www.instafinder.com/addsearch.asp?err=ADD&url="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/15 20:17:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2008/12/29 23:03:51 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2009/09/20 21:54:19 | 000,000,000 | ---D | M]

    [2010/03/27 12:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Florentin\Application Data\Mozilla\Firefox\Profiles\2xfq36dr.default\extensions
    [2009/12/27 19:50:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Florentin\Application Data\Mozilla\Firefox\Profiles\2xfq36dr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/03/27 12:53:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/02/09 12:48:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2008/12/29 23:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
    [2008/12/29 23:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2008/12/29 23:03:37 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
    [2008/12/29 23:03:37 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
    [2008/12/29 23:03:37 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
    [2008/12/29 23:03:39 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
    [2008/12/29 23:03:39 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
    [2008/03/24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
    [2008/12/29 23:03:50 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2008/12/29 23:03:50 | 000,001,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2008/12/29 23:03:50 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
    [2008/12/29 23:03:50 | 000,001,441 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2008/12/29 23:03:50 | 000,000,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
    O4 - HKLM..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe File not found
    O4 - HKLM..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe File not found
    O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe (RapidSolution Software AG)
    O4 - HKCU..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe (STOIK Imaging (www.stoik.com))
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Logi\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Logi\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/direc... (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont... (WUWebControl Class)
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTe... (EPSON Web Printer-SelfTest Control Class)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoftware.com/activescan/as5/asinst.cab (ActiveScan Installer Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://zzza.mpsa.com/dwa7W.cab (Domino Web Access 7 Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O32 - Unable to open key or key not present!
    O32 - AutoRun File - [2005/05/26 21:11:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/04/17 09:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Florentin\Application Data\Malwarebytes
    [2010/04/17 09:12:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/17 09:12:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/17 09:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/17 09:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/03/27 13:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Florentin\Application Data\Common Toolkit Suite
    [2010/03/27 13:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
    [2010/03/27 13:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Common Toolkit Suite
    [2010/03/27 13:11:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    [2010/03/27 12:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\clp
    [2010/03/27 12:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
    [2010/03/27 12:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Florentin\Application Data\Fighters
    [2010/03/27 12:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Florentin\Local Settings\Application Data\PackageAware
    [2010/03/22 19:34:36 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
    [2010/03/22 19:34:36 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
    [2010/03/22 19:34:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2010/03/22 19:34:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
    [2010/02/03 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/02/03 16:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2008/03/23 09:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
    [2008/03/23 09:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    [2008/03/23 09:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
    [2006/12/27 12:21:19 | 006,566,912 | ---- | C] (Nullsoft, Inc.) -- C:\Documents and Settings\Florentin\Application Data\winamp532_full.exe
    [2006/12/27 12:12:55 | 003,425,384 | ---- | C] (HTTrack ) -- C:\Documents and Settings\Florentin\Application Data\httrack-3.40-2.exe
    [2005/05/26 21:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2005/05/26 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2005/05/26 21:11:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2005/05/26 21:11:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/04/19 22:21:20 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Florentin\NTUSER.DAT
    [2010/04/19 22:18:13 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/19 22:17:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/04/19 22:17:02 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/19 22:16:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/19 22:16:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/19 22:16:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/17 09:45:07 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Florentin\ntuser.ini
    [2010/04/17 09:12:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/04/17 09:00:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/04/01 21:58:45 | 000,367,658 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/04/01 21:58:44 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/01 21:58:44 | 000,048,616 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/04/01 21:58:44 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/01 21:58:42 | 000,775,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/27 13:11:59 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SPYWAREfighter.lnk

    ========== Files Created - No Company Name ==========

    [2010/04/17 09:12:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/03/27 13:11:59 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SPYWAREfighter.lnk
    [2010/03/11 13:15:53 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\avfsfilter.sys
    [2009/08/01 11:23:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/06/07 22:40:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
    [2008/03/23 10:09:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/03/23 09:46:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
    [2008/02/09 13:07:32 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
    [2007/12/03 12:46:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\f7129022-a000-4847-db07-470265a73c4f
    [2007/09/03 19:07:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2P.DLL
    [2007/08/23 20:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2007/05/26 12:54:24 | 000,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini
    [2007/05/26 12:54:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
    [2007/05/26 12:54:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
    [2007/05/26 12:54:15 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
    [2007/05/05 10:46:45 | 000,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
    [2006/12/27 12:48:05 | 000,000,068 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
    [2006/12/25 21:14:38 | 001,410,680 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\install_flash_player.exe
    [2006/08/07 08:11:55 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
    [2006/07/28 09:56:31 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
    [2006/05/27 11:52:57 | 000,003,952 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\Hewlett-PackardHP PSC 1500 series1147202235_UI.log
    [2006/05/27 11:52:57 | 000,001,218 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\Hewlett-PackardHP PSC 1500 series1147202235_PROTOCOL.log
    [2006/05/27 11:52:57 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
    [2006/05/27 11:52:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\Hewlett-PackardHP PSC 1500 series1147202235_API.log
    [2006/05/09 20:53:59 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/04/23 16:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/04/23 16:38:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
    [2005/06/11 22:25:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2005/06/10 17:15:25 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2005/06/10 17:11:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/06/09 19:44:33 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
    [2005/06/05 21:54:11 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Florentin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/06/01 16:59:38 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\AdobeDLM.log
    [2005/06/01 16:59:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\dm.ini
    [2005/05/30 11:32:07 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS45.DLL
    [2005/05/30 10:56:27 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Florentin\Application Data\sversion.ini
    [2005/05/27 15:14:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
    [2001/07/06 15:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
    < End of report >
    a c 267 8 Sécurité
    19 Avril 2010 22:40:31

  • Mets à jour Java.

  • Mets à jour Avast.

  • Mets à jour Internet Explorer.

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    20 Avril 2010 20:40:19

    Bonsoir,

    Ci dessous le rapport : (pour la photo, je comprends pas bien, y a 5 minutes elle différente et là elle est revenue comme avant :-) )


    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 20/04/10 à 18:00
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 20:25:51 le 20/04/2010 | Mode normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 2 - X86
    Nom du PC: LEMERCIE-8AC0BA
    Utilisateur actuel: Florentin (Administrateur)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .

    (!) -- Fichiers temporaires supprimés.
    .
    HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
    HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
    HKLM\Software\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
    HKLM\Software\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
    HKLM\Software\Classes\Need2FindBar.SettingsPlugin
    HKLM\Software\Classes\Need2FindBar.SettingsPlugin.1
    HKLM\Software\Classes\Need2FindBar.ToolbarPlugin
    HKLM\Software\Classes\Need2FindBar.ToolbarPlugin.1
    HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
    .
    (Orpheline) HKCU,Run - WOOKIT - C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe (Fichier manquant)
    (Orpheline) HKCU,Run - EPSON Stylus DX4400 Series - C:\WINDOWS\TEMP\E_S2CF.tmp (Fichier manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 2.0.0.20 (fr) *
    .
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - browser.search.defaultenginename: Google
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - browser.search.selectedEngine: Google
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - browser.startup.homepage: hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.8.1.20
    C:\Documents and Settings\Florentin\..\2xfq36dr.default\prefs.js - keyword.URL: hxxp://www.instafinder.com/addsearch.asp?err=ADD&url=
    C:\Documents and Settings\LocalService\..\f4i807jk.default\prefs.js - browser.search.defaultenginename: Google
    C:\Documents and Settings\LocalService\..\f4i807jk.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    C:\Documents and Settings\LocalService\..\f4i807jk.default\prefs.js - browser.search.selectedEngine: Google
    C:\Documents and Settings\Séverine\..\autilify.default\prefs.js - browser.search.defaultenginename: Google
    C:\Documents and Settings\Séverine\..\autilify.default\prefs.js - browser.search.defaulturl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    C:\Documents and Settings\Séverine\..\autilify.default\prefs.js - browser.search.selectedEngine: Google
    C:\Documents and Settings\Séverine\..\autilify.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.8.1
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Enable Browser Extensions: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 1
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\DOCUME~1\FLOREN~1\LOCALS~1\Temp: 2 Fichier(s), 7 Dossier(s)
    C:\WINDOWS\temp: 4 Fichier(s), 2 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 6 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 13 Fichier(s)
    .
    C:\Ad-Report-CLEAN[1].txt - 4470 Octet(s)
    .
    Fin à: 20:31:25, 20/04/2010
    .
    ============== E.O.F - CLEAN[1] ==============
    a c 267 8 Sécurité
    20 Avril 2010 20:54:52

    Plus de souci ?
    20 Avril 2010 22:05:22

    Pour le moment ça à l'air de bien fonctionner, par contre avast me signal encore le blocage de tentatives d'accès.

    Merci !
    a c 267 8 Sécurité
    20 Avril 2010 22:06:57

    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    20 Avril 2010 22:20:53

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Ad-remover: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Ad-remover: supprimé !
    a c 267 8 Sécurité
    20 Avril 2010 22:24:52

    Tu peux supprimer ToolsCleaner ;) 
    20 Avril 2010 22:27:34

    Ci dessus le rapport de ToolCleaner 2, pour ce qui est de CCleaner, suite à l'analyse il me ressort une 20 aine de fichier dont Nero, QuicktimePlayer, Real Player... c'est normal ?
    a c 267 8 Sécurité
    20 Avril 2010 22:29:52

    Je ne sais pas.
    20 Avril 2010 22:37:18

    Je l'ai lancé quand même de toutes façons il n'y a rien de bien rare la dedans.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS