Se connecter / S'enregistrer
Votre question
Fermé

impossible d'afficher page recherche sous google

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Septembre 2008 23:05:54

bonjour,
j'ai un soucis , je n'arrive plus à afficher une recherche sous google, seuls les sites dans mes favoris s'ouvrent , lorsque je fais une recherche soit sous Internet Explorer ou par Firefox , la page recherchée ne s'affiche jamais ( de plus je suis en bas débit ) j'ai remarqué qu'en allant sur outils options internet confidentialités , les paramètres reviennent toujours à accepter tous les cookies , je n'arrive pas à valider en moyenne quand je re ouvre le navigateur le curseur est revenu à accepter tous les cookies.
De plus par moment j'ai des pages de pubs qui s'ouvre seules soiot sur IE soit sur firefox..
Je ne comprends plus rien et je n'arrive pas à faire une recherche sur google..
Pourriez vous m'aider je poste à tout hasard le rapport hijackthis
en vous remerciant d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:15, on 14/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\JP\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3A55FFCE-5AE2-4EEB-922A-0239D924C801} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7FFCD8F1-7D26-4B0D-935F-F62CD50216C1} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {f45d8719-44f0-1259-3cc4-57092a0e037a} - {a730e0a2-9075-4cc3-9521-0f449178d54f} - C:\WINDOWS\system32\sfiyhm.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM3354b7e2] Rundll32.exe "C:\WINDOWS\system32\qkefxyub.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B240AB-3446-4853-BBDC-44431C7CDB68}: NameServer = 80.10.246.5 80.10.246.136
O20 - AppInit_DLLs: sfiyhm.dll
O20 - Winlogon Notify: vtUKcbbc - vtUKcbbc.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7158 bytes

Autres pages sur : impossible afficher page recherche google

15 Septembre 2008 10:16:35

bonjour,
je viens de passer spy bot et adaware , mais pas d'amélioration
Pouvez vous m'aider
merci
a b 8 Sécurité
15 Septembre 2008 13:32:52

Salut,

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
    Contenus similaires
    15 Septembre 2008 18:55:27

    bonjour,
    voici le rapport catchme

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0



    hidden files: 0


    a b 8 Sécurité
    15 Septembre 2008 19:30:11

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    15 Septembre 2008 20:54:19

    voici le rapport COMBO.

    ComboFix 08-09-14.06 - JP 2008-09-15 20:37:43.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.411 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\JP\Bureau\NETTOYAGE VIRUS\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM3354b7e2.txt
    C:\WINDOWS\BM3354b7e2.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\fLUvvyxx.ini
    C:\WINDOWS\system32\fLUvvyxx.ini2
    C:\WINDOWS\system32\fwocvudl.ini
    C:\WINDOWS\system32\lduvcowf.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\qkefxyub.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-14 21:39 . 2008-09-14 21:39 <REP> d-------- C:\Program Files\Avira
    2008-09-14 21:39 . 2008-09-14 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-14 21:16 . 2008-09-14 21:16 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-09-13 20:36 . 2008-09-13 20:36 <REP> d-------- C:\WINDOWS\report
    2008-09-13 20:36 . 2008-09-13 20:19 22,127,629 --a------ C:\WINDOWS\LPT$VPN.539
    2008-09-13 20:19 . 2008-09-13 20:19 22,127,629 --a------ C:\WINDOWS\VPTNFILE.539
    2008-09-13 20:19 . 2008-09-13 20:19 1,966,422 --a------ C:\WINDOWS\tsc.ptn
    2008-09-13 20:19 . 2008-09-13 20:19 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-09-13 20:19 . 2008-09-13 20:19 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-09-13 20:19 . 2008-09-13 20:19 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-09-13 20:19 . 2008-09-13 20:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-09-13 20:19 . 2008-09-13 21:10 823 --a------ C:\WINDOWS\tsc.ini
    2008-09-13 19:01 . 2008-09-14 21:15 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-09-13 19:01 . 2008-09-13 19:01 <REP> d-------- C:\WINDOWS\AU_Log
    2008-09-13 19:01 . 2008-09-13 19:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-09-13 19:01 . 2008-09-13 19:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-09-13 19:01 . 2008-09-13 19:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-09-13 19:01 . 2008-09-13 19:01 170 --a------ C:\WINDOWS\GetServer.ini
    2008-09-13 17:40 . 2008-09-14 21:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-09-12 22:50 . 2008-09-12 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-12 22:49 . 2008-09-12 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-12 19:00 . 2008-09-12 19:00 112,640 --a------ C:\WINDOWS\system32\sfiyhm.dll
    2008-09-12 19:00 . 2008-09-12 19:00 112,640 --a------ C:\WINDOWS\system32\hcwmyppv.dll
    2008-09-12 18:33 . 2008-09-12 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-08 20:21 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\JP\Application Data\U3
    2008-09-07 22:34 . 2008-09-07 22:40 <REP> d-------- C:\Program Files\RegCleaner
    2008-09-07 22:29 . 2008-09-07 22:29 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-07 22:23 . 2008-09-12 18:15 12 --a------ C:\WINDOWS\system32\mapisvc.inf
    2008-09-07 22:22 . 2008-09-12 18:17 <REP> d-------- C:\Program Files\ESET
    2008-09-07 21:46 . 2008-09-07 22:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-07 21:46 . 2008-09-07 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-05 21:19 . 2008-09-05 21:19 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-08-24 20:40 . 2008-08-24 20:40 0 --a------ C:\WINDOWS\OpPrintServer.INI
    2008-08-24 20:35 . 2008-08-24 20:35 <REP> d-------- C:\Documents and Settings\JP\Application Data\ArcSoft
    2008-08-24 20:31 . 2008-08-24 20:31 <REP> d-------- C:\Program Files\ArcSoft
    2008-08-24 20:31 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
    2008-08-18 22:55 . 2008-08-18 22:55 <REP> d-------- C:\WINDOWS\Sun
    2008-08-17 21:51 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-08-17 21:44 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-17 14:18 . 2008-04-13 19:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-08-17 13:57 . 2008-08-17 13:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-08-17 13:57 . 2008-04-13 19:34 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
    2008-08-17 13:53 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002593_.tmp
    2008-08-17 13:50 . 2008-08-17 13:50 <REP> d-------- C:\WINDOWS\EHome
    2008-08-15 22:29 . 2008-08-15 22:29 <REP> d-------- C:\Program Files\ToniArts
    2008-08-15 21:16 . 2008-08-21 21:13 <REP> d-------- C:\Documents and Settings\JP\Contacts
    2008-08-15 19:23 . 2008-08-15 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-08-15 19:00 . 2008-08-30 17:27 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-08-15 16:54 . 2008-08-15 16:54 268 --ah----- C:\sqmdata01.sqm
    2008-08-15 16:54 . 2008-08-15 16:54 244 --ah----- C:\sqmnoopt01.sqm
    2008-08-15 16:42 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-15 16:42 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
    2008-08-15 16:42 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-15 16:16 . 2008-08-15 16:16 <REP> d-------- C:\Program Files\Java
    2008-08-15 16:16 . 2008-08-15 16:16 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-08-15 16:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-08-15 16:09 . 2008-08-15 16:09 268 --ah----- C:\sqmdata00.sqm
    2008-08-15 16:09 . 2008-08-15 16:09 244 --ah----- C:\sqmnoopt00.sqm
    2008-08-15 09:28 . 2008-08-15 09:28 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-13 20:43 --------- d-----w C:\Documents and Settings\JP\Application Data\Free Download Manager
    2008-09-12 20:50 --------- d-----w C:\Program Files\Lavasoft
    2008-09-12 16:22 --------- d-----w C:\Program Files\Alwil Software
    2008-08-30 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-24 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-24 18:40 --------- d-----w C:\Program Files\Canon
    2008-08-15 07:28 --------- d-----w C:\Program Files\Windows Live
    2008-08-15 07:27 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-15 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-12 19:47 --------- d-----w C:\Program Files\Free Download Manager
    2008-08-12 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-08-12 19:21 --------- d-----w C:\Documents and Settings\JP\Application Data\Canon
    2008-08-12 19:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-12 19:10 --------- d-----w C:\Documents and Settings\JP\Application Data\MSNInstaller
    2008-08-11 20:34 --------- d-----w C:\Documents and Settings\JP\Application Data\AdobeUM
    2008-08-10 19:35 --------- d-----w C:\Documents and Settings\JP\Application Data\ACD Systems
    2008-08-10 06:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-08-10 06:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-10 06:30 --------- d-----w C:\Program Files\Lavalys
    2008-08-09 21:17 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
    2008-08-09 21:17 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-08-09 21:05 --------- d-----w C:\Program Files\OLITEC
    2008-08-08 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-08-07 19:50 --------- d-----w C:\Program Files\Macromedia
    2008-08-07 18:46 --------- d-----w C:\Program Files\ACD Systems
    2008-08-07 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-08-07 16:47 --------- d-----w C:\Documents and Settings\JP\Application Data\Media Player Classic
    2008-08-07 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-07 07:37 --------- d-----w C:\Program Files\Bonjour
    2008-08-07 07:30 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-08-07 06:57 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-08-07 06:56 --------- d-----w C:\Program Files\Nero
    2008-08-07 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-08-07 06:52 --------- d-----w C:\Program Files\PhotoFiltre
    2008-08-07 06:50 --------- d-----w C:\Program Files\VIA
    2008-08-07 06:48 --------- d-----w C:\Program Files\Microsoft Works
    2008-08-07 06:45 --------- d-----w C:\Program Files\Realtek
    2008-08-07 06:42 --------- d-----w C:\Program Files\S3
    2008-08-07 06:39 --------- d-----w C:\Program Files\SuperCopier2
    2008-08-07 06:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-08-07 06:31 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-07 06:29 --------- d-----w C:\Program Files\Services en ligne
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-23 15:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a730e0a2-9075-4cc3-9521-0f449178d54f}]
    2008-09-12 19:00 112640 --a------ C:\WINDOWS\system32\sfiyhm.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-04 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sfiyhm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 S3G700;S3G700;C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-10-15 792576]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{3A55FFCE-5AE2-4EEB-922A-0239D924C801} - (no file)
    BHO-{7FFCD8F1-7D26-4B0D-935F-F62CD50216C1} - (no file)
    HKLM-Run-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM-Run-3067847e - C:\WINDOWS\system32\lduvcowf.dll
    HKLM-Run-BM3354b7e2 - C:\WINDOWS\system32\qkefxyub.dll
    ShellExecuteHooks-{3A55FFCE-5AE2-4EEB-922A-0239D924C801} - (no file)
    Notify-vtUKcbbc - vtUKcbbc.dll


    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\az8qlv3v.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-15 20:41:20
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\JP\LOCALS~1\Temp\mc21.tmp"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-15 20:46:35 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-15 18:46:12

    Avant-CF: 59,658,977,280 octets libres
    AprŠs-CF: 59,647,541,248 octets libres

    213 --- E O F --- 2008-08-30 15:27:54
    a b 8 Sécurité
    15 Septembre 2008 21:14:08

    Analyse le fichier suivant sur Virus Total puis poste le rapport :
    C:\WINDOWS\system32\sfiyhm.dll
    15 Septembre 2008 22:23:47

    super , je pense que c'est bon déjà , je peux de nouveau afficher les pages de recherche sur google, et y aller , ensuite mon antivirus antivir vient de me signaler exactement le m^eme fichier comme un trojan ,
    voici le rapport de virus total

    MD5: 5e5282458dbb0dfff7bbcfa9114f4f0c
    First received: 2008.09.12 20:06:27 (CET)
    Date 2008.09.15 08:33:39 (CET) [<1D]
    Résultats 11/36
    Permalink: analisis/ffad32753ab915067f218683553d3ce8

    Fichier sfiyhm.dll reçu le 2008.09.15 08:33:39 (CET)
    Situation actuelle: terminé
    Résultat: 11/36 (30.56%)
    Formaté Formaté
    Impression des résultats Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - Trojan.Vundo.FLG
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - Trojan.DnsChange.988
    eSafe - - Suspicious File
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    Fortinet - - PossibleThreat
    GData - - -
    Ikarus - - Trojan.Vundo.FKW
    K7AntiVirus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    PCTools - - -
    Prevx1 - - Fraudulent Security Program
    Rising - - Packer.Win32.Agent.v
    Sophos - - Sus/Behav-278
    Sunbelt - - -
    Symantec - - Trojan.Vundo
    TheHacker - - -
    TrendMicro - - PAK_Generic.001
    VBA32 - - -
    ViRobot - - -
    VirusBuster - - -
    Webwasher-Gateway - - Win32.Malware.gen (suspicious)
    Information additionnelle
    MD5: 5e5282458dbb0dfff7bbcfa9114f4f0c
    SHA1: 7770da66d07dff3f98f6dbc5784ab078940e1e9f
    SHA256: 29cf73b634af80930611de2f36a11718ec431061da2c882ff3ddbb992b085996
    SHA512: 3647517cdbf752ab677484591ddbc93540ca09e3ca86856d4ca42d4020f68231ec64b1826552e9a467fe68937ffca223d67f5da2a41564b982b1fe5f9857a841


    :bounce: 
    a b 8 Sécurité
    16 Septembre 2008 12:28:11

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    mchInjDrv

    File::
    C:\WINDOWS\system32\sfiyhm.dll
    C:\DOCUME~1\JP\LOCALS~1\Temp\mc21.tmp

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a730e0a2-9075-4cc3-9521-0f449178d54f}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    16 Septembre 2008 20:48:07

    Bonsoir,
    voici les rapports :

    ComboFix 08-09-14.06 - JP 2008-09-16 20:30:47.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.389 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\JP\Bureau\NETTOYAGE VIRUS\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JP\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV
    -------\Service_mchInjDrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-14 21:39 . 2008-09-14 21:39 <REP> d-------- C:\Program Files\Avira
    2008-09-14 21:39 . 2008-09-14 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-14 21:16 . 2008-09-14 21:16 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-09-13 20:36 . 2008-09-13 20:36 <REP> d-------- C:\WINDOWS\report
    2008-09-13 20:36 . 2008-09-13 20:19 22,127,629 --a------ C:\WINDOWS\LPT$VPN.539
    2008-09-13 20:19 . 2008-09-13 20:19 22,127,629 --a------ C:\WINDOWS\VPTNFILE.539
    2008-09-13 20:19 . 2008-09-13 20:19 1,966,422 --a------ C:\WINDOWS\tsc.ptn
    2008-09-13 20:19 . 2008-09-13 20:19 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
    2008-09-13 20:19 . 2008-09-13 20:19 333,576 --a------ C:\WINDOWS\TSC.exe
    2008-09-13 20:19 . 2008-09-13 20:19 91,744 --a------ C:\WINDOWS\BPMNT.dll
    2008-09-13 20:19 . 2008-09-13 20:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-09-13 20:19 . 2008-09-13 21:10 823 --a------ C:\WINDOWS\tsc.ini
    2008-09-13 19:01 . 2008-09-14 21:15 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-09-13 19:01 . 2008-09-13 19:01 <REP> d-------- C:\WINDOWS\AU_Log
    2008-09-13 19:01 . 2008-09-13 19:01 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-09-13 19:01 . 2008-09-13 19:01 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-09-13 19:01 . 2008-09-13 19:01 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-09-13 19:01 . 2008-09-13 19:01 170 --a------ C:\WINDOWS\GetServer.ini
    2008-09-13 17:40 . 2008-09-14 21:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-09-12 22:50 . 2008-09-12 23:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-12 22:49 . 2008-09-12 22:49 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-12 18:33 . 2008-09-12 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-08 20:21 . 2008-09-15 18:39 <REP> d-------- C:\Documents and Settings\JP\Application Data\U3
    2008-09-07 22:34 . 2008-09-07 22:40 <REP> d-------- C:\Program Files\RegCleaner
    2008-09-07 22:29 . 2008-09-07 22:29 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-09-07 22:23 . 2008-09-12 18:15 12 --a------ C:\WINDOWS\system32\mapisvc.inf
    2008-09-07 22:22 . 2008-09-12 18:17 <REP> d-------- C:\Program Files\ESET
    2008-09-07 21:46 . 2008-09-07 22:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-09-07 21:46 . 2008-09-07 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-05 21:19 . 2008-09-05 21:19 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-08-24 20:40 . 2008-08-24 20:40 0 --a------ C:\WINDOWS\OpPrintServer.INI
    2008-08-24 20:35 . 2008-08-24 20:35 <REP> d-------- C:\Documents and Settings\JP\Application Data\ArcSoft
    2008-08-24 20:31 . 2008-08-24 20:31 <REP> d-------- C:\Program Files\ArcSoft
    2008-08-24 20:31 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
    2008-08-18 22:55 . 2008-08-18 22:55 <REP> d-------- C:\WINDOWS\Sun
    2008-08-17 21:51 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-08-17 21:44 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-17 14:18 . 2008-04-13 19:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-08-17 13:57 . 2008-08-17 13:59 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-08-17 13:57 . 2008-04-13 19:34 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
    2008-08-17 13:53 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002593_.tmp
    2008-08-17 13:50 . 2008-08-17 13:50 <REP> d-------- C:\WINDOWS\EHome

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-13 20:43 --------- d-----w C:\Documents and Settings\JP\Application Data\Free Download Manager
    2008-09-12 20:50 --------- d-----w C:\Program Files\Lavasoft
    2008-09-12 16:22 --------- d-----w C:\Program Files\Alwil Software
    2008-08-30 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-24 18:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-24 18:40 --------- d-----w C:\Program Files\Canon
    2008-08-15 20:29 --------- d-----w C:\Program Files\ToniArts
    2008-08-15 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-08-15 14:16 --------- d-----w C:\Program Files\Java
    2008-08-15 14:16 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-08-15 07:28 --------- d-----w C:\Program Files\Windows Live
    2008-08-15 07:27 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-15 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-12 19:47 --------- d-----w C:\Program Files\Free Download Manager
    2008-08-12 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2008-08-12 19:21 --------- d-----w C:\Documents and Settings\JP\Application Data\Canon
    2008-08-12 19:11 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-08-12 19:10 --------- d-----w C:\Documents and Settings\JP\Application Data\MSNInstaller
    2008-08-11 20:34 --------- d-----w C:\Documents and Settings\JP\Application Data\AdobeUM
    2008-08-10 19:35 --------- d-----w C:\Documents and Settings\JP\Application Data\ACD Systems
    2008-08-10 06:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-08-10 06:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-08-10 06:30 --------- d-----w C:\Program Files\Lavalys
    2008-08-09 21:17 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
    2008-08-09 21:17 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-08-09 21:05 --------- d-----w C:\Program Files\OLITEC
    2008-08-08 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-08-07 19:50 --------- d-----w C:\Program Files\Macromedia
    2008-08-07 18:46 --------- d-----w C:\Program Files\ACD Systems
    2008-08-07 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-08-07 16:47 --------- d-----w C:\Documents and Settings\JP\Application Data\Media Player Classic
    2008-08-07 07:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-07 07:37 --------- d-----w C:\Program Files\Bonjour
    2008-08-07 07:30 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-08-07 06:57 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-08-07 06:56 --------- d-----w C:\Program Files\Nero
    2008-08-07 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-08-07 06:52 --------- d-----w C:\Program Files\PhotoFiltre
    2008-08-07 06:50 --------- d-----w C:\Program Files\VIA
    2008-08-07 06:48 --------- d-----w C:\Program Files\Microsoft Works
    2008-08-07 06:45 --------- d-----w C:\Program Files\Realtek
    2008-08-07 06:42 --------- d-----w C:\Program Files\S3
    2008-08-07 06:39 --------- d-----w C:\Program Files\SuperCopier2
    2008-08-07 06:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-08-07 06:31 --------- d-----w C:\Program Files\microsoft frontpage
    2008-08-07 06:29 --------- d-----w C:\Program Files\Services en ligne
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-06-23 15:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-15_20.45.40.98 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    - 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    + 2008-04-15 17:49:31 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-04 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R3 S3G700;S3G700;C:\WINDOWS\system32\DRIVERS\S3G700m.sys [2005-10-15 792576]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7c45003-7dcf-11dd-b4fc-001731c4ad82}]
    \Shell\AutoRun\command - D:\LaunchU3.exe -a

    *Newly Created Service* - MCHINJDRV
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-16 20:34:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\JP\LOCALS~1\Temp\mc22.tmp"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-16 20:40:21 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-16 18:39:50
    ComboFix2.txt 2008-09-15 18:46:36

    Avant-CF: 60,364,054,528 octets libres
    AprŠs-CF: 60,295,507,968 octets libres

    189 --- E O F --- 2008-09-15 19:45:25



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:42:23, on 16/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\JP\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 6882 bytes

    a b 8 Sécurité
    16 Septembre 2008 20:48:56

    Ton pc se comporte mieux ?
    16 Septembre 2008 21:07:20

    bonsoir,
    oui super on dirait que tout est redevenu normal..
    J'arrive à afficher les pages de recherche sous google , je n'ai plus de pub intempestives, et quand je suis sous IE, dans l'onglet confidentialité mon curseur reste là ou je le positionne moyennement haute... alors qu'avant il revenait à zéro.
    Je t'adresse un très grand merci, pour ton aide , ta disponibilité , c'est super ... grand merci encore
    du coup j'essaie de comprendre un peu le processus pour retrouver ce malware.. avec les tutos.. et en comparant les rapports avec les listes BHO ( je crois ) mais c'est très très compliqué...
    Bonne soirée merci pour tout... :hello: 
    a b 8 Sécurité
    16 Septembre 2008 21:10:33

    De rien ;) 
    26 Novembre 2012 18:21:02

    Bonjour,

    J'ai exactement le même problème que Paulo1363 d'il y a 4 ans.

    J'ai essayé de suivre la procédure qu'Angeldark décrit, à savoir lancer catchme.exe. Le rapport que j'ai est beaucoup plus court, le voici :

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

    Je suppose que vous avez besoin d'autres infos, n'hésitez pas à me demander, je ne sais pas exactement de quoi vous avez besoin.

    Si vous pouvez m'aider, je vous en remercie très chaleureusement ! c'est vraiment la M.... !

    Merci encore,

    26 Novembre 2012 18:45:34

    Re-bonjour,

    Je me suis permis de lancer combofix et voici le rapport si ça peut aider :

    ComboFix 12-11-26.02 - ORTIZ VELASCO 26/11/2012 18:27:48.1.2 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4095.2844 [GMT 1:00]
    Lancé depuis: c:\users\ORTIZ VELASCO\Downloads\ComboFix.exe
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\BrowserCompanion
    c:\program files (x86)\BrowserCompanion\BCHelper.exe
    c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
    c:\program files (x86)\BrowserCompanion\jsloader.dll
    c:\program files (x86)\BrowserCompanion\logo.ico
    c:\program files (x86)\BrowserCompanion\sqlite3.dll
    c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
    c:\program files (x86)\BrowserCompanion\toolbar.dll
    c:\program files (x86)\BrowserCompanion\uninstall.exe
    c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
    c:\program files (x86)\BrowserCompanion\updater.ini
    c:\program files (x86)\BrowserCompanion\widgetserv.exe
    c:\users\ORTIZ VELASCO\AppData\Local\assembly\tmp
    c:\windows\SysWow64\pt
    c:\windows\SysWow64\pt\Lagoon.resources.dll
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-10-26 au 2012-11-26 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-11-26 17:38 . 2012-11-26 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-25 21:41 . 2012-11-25 21:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1402000.013
    2012-11-25 21:32 . 2012-11-25 21:54 -------- d-----w- c:\programdata\HP Photo Creations
    2012-11-25 21:32 . 2012-11-25 21:32 -------- d-----w- c:\program files (x86)\HP Photo Creations
    2012-11-19 13:39 . 2012-11-19 13:39 102400 --sha-r- c:\windows\SysWow64\fontviewd.dll
    2012-11-16 07:18 . 2012-10-17 01:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CA79E42-03F7-4102-B96F-F77103C55970}\mpengine.dll
    2012-11-14 23:50 . 2012-11-14 23:50 0 ----a-w- c:\windows\SysWow64\sho91F4.tmp
    2012-11-13 23:15 . 2012-07-26 05:04 2560 ----a-w- c:\windows\system32\drivers\fr-FR\wdf01000.sys.mui
    2012-11-13 23:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-13 23:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-13 23:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-13 23:12 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-11-13 23:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-13 23:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-13 23:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-13 23:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-13 23:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-13 23:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-13 23:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-13 23:07 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-11-13 23:07 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-11-03 10:28 . 2012-11-03 10:28 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-11-03 10:26 . 2012-11-03 10:26 -------- d-----w- c:\programdata\Visan
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-25 21:42 . 2011-04-13 06:41 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-11-13 23:12 . 2011-10-21 23:06 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-12 16:36 . 2012-10-12 16:36 8525904 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
    2012-10-09 06:52 . 2012-04-14 20:25 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 06:52 . 2011-11-10 21:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-24 14:32 . 2012-07-22 09:36 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-09-24 14:32 . 2012-03-04 17:30 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-14 19:19 . 2012-10-10 09:31 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 09:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-08-31 18:19 . 2012-10-10 09:31 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 09:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 09:31 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 09:31 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
    2011-08-24 19:19 894824 ----a-w- c:\program files (x86)\alot\bin\BHO\alotBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}"= "c:\program files (x86)\alot\bin\alot.dll" [2011-08-24 894824]
    .
    [HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-29 2275360]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-29 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TouchPortalV3Launcher"="c:\program files (x86)\Packard Bell\Packard Bell TouchPortal\TouchPortalLauncher.exe" [2010-11-30 438376]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-10-04 2933184]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "MDS_Menu"="c:\program files (x86)\Packard Bell\Packard Bell TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-03 493216]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-03 1133216]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-03 168096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-11-23 513184]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-06 224416]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-06 432800]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-11 203264]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-10 143928]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
    S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [2010-11-25 1779968]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-03-01 31088]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 06:52]
    .
    2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 06:48]
    .
    2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 06:48]
    .
    2012-11-26 c:\windows\Tasks\SQZK.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/?PC=BNSR
    mDefault_Page_URL = hxxp://packardbell.msn.com
    mStart Page = hxxp://packardbell.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
    Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
    Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111109063336
    FF - ProfilePath - c:\users\ORTIZ VELASCO\AppData\Roaming\Mozilla\Firefox\Profiles\c9qm5lkh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.fr.msn.com/m6-actualite/#fbid=3mg4Zwjd8k8
    FF - ExtSQL: 2012-11-03 11:27; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    FF - ExtSQL: 2012-11-19 22:13; google@hitachi.com; c:\users\ORTIZ VELASCO\AppData\Roaming\Mozilla\Firefox\Profiles\c9qm5lkh.default\extensions\google@hitachi.com.xpi
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2656373~31bf3856ad364e35~amd64~~6.1.2.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2667402~31bf3856ad364e35~amd64~~6.1.2.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2677070~31bf3856ad364e35~amd64~~6.1.1.2]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2685939~31bf3856ad364e35~amd64~~6.1.1.2]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2686831~31bf3856ad364e35~amd64~~6.1.1.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2699779~31bf3856ad364e35~amd64~~6.1.2.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2699988~31bf3856ad364e35~amd64~~9.4.1.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2703157~31bf3856ad364e35~amd64~~6.1.1.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000050
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2709162~31bf3856ad364e35~amd64~~6.1.1.2]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2709630~31bf3856ad364e35~amd64~~6.1.1.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2709715~31bf3856ad364e35~amd64~~6.1.1.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2709981~31bf3856ad364e35~amd64~~6.1.2.0]
    @DACL=(02 0000)
    "ApplicabilityState"=dword:00000070
    "CurrentState"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2012-11-26 18:40:50
    ComboFix-quarantined-files.txt 2012-11-26 17:40
    .
    Avant-CF: 677 250 457 600 octets libres
    Après-CF: 677 721 690 112 octets libres
    .
    - - End Of File - - 386820FAF30EFDF193A2F3733FB3C2AB


    Merci encore !!
    26 Novembre 2012 18:57:30

    Bon ben je crois que l'ordi marche beaucoup mieux. Il est un peu plus rapide, je n'ai pas de pub intempestive (pour l'instant) et surtout je peux chercher avec Google !!!

    Bref je crois que votre tuto a arrangé mon problème !!!

    Si je constate une autre anomalie, je vous ferais signe.

    Vous êtes des champions, merci à tous !!!!!!!!!
    a c 547 8 Sécurité
    a b á Google
    26 Novembre 2012 19:14:09

    Bonsoir,

    Vous souhaitez une prise en charge ?
    Merci de créer votre propre sujet.
    Un seul sujet par utilisateur et infection, chaque pc est différent.

    je ferme ici.
    :jap: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS