Plantages sans cesse depuis visite de myp2p.com

quelqu'un pour m'aider???

existe t il un antivirus capable de régler le probleme?

Bonjour,

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

voila les liens pour les rapports OTL et Extras:

http://www.cijoint.fr/cjlink.php?file=cj201005/cijoBQKq...

http://www.cijoint.fr/cjlink.php?file=cj201005/cijRPDAL...

Le PC est infecté.

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

Déconnecte-toi et ferme toutes applications en cours.

Double-clique sur AD-R situé sur ton Bureau pour le lancer.

Choisis Nettoyer puis valide.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Ok...

Voici le rapport Ad R:

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 07/05/10 à 16:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:48:19 le 12/05/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: POSTE
Utilisateur actuel: Nicolas
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Barre d'outils Crawler
C:\Program Files\Crawler
C:\Program Files\Fast Browser Search
C:\Program Files\Mozilla FireFox\searchplugins\crawlersrch.xml
C:\Program Files\SGPSA

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\CToolbar
HKCU\Software\FBSearch
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
HKLM\Software\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
HKLM\Software\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Classes\ComObject.DeskbarEnabler
HKLM\Software\Classes\ComObject.DeskbarEnabler.1
HKLM\Software\Classes\CTBR.R404Pro
HKLM\Software\Classes\CToolbar.TB4Client
HKLM\Software\Classes\CToolbar.TB4Script
HKLM\Software\Classes\CToolbar.TB4Server
HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
HKLM\Software\Classes\PROTOCOLS\Handler\tbr
HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
HKLM\Software\CToolbar
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{530EBFCA-0960-4706-857C-AA14D1C0C4F5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
(Orpheline) HKLM,Uninstall - ie7 - C:\WINDOWS\ie7\spuninst\spuninst.exe (Fichier manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\Nicolas\..\u2xconxq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Nicolas\\Bureau\\Cours Emile\\Images boulot
C:\Documents and Settings\Nicolas\..\u2xconxq.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/
C:\Documents and Settings\Nicolas\..\u2xconxq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\HelpAssistant\..\u2xconxq.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Nicolas\\Bureau\\Cours Emile\\Images boulot
C:\Documents and Settings\HelpAssistant\..\u2xconxq.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/
C:\Documents and Settings\HelpAssistant\..\u2xconxq.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 3 Fichier(s)
C:\Ad-Remover\Backup: 13 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 7525 Octet(s)
.
Fin à: 11:55:27, 12/05/2010
.
============== E.O.F - CLEAN[1] ==============

Bien.

Relance Ad-Remover et choisis Désinstaller.

Refais un scan OTL et poste le rapport OTL.

Voila voila!

apres avoir cliqué sur "désinstallation" dans AD R, rien ne s'est passé à l'écran (je ne sais pas si ça s'est correctement executé). J'ai ré essayé mais toujours rien. normal ou pas?

en tout cas j'ai refais un scan OTL suite à cela et voici le rapport:

OTL logfile created on: 12/05/2010 23:43:54 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Nicolas\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 98,98 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 151,60 Gb Total Space | 151,53 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: POSTE
Current User Name: Nicolas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Nicolas\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\vsnpstd2.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Nicolas\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (snpstd2) -- C:\WINDOWS\system32\drivers\snpstd2.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 19:23:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 10:20:25 | 000,000,000 | ---D | M]

[2010/01/22 10:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2010/05/12 15:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\u2xconxq.default\extensions
[2010/01/22 10:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\u2xconxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 15:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:53:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/16 03:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 03:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 03:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 03:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/24 17:40:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.ap... (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/F... (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Cont... (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1... (Facebook Photo Uploader 5 Control)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSig... (AdVerifierADPCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-wind... (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/20 12:19:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7ef40afd-31d3-11df-92af-001cc086c23c}\Shell - "" = AutoRun
O33 - MountPoints2\{d9db5566-ed70-11de-9180-001cc086c23c}\Shell\AutoRun\command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{d9db5566-ed70-11de-9180-001cc086c23c}\Shell\explore\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{d9db5566-ed70-11de-9180-001cc086c23c}\Shell\open\Command - "" = F:\sxs.exe -- File not found
O33 - MountPoints2\{fa67b95e-ea5b-11de-9177-001cc086c23c}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 10:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
[2010/05/10 10:41:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:40:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/10 10:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/10 10:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/10 10:40:21 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nicolas\Bureau\mbam-setup-1.46.exe
[2010/05/06 17:47:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSIGYLIJE
[2010/05/06 17:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ba57ee2
[2010/05/05 17:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/04 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/03 12:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Bureau\Résumés equipe A ESOE 2009-2010
[2010/04/14 13:06:11 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/04/14 13:05:47 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/04/14 13:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/04/14 13:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/04/14 13:05:34 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/04/14 13:05:31 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/04/14 13:05:28 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/04/14 13:05:25 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/04/14 13:05:20 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/04/14 13:04:28 | 000,036,864 | R--- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2010/04/14 13:04:28 | 000,036,864 | R--- | C] ( ) -- C:\WINDOWS\System32\dsnpstd2.ax
[2010/04/14 12:56:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\amcap.exe
[2010/04/14 12:56:29 | 000,061,440 | R--- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2010/04/14 12:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Application Data\skypePM
[2010/04/14 12:55:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/04/14 12:55:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/04/14 12:55:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/14 12:55:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2010/04/14 12:55:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/04/14 12:55:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/04/14 12:55:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/14 12:55:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/04/14 12:55:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/04/14 12:55:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/04/14 12:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Application Data\Skype
[2010/04/14 12:47:49 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/04/14 12:47:49 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/04/14 12:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2010/04/14 12:47:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/14 12:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 23:41:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 23:41:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 23:40:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Nicolas\ntuser.ini
[2010/05/12 12:09:00 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Nicolas\ntuser.dat
[2010/05/12 11:55:26 | 000,000,281 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2010/05/12 11:37:42 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 18:53:58 | 001,102,320 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/10 18:53:58 | 000,503,656 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/10 18:53:58 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/10 18:53:58 | 000,081,626 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/10 18:53:58 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/10 10:41:08 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/10 10:40:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/10 10:36:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nicolas\Bureau\mbam-setup-1.46.exe
[2010/05/08 16:31:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/05/06 17:47:09 | 000,000,790 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\host_new
[2010/05/06 13:16:51 | 000,023,458 | ---- | M] () -- C:\Documents and Settings\Nicolas\Mes documents\Liste Mariage.xlsx
[2010/05/03 13:20:25 | 000,254,488 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\eval inter EE 3è musu.jpg
[2010/05/02 11:11:02 | 000,011,406 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Date de la transaction.docx
[2010/04/29 20:55:29 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 16:15:07 | 000,317,883 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Facture oléobois.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:56:25 | 000,354,433 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Maxoutil.jpg
[2010/04/26 17:33:54 | 000,012,757 | ---- | M] () -- C:\Documents and Settings\Nicolas\Mes documents\webquest animals planet 2.docx
[2010/04/26 17:33:41 | 000,011,693 | ---- | M] () -- C:\Documents and Settings\Nicolas\Mes documents\Webquestanimals planet 1.docx
[2010/04/21 09:25:22 | 000,291,975 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\ebehart facture 14.jpg
[2010/04/21 09:20:10 | 000,017,039 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\commande huile bardage.docx
[2010/04/21 09:20:00 | 000,012,491 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\commande clous.docx
[2010/04/21 09:19:46 | 000,012,011 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Commande vis.docx
[2010/04/18 12:52:03 | 000,645,244 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Livres sur les piscines écologiques.docx
[2010/04/14 13:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 12:56:03 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/14 10:59:06 | 002,510,223 | ---- | M] () -- C:\Documents and Settings\Nicolas\Bureau\Numériser0001.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 10:41:08 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/03 13:20:09 | 000,254,488 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\eval inter EE 3è musu.jpg
[2010/05/03 12:03:33 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Nicolas\ntuser.dat
[2010/05/02 11:11:01 | 000,011,406 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Date de la transaction.docx
[2010/04/29 16:14:52 | 000,317,883 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Facture oléobois.jpg
[2010/04/29 13:56:10 | 000,354,433 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Maxoutil.jpg
[2010/04/26 17:33:54 | 000,012,757 | ---- | C] () -- C:\Documents and Settings\Nicolas\Mes documents\webquest animals planet 2.docx
[2010/04/26 17:33:41 | 000,011,693 | ---- | C] () -- C:\Documents and Settings\Nicolas\Mes documents\Webquestanimals planet 1.docx
[2010/04/21 09:25:06 | 000,291,975 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\ebehart facture 14.jpg
[2010/04/21 09:20:10 | 000,017,039 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\commande huile bardage.docx
[2010/04/21 09:20:00 | 000,012,491 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\commande clous.docx
[2010/04/21 09:19:46 | 000,012,011 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Commande vis.docx
[2010/04/18 12:52:02 | 000,645,244 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Livres sur les piscines écologiques.docx
[2010/04/14 13:04:30 | 000,020,480 | R--- | C] () -- C:\WINDOWS\usnpstd2.exe
[2010/04/14 13:04:29 | 000,286,720 | R--- | C] () -- C:\WINDOWS\vsnpstd2.exe
[2010/04/14 13:04:29 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2010/04/14 13:04:29 | 000,013,023 | R--- | C] () -- C:\WINDOWS\snpstd2.src
[2010/04/14 13:04:28 | 000,015,541 | R--- | C] () -- C:\WINDOWS\snpstd2.ini
[2010/04/14 13:04:27 | 000,347,264 | R--- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2010/04/14 12:56:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/14 12:47:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/04/14 10:59:11 | 002,510,223 | ---- | C] () -- C:\Documents and Settings\Nicolas\Bureau\Numériser0001.jpg
[2010/04/13 15:28:47 | 000,023,458 | ---- | C] () -- C:\Documents and Settings\Nicolas\Mes documents\Liste Mariage.xlsx
[2009/12/25 13:18:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/25 13:18:29 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/11/24 20:31:48 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/28 22:38:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/22 11:19:12 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/02/22 11:04:53 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/02/22 11:02:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2009/02/20 15:02:05 | 000,000,275 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/20 12:47:20 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2001/07/06 17:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2010/05/10 12:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ba57ee2
[2009/12/25 13:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/05/06 17:47:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSIGYLIJE
[2010/05/12 11:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/08/09 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Anuman Interactive
[2010/04/21 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Image Zone Express
[2009/10/12 10:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\IndexEducation
[2009/08/09 15:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\LiveCAD2
[2009/07/16 08:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org
[2010/02/21 23:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Pixia
[2010/05/12 23:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Spyware Terminator
[2010/05/04 21:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\uTorrent

========== Purity Check ==========


< End of report >

Comment va le PC ?

Malwarebytes' Anti-Malware a trouvé quelque chose ?

Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix pour l'exécuter.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Le PC ne va pas mieux...

Il plante toujours encore apres une vingtaine de minutes, au démarrage le son est toujours encore saccadé...

MBAM n'a rien retrouvé..

Et voici le rapport UsBFix:


############################## | UsbFix V6.113 |

User : Nicolas (Administrateurs) # POSTE
Update on 12/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:09:43 | 13/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local # 146,48 Go (98,71 Go free) [SYSTEME] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 151,6 Go (151,53 Go free) [DONNEES] # NTFS
G:\ -> Disque amovible # 1,88 Go (403,88 Mo free) # FAT
H:\ -> Disque amovible
I:\ -> Disque amovible

################## | Elements infectieux |


################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{7ef40afd-31d3-11df-92af-001cc086c23c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

HKCU\..\..\Explorer\MountPoints2\{d9db5566-ed70-11de-9180-001cc086c23c}
Shell\AutoRun\command =F:\sxs.exe
Shell\explore\Command =F:\sxs.exe
Shell\open\Command =F:\sxs.exe

HKCU\..\..\Explorer\MountPoints2\{fa67b95e-ea5b-11de-9177-001cc086c23c}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.113 ! |

Par rapport à Spyware Terminator :
http://forum.malekal.com/antispyware-gratuit-sert-rien-...

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix présent sur ton Bureau pour le lancer.

Choisis l'option 2 (Suppression).

Ton Bureau disparaîtra et le PC redémarrera.

Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

Voila le rapport:

############################## | UsbFix V6.113 |

User : Nicolas (Administrateurs) # POSTE
Update on 12/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:38:47 | 13/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Processeur Intel Pentium III Xeon
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local # 146,48 Go (98,62 Go free) [SYSTEME] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local # 151,6 Go (151,53 Go free) [DONNEES] # NTFS
G:\ -> Disque amovible # 1,88 Go (403,88 Mo free) # FAT
H:\ -> Disque amovible
I:\ -> Disque amovible

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1606980848-484763869-682003330-1004
Supprimé ! C:\Recycler\S-1-5-21-1606980848-484763869-682003330-500
Supprimé ! E:\Recycler\S-1-5-21-1606980848-484763869-682003330-1004

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{7ef40afd-31d3-11df-92af-001cc086c23c}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d9db5566-ed70-11de-9180-001cc086c23c}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{fa67b95e-ea5b-11de-9177-001cc086c23c}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[20/02/2009 12:19|--a------|0] C:\AUTOEXEC.BAT
[20/02/2009 12:15|---hs----|216] C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] C:\Bootfont.bin
[20/02/2009 12:19|--a------|0] C:\CONFIG.SYS
[20/02/2009 12:19|-rahs----|0] C:\IO.SYS
[20/02/2009 12:19|-rahs----|0] C:\MSDOS.SYS
[14/04/2008 14:00|-rahs----|47564] C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[22/02/2009 10:57|--a------|90] C:\Setup.log
[13/05/2010 11:59|--a------|1954] C:\UsbFix.txt
[01/03/2010 18:12|--ah-----|4096] G:\._.Trashes
[01/03/2010 18:51|--a------|4597214] G:\1.jpg
[01/03/2010 18:51|--ah-----|64237] G:\._1.jpg
[01/03/2010 18:58|--a------|4635327] G:\2.jpg
[01/03/2010 18:58|--ah-----|64208] G:\._2.jpg
[01/03/2010 19:04|--a------|4554868] G:\3.jpg
[01/03/2010 19:04|--ah-----|64614] G:\._3.jpg
[01/03/2010 19:10|--a------|4564984] G:\4
[01/03/2010 19:10|--ah-----|64690] G:\._4
[01/03/2010 19:11|--a------|4563006] G:\5.jpg
[01/03/2010 19:11|--ah-----|64662] G:\._5.jpg
[01/03/2010 19:12|--a------|4553118] G:\6
[01/03/2010 19:12|--ah-----|64603] G:\._6
[01/03/2010 19:14|--a------|4603648] G:\7.jpg
[01/03/2010 19:14|--ah-----|64552] G:\._7.jpg
[01/03/2010 19:15|--a------|4657121] G:\8.jpg
[01/03/2010 19:15|--ah-----|64502] G:\._8.jpg
[01/03/2010 19:18|--a------|4639619] G:\9.jpg
[01/03/2010 19:18|--ah-----|64596] G:\._9.jpg
[01/03/2010 19:28|--a------|4651924] G:\10.jpg
[01/03/2010 19:28|--ah-----|64240] G:\._10.jpg
[01/03/2010 19:34|--a------|4657401] G:\11.jpg
[01/03/2010 19:34|--ah-----|64262] G:\._11.jpg
[15/03/2010 13:18|--a------|3153835] G:\IMG_3347.JPG
[15/03/2010 13:18|--a------|3335250] G:\IMG_3348.JPG
[15/03/2010 13:18|--a------|3294314] G:\IMG_3349.JPG
[15/03/2010 13:19|--a------|2891805] G:\IMG_3350.JPG
[15/03/2010 23:26|--a------|5877702] G:\12.jpg
[15/03/2010 23:26|--ah-----|65702] G:\._12.jpg
[15/03/2010 23:28|--a------|5768219] G:\13.jpg
[15/03/2010 23:28|--ah-----|65671] G:\._13.jpg
[15/03/2010 23:29|--a------|5922082] G:\14.jpg
[15/03/2010 23:29|--ah-----|65757] G:\._14.jpg
[15/03/2010 23:30|--a------|5911726] G:\15.jpg
[15/03/2010 23:30|--ah-----|65771] G:\._15.jpg
[15/03/2010 23:34|--a------|3068437] G:\16.jpg
[15/03/2010 23:34|--ah-----|65767] G:\._16.jpg
[18/03/2010 13:46|--a------|1205172] G:\faire part.pdf
[22/03/2010 08:28|--a------|1205172] G:\Proposition4(2).pdf
[29/03/2010 11:06|--ah-----|165] G:\~$Gestion patients.xlsx
[29/03/2010 11:06|--a------|102576] G:\Gestion patients.xlsx
[18/04/2010 19:55|--a------|735604736] G:\Pour.Elle.FRENCH.DVDRip.XViD-PUTCH.avi
[18/04/2010 19:04|--a------|739237424] G:\Micmacs a tire-larigot.FRENCH.DVDRip.XViD-DVDFR.avi
[10/05/2010 10:36|--a------|6153352] G:\mbam-setup-1.46.exe
[10/05/2010 10:38|--a------|1612] G:\BOOTEX.LOG

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_POSTE.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.113 ! |

A propos de Spyware terminator... je peux donc le supprimer si j'ai bien compris..??
Antivir fait-il l'affaire?

Je n'en vois pas l'utilité.

Relance UsbFix et choisis l'option 6 pour le désinstaller.

Je ne vois plus d'infection.

Il te reste quel souci ?

l'ordi fait encore un bruit saccadé (qu'il ne faisait pas avant l'infection) au demarrage de windows et des icones apparues sur mon bureau suite à l'infection sont toujours encore la...

Des signes d'infection encore??

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Il va te demander d'installer la console de récupération : accepte.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Voila le rapport combofix:

ComboFix 10-05-12.04 - Nicolas 13/05/2010 12:58:52.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2036.1623 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nicolas\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-13 au 2010-05-13 ))))))))))))))))))))))))))))))))))))
.

2010-05-13 09:59 . 2010-05-13 09:59 1904 ----a-w- C:\UsbFix_Upload_Me_POSTE.zip
2010-05-13 09:08 . 2010-05-13 10:31 -------- d-----w- C:\UsbFix
2010-05-10 16:34 . 2010-05-10 16:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-05-10 14:53 . 2010-05-10 14:53 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-05-10 08:41 . 2010-05-10 08:41 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Malwarebytes
2010-05-10 08:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 08:40 . 2010-05-10 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-10 08:40 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 08:40 . 2010-05-10 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 15:47 . 2010-05-06 15:47 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSIGYLIJE
2010-05-06 15:47 . 2010-04-04 08:20 458200 ----a-w- c:\documents and settings\All Users\Application Data\ba57ee2\sqlite3.dll
2010-05-06 15:47 . 2010-04-04 08:20 718296 ----a-w- c:\documents and settings\All Users\Application Data\ba57ee2\mozcrt19.dll
2010-05-06 15:37 . 2010-05-10 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ba57ee2
2010-05-05 15:02 . 2010-05-05 15:02 -------- d-----r- c:\documents and settings\LocalService\Favoris
2010-05-05 15:02 . 2010-05-05 15:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-04 20:25 . 2010-05-13 10:07 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-05-04 20:07 . 2010-05-04 20:22 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Démarrer
2010-05-04 20:07 . 2009-02-20 11:04 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression
2010-05-04 20:07 . 2009-02-20 10:17 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles
2010-05-04 19:44 . 2010-05-04 19:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 15:11 . 2010-05-04 19:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-14 11:06 . 2008-04-13 09:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-14 11:06 . 2008-04-13 09:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-04-14 11:05 . 2008-04-13 09:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-14 11:05 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-04-14 11:05 . 2008-04-13 09:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-14 11:05 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-04-14 11:05 . 2008-04-13 09:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-04-14 11:05 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-04-14 11:05 . 2008-04-13 09:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-14 11:05 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-04-14 11:05 . 2008-04-13 09:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-14 11:05 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-04-14 11:05 . 2008-04-13 09:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-14 11:05 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-04-14 11:04 . 2004-06-09 16:00 20480 ----a-r- c:\windows\usnpstd2.exe
2010-04-14 11:04 . 2004-08-30 16:37 286720 ----a-r- c:\windows\vsnpstd2.exe
2010-04-14 11:04 . 2004-06-08 18:25 53248 ----a-r- c:\windows\system32\dsnpstd2.dll
2010-04-14 11:04 . 2004-09-24 13:52 36864 ----a-r- c:\windows\system32\vsnpstd2.dll
2010-04-14 11:04 . 2004-10-14 17:12 347264 ----a-r- c:\windows\system32\drivers\snpstd2.sys
2010-04-14 10:56 . 2002-07-03 09:44 53248 ----a-w- c:\windows\amcap.exe
2010-04-14 10:56 . 2004-02-16 12:59 61440 ----a-r- c:\windows\system32\csnpstd2.dll
2010-04-14 10:56 . 2010-04-14 10:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-14 10:56 . 2010-05-13 07:42 -------- d-----w- c:\documents and settings\Nicolas\Application Data\skypePM
2010-04-14 10:55 . 2008-04-13 17:33 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-14 10:55 . 2008-04-13 17:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-14 10:54 . 2010-05-13 10:56 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Skype
2010-04-14 10:47 . 2008-04-13 09:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-14 10:47 . 2008-04-13 09:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-14 10:47 . 2010-04-14 10:47 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-04-14 10:47 . 2010-04-14 10:53 -------- d-----r- c:\program files\Skype
2010-04-14 10:47 . 2010-04-14 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 10:49 . 2009-02-22 09:04 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Spyware Terminator
2010-05-13 09:15 . 2009-02-22 09:04 -------- d-----w- c:\program files\Spyware Terminator
2010-05-13 09:03 . 2009-02-22 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-05-13 08:54 . 2009-07-16 06:39 1 ----a-w- c:\documents and settings\Nicolas\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-13 07:50 . 2009-02-22 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 16:53 . 2008-04-14 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-10 16:53 . 2008-04-14 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-04 19:43 . 2009-03-19 18:40 -------- d-----w- c:\documents and settings\Nicolas\Application Data\uTorrent
2010-05-01 07:52 . 2009-03-03 17:41 -------- d-----w- c:\documents and settings\Nicolas\Application Data\ZoomBrowser EX
2010-05-01 07:52 . 2009-03-03 17:39 -------- d-----w- c:\documents and settings\Nicolas\Application Data\CameraWindowDC
2010-04-21 14:31 . 2009-03-13 11:26 -------- d-----w- c:\documents and settings\Nicolas\Application Data\Image Zone Express
2010-04-14 10:56 . 2009-02-20 10:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-02-22 2233856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-10 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2529:TCP"= 2529:TCP:Services
"3558:TCP"= 3558:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"8987:TCP"= 8987:TCP:Services
"8988:TCP"= 8988:TCP:Services

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22/02/2009 11:04 142592]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [13/12/2009 11:24 108289]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
FF - ProfilePath - c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\u2xconxq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Nicolas\Local Settings\Application Data\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
Heure de fin: 2010-05-13 13:04:47
ComboFix-quarantined-files.txt 2010-05-13 11:04

Avant-CF: 105 792 798 720 octets libres
Après-CF: 105 807 634 432 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 0A48EC21FEF95430722C34D1FDF3FBAE

Il n'a rien trouvé.

Tu as fait un scan avec AntiVir ?

L'ordi a l'air daller mieux...

J'ai effectué un scan antivir qui a détecté 2 virus ("adware") et les a déplacé en quarantaine...

qu'en pense - tu?

Que je ne sais pas d'où vient le problème.

ben merci qd meme...