Des pages internet s'ouvrent toutes seules... [résolu]

Bonsoir  

1
Télécharge DDS et sauvegarde-le sur ton bureau.

Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.

Double-clique sur dds.scr pour lancer l'outil.

Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .

Clique Oui à la prochaine invite Optional Scan.

Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.

Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet "rootkit"

A droite, coche tout.

Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.

Enregistre le fichier sur ton Bureau et poste le contenu ici.

merci sham rock !!! c'est gentil !!!
alors voici le rapport DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Simon at 21:49:59,09 on 07/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3327.2517 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100607-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover131.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\BarDiscover\bardiscover.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Simon\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.pucuy.com/
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SOFT2PCBHO Class: {3475d2c4-bbd1-4255-a70d-4125a4d30956} - c:\program files\soft2pc\soft2pcBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_SB2.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [D-Link AirPlus XtremeG DWL-G122] c:\program files\d-link\airplus xtremeg dwl-g122\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [soft2PC] "c:\program files\soft2pc\soft2pc.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\simon\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\quqxyfaa.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: network.proxy.http - 174.142.24.201
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\dealio toolbar\ff\components\dealioToolbarFF.dll
FF - component: c:\program files\search settings\ff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-30 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-16 114768]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-5-30 3968]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-16 138680]
R2 BarDiscover Service;BarDiscover Service;c:\documents and settings\all users\application data\bardiscover\bardiscover131.exe [2010-6-5 61712]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-16 352920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-2-15 56992]
S2 gupdate1cab6f47faae28;Service Google Update (gupdate1cab6f47faae28);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-5 1314704]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-12 1684736]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-5-11 271728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-06-07 13:58:48 0 d-----w- c:\program files\ma-config.com
2010-06-07 13:58:48 0 d-----w- c:\docume~1\alluse~1\applic~1\ma-config.com
2010-06-02 15:03:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Boss Media
2010-06-02 15:03:28 0 d-----w- c:\program files\BetClick Poker
2010-06-01 03:51:34 0 d-----w- c:\windows\system32\XPSViewer
2010-06-01 03:51:03 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-01 03:51:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-01 03:51:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-01 03:51:03 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-01 03:51:03 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-01 03:51:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-01 03:51:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-01 03:51:02 0 d-----w- C:\128b932ab15fe658cc6e84
2010-05-31 22:59:22 0 d-----w- c:\program files\MSXML 4.0
2010-05-31 11:06:02 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-31 11:06:02 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-31 11:05:21 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-31 11:02:16 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-31 11:00:50 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-31 11:00:47 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-31 11:00:46 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-31 11:00:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-31 11:00:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-31 11:00:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-31 11:00:26 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-31 11:00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-30 20:37:47 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-30 20:30:05 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-05-30 20:24:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-30 19:55:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-30 19:55:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-30 19:51:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-05-30 19:51:19 0 d-----w- c:\program files\Lavasoft
2010-05-30 13:31:55 0 d-----w- c:\docume~1\simon\applic~1\tasks
2010-05-30 13:31:23 0 d-----w- c:\docume~1\simon\applic~1\KyuubiBarre
2010-05-30 13:31:22 0 d-----w- c:\program files\KyuubiBarre
2010-05-30 13:22:30 0 d-----w- c:\docume~1\simon\applic~1\freeTVRadio
2010-05-30 13:22:17 0 d-----w- c:\program files\freeTVRadio
2010-05-29 00:57:36 0 d-----w- c:\docume~1\simon\applic~1\Malwarebytes
2010-05-29 00:57:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 00:57:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 00:57:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-29 00:57:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 00:46:55 0 d-----w- c:\program files\CCleaner
2010-05-23 09:29:17 0 d-----w- c:\docume~1\simon\applic~1\Search Settings
2010-05-23 09:29:16 0 d-----w- c:\docume~1\simon\applic~1\Dealio
2010-05-23 09:28:19 0 d-----w- c:\program files\Search Settings
2010-05-23 09:28:10 0 d-----w- c:\program files\Dealio Toolbar
2010-05-23 09:28:10 0 d-----w- c:\program files\Application Updater
2010-05-23 09:28:02 0 d-----w- c:\program files\Free Audio Pack
2010-05-23 09:28:02 0 d-----w- c:\docume~1\simon\applic~1\FreeAudioPack
2010-05-21 20:46:28 0 d-----w- c:\program files\Panicware
2010-05-21 20:42:08 0 d-----w- c:\windows\pss

==================== Find3M ====================

2010-06-05 03:31:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-05 03:31:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2006-06-25 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 21:50:18,20 ===============

et voici le rapport du scan GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 23:00:37
Windows 5.1.2600 Service Pack 3
Running: upsys1s6.exe; Driver: C:\DOCUME~1\Simon\LOCALS~1\Temp\kwpdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB49EF6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB49EF574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB49EFA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB49EF14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB49EF64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB49EF08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB49EF0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB49EF76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB49EF72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB49EF8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7665380, 0x3DF295, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

re
lis ceci:
http://forum.malekal.com/les-toolbars-est-pas-obligatoi...

++++++++++++++

Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.


/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

Choisis la langue F pour français.

Au menu principal, choisis l'option Scanner.

/!\ Laisse travailler l'outil /!\

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\

Ca m'arrive aussi parfois, merci pour les conseils!

ce que tu m'a demander de lire veut dire que j'ai trop de moteur de recherche?

voici le rapport :

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:24:09 le 07/06/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
Nom du PC: NETTER-8014C706
Utilisateur actuel: Simon
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
Service: *Application Updater*
.
C:\Documents and Settings\All Users\Application Data\bardiscover
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\Simon\Application Data\Dealio
C:\Documents and Settings\Simon\Application Data\Search Settings
C:\Documents and Settings\Simon\Application Data\Soft2PC
C:\Documents and Settings\Simon\Local Settings\Application Data\Soft2PC
C:\Program Files\Application Updater
C:\Program Files\bardiscover
C:\Program Files\Dealio Toolbar
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\extensions\dealio@mybrowserbar.com
C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
C:\Program Files\Search Settings
C:\Program Files\Soft2PC
.
HKCU\Software\Dealio
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Search Settings
HKCU\Software\soft2PC
HKLM\Software\Application Updater
HKLM\Software\bardiscover
HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
HKLM\Software\Search Settings
HKLM\Software\soft2PC
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettingsRes409.dll
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6 (fr) *
.
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.search.selectedEngine: Search
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.pucuy.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 1268 Octet(s)
C:\Ad-Report-SCAN[2].txt - 6895 Octet(s)
.
Fin à: 23:34:26, 07/06/2010
.
============== E.O.F - SCAN[2] ==============

Bonjour,

/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\

Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

Choisis la langue F pour français.

Au menu principal, choisis l'option Nettoyer.

/!\ Laisse travailler l'outil /!\

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
[fixed]/!\ Pense à réactiver ton antivirus /!\

+++++++++++++++


refais un scan DDS et poste le rapport  

re
ne t'inquiète pas, fais ce que je te demande  

je sait pas si y'a un rapport mais il y a des sites internet ( comme ma banque par ex ) ou je peut plus y acceder, ca me marque : " Le certificat de sécurité de ce site Web présente un problème " bref je crois que mon ordi par en sucette ....

re sham-rock.. voila ce que tu m'a demandé...

.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 19/05/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:47:02 le 08/03/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86)
Nom du PC: NETTER-8014C706
Utilisateur actuel: Simon
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: *Application Updater*
.
C:\Documents and Settings\All Users\Application Data\bardiscover
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker
C:\Documents and Settings\Simon\Application Data\Dealio
C:\Documents and Settings\Simon\Application Data\Search Settings
C:\Documents and Settings\Simon\Application Data\Soft2PC
C:\Documents and Settings\Simon\Local Settings\Application Data\Soft2PC
C:\Program Files\Application Updater
C:\Program Files\bardiscover
C:\Program Files\Dealio Toolbar
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\extensions\dealio@mybrowserbar.com
C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
C:\Program Files\Search Settings
C:\Program Files\Soft2PC

(!) -- Fichiers temporaires supprimés.
.
HKCU\Software\Dealio
HKCU\Software\Grand Virtual
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\Search Settings
HKCU\Software\soft2PC
HKLM\Software\Application Updater
HKLM\Software\bardiscover
HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
HKLM\Software\Search Settings
HKLM\Software\soft2PC
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Application Updater\ApplicationUpdater.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome.manifest
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Dealio Toolbar\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\FF\install.rdf
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettingsRes409.dll
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6 (fr) *
.
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.search.selectedEngine: Search
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr
C:\Documents and Settings\Simon\..\quqxyfaa.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\Ad-Remover\Quarantine: 22 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 7144 Octet(s)
.
Fin à: 17:50:03, 08/03/2010
.
============== E.O.F - CLEAN[1] ==============

rapport DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Simon at 17:53:14,43 on 08/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3327.2761 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100608-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Simon\Bureau\DDS\dds.scr

============== Pseudo HJT Report ===============

uWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_SB2.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [D-Link AirPlus XtremeG DWL-G122] c:\program files\d-link\airplus xtremeg dwl-g122\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\simon\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\quqxyfaa.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: network.proxy.http - 174.142.24.201
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\dealio toolbar\ff\components\dealioToolbarFF.dll
FF - component: c:\program files\search settings\ff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-30 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-16 114768]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-5-30 3968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-16 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-5 1314704]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-16 352920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-2-15 56992]
S2 BarDiscover Service;BarDiscover Service;"c:\documents and settings\all users\application data\bardiscover\bardiscover131.exe" "c:\program files\bardiscover\bardiscover.dll" ljzfdiyyvj --> c:\documents and settings\all users\application data\bardiscover\bardiscover131.exe [?]
S2 gupdate1cab6f47faae28;Service Google Update (gupdate1cab6f47faae28);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-12 1684736]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-5-11 271728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-06-07 21:18:41 0 d-----w- C:\Ad-Remover
2010-06-07 13:58:48 0 d-----w- c:\program files\ma-config.com
2010-06-07 13:58:48 0 d-----w- c:\docume~1\alluse~1\applic~1\ma-config.com
2010-06-02 15:03:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Boss Media
2010-06-02 15:03:28 0 d-----w- c:\program files\BetClick Poker
2010-06-01 03:51:34 0 d-----w- c:\windows\system32\XPSViewer
2010-06-01 03:51:03 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-01 03:51:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-01 03:51:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-01 03:51:03 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-01 03:51:03 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-01 03:51:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-01 03:51:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-01 03:51:02 0 d-----w- C:\128b932ab15fe658cc6e84
2010-05-31 22:59:22 0 d-----w- c:\program files\MSXML 4.0
2010-05-31 11:06:02 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-31 11:06:02 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-31 11:05:21 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-31 11:02:16 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-31 11:00:50 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-31 11:00:47 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-31 11:00:46 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-31 11:00:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-31 11:00:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-31 11:00:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-31 11:00:26 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-31 11:00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-30 20:37:47 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-30 20:30:05 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-05-30 20:24:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-30 19:55:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-30 19:55:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-30 19:51:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-05-30 19:51:19 0 d-----w- c:\program files\Lavasoft
2010-05-30 13:31:55 0 d-----w- c:\docume~1\simon\applic~1\tasks
2010-05-30 13:31:23 0 d-----w- c:\docume~1\simon\applic~1\KyuubiBarre
2010-05-30 13:31:22 0 d-----w- c:\program files\KyuubiBarre
2010-05-30 13:22:30 0 d-----w- c:\docume~1\simon\applic~1\freeTVRadio
2010-05-30 13:22:17 0 d-----w- c:\program files\freeTVRadio
2010-05-29 00:57:36 0 d-----w- c:\docume~1\simon\applic~1\Malwarebytes
2010-05-29 00:57:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 00:57:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 00:57:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-29 00:57:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 00:46:55 0 d-----w- c:\program files\CCleaner
2010-05-23 09:28:02 0 d-----w- c:\program files\Free Audio Pack
2010-05-23 09:28:02 0 d-----w- c:\docume~1\simon\applic~1\FreeAudioPack
2010-05-21 20:46:28 0 d-----w- c:\program files\Panicware
2010-05-21 20:42:08 0 d-----w- c:\windows\pss
2010-04-27 14:39:21 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-27 14:39:21 77824 ----a-w- c:\windows\system32\xvid.ax
2010-04-27 14:39:21 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-27 14:39:21 0 d-----w- c:\program files\Xvid
2010-03-30 16:25:59 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-03-30 16:25:58 0 d-----w- c:\program files\McAfee Security Scan
2010-03-21 21:14:09 0 d-----w- c:\program files\VideoLAN
2010-03-21 21:11:58 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-11 17:33:28 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-11 17:33:28 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-09 15:03:21 0 d-----w- c:\docume~1\alluse~1\applic~1\UDL
2010-03-09 15:01:51 0 d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-03-09 14:58:35 0 d-----w- c:\docume~1\alluse~1\applic~1\EPSON
2010-03-09 13:35:35 0 d-----w- c:\program files\epson
2010-03-09 13:35:34 67072 ----a-w- c:\windows\system32\escwiad.dll
2010-03-09 13:35:22 25 ----a-w- c:\windows\CDE DX8400DEFGIPS.ini
2010-03-08 17:45:23 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-08 17:45:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-08 17:44:54 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-08 17:44:54 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-08 14:07:49 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2010-03-05 15:36:03 0 d-----w- c:\docume~1\simon\applic~1\LimeWire
2010-03-05 15:35:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-05 15:35:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 15:34:58 0 d-----w- c:\program files\LimeWire
2010-03-02 13:53:11 0 d-----w- c:\windows\system32\LogFiles
2010-02-26 23:44:07 0 d-----w- c:\program files\Steam
2010-02-26 23:21:58 0 d-----w- c:\docume~1\simon\applic~1\DMCache
2010-02-26 21:49:22 6 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{0D03F21F-0415-41F2-BC6E-5014A168A8AD}
2010-02-26 14:57:31 0 d-----w- c:\program files\fichiers communs\DivX Shared
2010-02-26 14:57:31 0 d-----w- c:\program files\DivX
2010-02-25 09:47:32 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:04:33 68 ----a-w- c:\documents and settings\simon\default.pls
2010-02-24 11:42:35 69 ----a-w- c:\windows\NeroDigital.ini
2010-02-23 19:02:06 0 d-----w- c:\documents and settings\simon\Tracing
2010-02-23 18:35:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-23 18:35:08 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-23 18:34:33 0 d-----w- c:\program files\Microsoft
2010-02-23 18:34:17 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-23 18:04:25 0 d-----w- c:\program files\fichiers communs\Windows Live
2010-02-23 08:34:28 0 d-----w- c:\docume~1\simon\applic~1\MSNInstaller
2010-02-19 22:20:24 0 d-sh--w- c:\documents and settings\simon\IECompatCache
2010-02-18 17:01:45 0 d-sh--w- c:\documents and settings\simon\PrivacIE
2010-02-18 17:01:19 7 ----a-w- c:\windows\system32\ANIWZCSUSERNAME
2010-02-18 17:01:07 0 d-sh--w- c:\documents and settings\simon\IETldCache
2010-02-18 16:59:56 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-18 16:59:14 0 dc-h--w- c:\windows\ie8
2010-02-18 16:18:55 6 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{2FA34558-18D8-409E-B584-468E96AEDFEA}
2010-02-16 15:34:00 6 ----a-w- c:\windows\system32\ANIWZCSUSERNAME{822FD2D7-4153-4D02-976C-61C07FA377AC}
2010-02-16 15:33:40 0 d-----w- c:\program files\ANI
2010-02-16 15:33:23 0 d-----w- c:\program files\D-Link
2010-02-16 15:32:52 459520 ----a-w- c:\windows\system32\drivers\Dr71WU.sys
2010-02-16 09:02:24 13646 ----a-w- c:\windows\system32\wpa.bak
2010-02-16 08:47:54 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-15 18:03:01 56992 ----a-r- c:\windows\system32\drivers\nvhda32.sys
2010-02-15 18:03:01 485920 ----a-w- c:\windows\system32\nvuhda.exe
2010-02-15 18:03:01 19456 ----a-r- c:\windows\system32\nvhdap32.dll
2010-02-15 18:03:01 155648 ----a-r- c:\windows\system32\nvcohda.dll
2010-02-15 18:03:01 1481 ----a-w- c:\windows\system32\nvhda.nvu
2010-02-15 18:02:34 0 d-----w- c:\windows\system32\AGEIA
2010-02-15 18:02:27 0 d-----w- c:\program files\fichiers communs\Wise Installation Wizard
2010-02-15 18:02:24 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-15 18:02:21 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-02-15 18:01:45 485920 ----a-w- c:\windows\system32\nvudisp.exe
2010-02-15 18:01:45 19495 ----a-w- c:\windows\system32\nvdisp.nvu
2010-02-15 18:01:27 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-12 22:11:45 0 d-----w- c:\program files\Nero
2010-02-12 22:11:45 0 d-----w- c:\program files\fichiers communs\Ahead
2010-02-12 22:11:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-02-12 22:11:22 0 d-----w- c:\windows\RegisteredPackages
2010-02-12 21:17:40 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-02-12 21:17:40 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-02-12 21:17:38 0 d-----w- c:\windows\system32\Lang
2010-02-12 21:10:00 73728 ----a-r- c:\windows\system32\RtNicProp32.dll
2010-02-12 21:10:00 141568 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 21:09:00 0 d-----w- c:\program files\Realtek
2010-02-12 21:08:56 540672 ------r- c:\windows\RtlExUpd.dll
2010-02-12 21:08:53 0 d-----w- c:\program files\fichiers communs\InstallShield
2010-02-12 21:08:25 0 d-----w- c:\windows\system32\drivers\system32
2010-02-12 21:08:25 0 d-----w- c:\windows\system32\drivers\INF
2010-02-12 21:07:13 0 d-----w- c:\windows\system32\ReinstallBackups
2010-02-12 21:07:11 53248 ----a-r- c:\windows\system32\CSVer.dll
2010-02-12 21:06:58 0 d-----w- C:\Intel
2010-02-12 21:05:53 23384 ----a-w- c:\windows\Ascd_log.ini
2010-02-12 21:05:20 0 d-----w- c:\program files\NortonInstaller
2010-02-12 21:05:20 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-12 21:05:00 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-02-12 21:04:54 1769 ----a-w- c:\windows\Language_trs.ini
2010-02-12 21:04:50 16550 ----a-w- c:\windows\Ascd_tmp.ini
2010-02-12 21:04:50 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-12 18:46:45 0 d-----w- c:\program files\fichiers communs\ODBC
2010-02-12 18:46:42 0 d-----w- c:\program files\fichiers communs\SpeechEngines
2010-02-12 18:46:24 0 d--h--w- c:\documents and settings\all users\Modèles
2010-02-12 18:46:24 0 d-----w- c:\documents and settings\all users\Favoris
2010-02-12 18:46:24 0 d-----w- c:\documents and settings\all users\Bureau
2010-02-12 18:46:24 0 d-----r- c:\documents and settings\all users\Menu Démarrer
2010-02-12 18:46:24 0 d-----r- c:\documents and settings\all users\Documents
2010-02-12 17:58:05 0 d-sh--w- c:\documents and settings\all users\DRM
2010-02-12 17:57:51 0 d--h--w- c:\program files\WindowsUpdate
2010-02-12 17:57:48 0 d-----w- c:\program files\Services en ligne
2010-02-12 17:57:24 0 d-----w- c:\program files\fichiers communs\MSSoap
2010-02-12 17:56:16 0 d-----w- c:\program files\Online Services
2010-02-12 17:56:11 0 d-----w- c:\program files\Messenger
2010-02-12 17:56:09 0 d-----w- c:\program files\MSN Gaming Zone
2010-02-12 17:55:46 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 15:38:16 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-08 15:38:16 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-25 06:17:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06:59 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06:56 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 17:56:50 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 04:34:07 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 15:00:31 691712 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-13 14:01:06 87040 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 07:00:38 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-17 07:41:32 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-06-25 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 17:53:52,87 ===============

re
Télécharge OTM (de OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Double clique sur OTM.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTM3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

bonsoir sham rock !!!! bon apparememnt les pages internet ne s'ouvrent plus toutes seules....   cool !!! voila le rapport OTM...

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service BarDiscover Service stopped successfully!
Service BarDiscover Service deleted successfully!
========== FILES ==========
File/Folder c:\program files\dealio toolbar not found.
File/Folder c:\program files\search settings not found.
File/Folder c:\documents and settings\all users\application data\bardiscover not found.
File/Folder c:\program files\bardiscover not found.
C:\Ad-Remover\res folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Soft2PC folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\temp folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\res folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\components folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\chrome\skin folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\chrome\locale\en-US folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\chrome\locale folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\chrome\content folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF\chrome folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings\FF folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Search Settings folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Mozilla FireFox\extensions folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files\Mozilla FireFox folder moved successfully.
C:\Ad-Remover\Quarantine\C\Program Files folder moved successfully.
C:\Ad-Remover\Quarantine\C folder moved successfully.
C:\Ad-Remover\Quarantine folder moved successfully.
C:\Ad-Remover\Erunt folder moved successfully.
C:\Ad-Remover\bin folder moved successfully.
C:\Ad-Remover\Backup\Registry-08-03-2010\Users\00000002 folder moved successfully.
C:\Ad-Remover\Backup\Registry-08-03-2010\Users\00000001 folder moved successfully.
C:\Ad-Remover\Backup\Registry-08-03-2010\Users folder moved successfully.
C:\Ad-Remover\Backup\Registry-08-03-2010 folder moved successfully.
C:\Ad-Remover\Backup folder moved successfully.
C:\Ad-Remover folder moved successfully.
c:\program files\BetClick Poker\xrs folder moved successfully.
c:\program files\BetClick Poker\sfx folder moved successfully.
c:\program files\BetClick Poker\data folder moved successfully.
c:\program files\BetClick Poker folder moved successfully.
C:\128b932ab15fe658cc6e84\i386 folder moved successfully.
C:\128b932ab15fe658cc6e84\amd64 folder moved successfully.
C:\128b932ab15fe658cc6e84 folder moved successfully.
c:\docume~1\simon\applic~1\KyuubiBarre\update folder moved successfully.
c:\docume~1\simon\applic~1\KyuubiBarre\Resources folder moved successfully.
c:\docume~1\simon\applic~1\KyuubiBarre folder moved successfully.
c:\program files\KyuubiBarre folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 4305540 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Simon
->Temp folder emptied: 823482 bytes
->Temporary Internet Files folder emptied: 15305115 bytes
->Java cache emptied: 10693660 bytes
->FireFox cache emptied: 17143418 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6925 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23962522 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1443151 bytes

Total Files Cleaned = 73,00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 03092010_000845

Files moved on Reboot...
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9C6B.tmp not found!
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9CC0.tmp not found!
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9D85.tmp not found!
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9DDE.tmp not found!
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9EEA.tmp not found!
File C:\Documents and Settings\Simon\Local Settings\Temp\~DF9F34.tmp not found!
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\ZJRVMRVL\cdntests_cedexis[1].htm moved successfully.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\NT35HRLQ\afr[1].htm moved successfully.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\NT35HRLQ\forum2[1].htm moved successfully.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\HCRZ7FLP\adsCAIGQOAB.htm moved successfully.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\2BKFFY2K\dis[1].htm moved successfully.
C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_59c.dat not found!

Registry entries deleted on Reboot...

re
mets à jour Malwarebytes' Anti-Malware

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.


REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

re !!!
ok le scan est en cours !!! je t'envoie aucun rapport?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/06/2010 19:34:48
mbam-log-2010-06-09 (19-34-48).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 167338
Temps écoulé: 27 minute(s), 22 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences (Adware.BarDiscover) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{38E63E5B-D6FC-4A5E-A72B-73B1B63B8B8F}\RP110\A0014469.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{38E63E5B-D6FC-4A5E-A72B-73B1B63B8B8F}\RP110\A0014472.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> Quarantined and deleted successfully.

re
d'autres soucis?

non apparement tout est rentré dans l'ordre... super !!!!
que dois-je faire pour maintenir mon ordi securisé et eviter que ca re-arrive??
en tout cas merci beaucoup de m'avoir aidé !!!!!

re
Supprime tous les programmes installés pour la désinfection.
garde Malwarebytes' Anti-Malware

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

Lire aussi:

Antispyware gratuit : ça sert à rien!


~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

 

Bonjour,

je lisais votre rapport et voyez-vous moi il m'arrive pas exactement la même chose mais presque... Au lieu d'avoir plusieurs pages qui s'ouvrent... moi internet s'éteind seul. Je ne sais pvraiment plus quoi faire
Si vous avez une idée de comment m'aider je serais vraiment heureuse.

Jess

Bonjour
Modération

Rappels de cette section

Créez vos sujets, on ne répondra pas sur celui-ci.

salut   post ton propre sujet sur le forum est les administrateurs t'aiderons.....  

Merci pour le Pdf --> très instructif