Sujet Précédent Sujet Suivant

Bug sur écran

Fermé
pilpoil.28 Messages postés 101 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 17 mars 2013 - 10 janv. 2009 à 08:36
pilpoil.28 Messages postés 101 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 17 mars 2013 - 14 févr. 2009 à 08:02
Bonjour,

Je viens sur ce forum sur les indications de webernard.

J'ai eu un bug il y a 2 semaines env. En dessous des icones, sur mon écran, toutes les écritures avaient changés de

police. Tout était écrit en police Marlett. J'ai branché un autre ordi sur le net et j'ai téléchargé une nouvelle police

pour que je puisse lancer spybot et adaware. Ensuite j'avais un logo ( un rond rouge avec une croix blanche) à coté

de l'alerte sécurité windows. Depuis, cela fonctionne bien, mais je ne peux plus changer le fond de l'écran en

passant par le panneau de config. Vista me dit que je ne suis pas administrateur. Définir l'image en tant que papier

peint, ça marche pour changer le fond d'écran, mais je ne peux pas faire update pour les mises à jour,ça me dit

qu'il n'a pas pu faire les mises à jour. Erreurs détectées: Code 8007371C

Je suis sous vista Edition Familiale Premium.

D'aprés, lui je dois avoir un problème dans l'ordi.

Je viens de faire hijackthis et voici le rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:16, on 10/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Session\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Session\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Antipub\antipub.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Antiespion\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "I:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [HDReg] C:\Program Files\HDReg\HDRegApp.exe -r
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\IconesBureau\CursorFX.exe"
O4 - HKCU\..\Run: [RealAV.exe] C:\Program Files\RealAV\RealAV.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Session\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25BA943-6AC0-417D-A802-F6A683AD06CE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
A voir également:

45 réponses

Précédent
Réponse 41 / 45
Utilisateur anonyme
6 févr. 2009 à 18:28
Re,

1)- •- Télécharge « clean.zip »
http://www.malekal.com/download/clean.zip
•- Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier dénommé "clean ".
< http://img227.imageshack.us/img227/9384/screenshot149ih1.gif >
- Redémarre en mode sans échec.
Tutos: Comment faire pour... à la lettre C
< https://forum.pcastuces.com/default.asp >

( note bien ce que tu as à faire, parce que tu n'auras plus accès à IE durant cette procédure ).

•- Ouvre le dossier « clean » qui se trouve sur ton bureau.
- Double-clic sur « clean.cmd ».
Une fenêtre noire va apparaître, suis les consignes
< http://img483.imageshack.us/img483/6285/screenshot210io7.gif >
Choisis l’option 2.
Clean va travailler. Il va produire un rapport.

ATTENTION: Redémarre nomalement le PC , ET SI TU AS ENCORE LE MESSAGE , au moment du message pour redémarrer , fais ceci "Démarrer" > "Exécuter" et copier/coller ceci dans la fenêtre shutdown -a ( tel que c'est là en gras).

Ensuite, poste le rapport qui se trouve ici C:\rapport_clean.txt. (- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu »
0
Réponse 42 / 45
pilpoil.28 Messages postés 101 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 17 mars 2013 3
7 févr. 2009 à 09:59
Salut, voici le rapport

Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 07/02/2009 a 9:38:59,03

Microsoft Windows [version 6.0.6000]

*** Suppression C:

*** Suppression \

*** Suppression \system32

*** Suppression C:\Program Files
tentative de suppression de "C:\Program Files\GamesBar\"
tentative de suppression de "C:\Program Files\GameHouse\"

*** Deletion of the registry keys successful..
0
Réponse 43 / 45
Utilisateur anonyme
7 févr. 2009 à 13:18
Re,

As tu toujours des problèmes?
0
Réponse 44 / 45
pilpoil.28 Messages postés 101 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 17 mars 2013 3
7 févr. 2009 à 16:41
je ne peux toujours pas activer ou desactiver le compte d'utilisateur...

tout comme msconfig, regedit dans l'onglet exécuter, combofix, smitfraudfix le système

n a pas trouvé l'option d'environnement spécifiée

En faisant système et maintenance,protection du système, paramètre système avancés, gestionnaire

de périphériques, parametres d'utilisation à distance, il me répond (suivant sur quoi je clic)

windows ne trouve pas %windir%\\system32\\devmgmt.msc ou \\systempropertiesremote.exe

\\systempropertiesprotection.exe ou systempropertiesadvanced.exe.vérifiez que vous avez entré

le nom correct, puis réessayez
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 45
Utilisateur anonyme
7 févr. 2009 à 16:47
Re,

Essai de faire combofix en mode sans échec.
0
pilpoil.28 Messages postés 101 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 17 mars 2013 3
14 févr. 2009 à 08:02
Salut

Pas pus répondre plus tôt, j'étais en déplacement avec mon boulot

J'ai fait combofix en mode sans échec et voici le rapport

Je l'ai fais malgré l'avertissement que j'ai eu pour Avira, je ne l'ai trouvé nul part

donc impossible de le désinstaler


ComboFix 09-01-19.03 - Session 2009-02-14 7:35:42.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1791.1338 [GMT 1:00]
Lancé depuis: c:\users\Session\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090213-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
.
- Mode FONCTIONNALITES REDUITES -
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-14 au 2009-02-14 ))))))))))))))))))))))))))))))))))))
.

2009-02-14 07:34 . 2009-02-14 07:34 <REP> d-------- c:\users\Session\WPDNSE
2009-02-13 19:05 . 2009-02-13 19:12 <REP> d-------- c:\users\Session\plugtmp-80
2009-02-11 06:13 . 2009-02-11 06:13 <REP> d-------- C:\NVIDIA
2009-02-11 06:12 . 2009-02-11 17:06 <REP> d-------- c:\users\Session\~nsu.tmp
2009-02-07 17:46 . 2009-02-14 07:24 <REP> d-------- C:\TEMP
2009-02-07 12:27 . 2009-02-07 13:47 <REP> d-------- c:\users\Session\plugtmp-79
2009-02-07 09:17 . 2009-02-07 09:17 226,258 -ra------ c:\users\Session\clean.zip
2009-02-06 17:02 . 2009-02-06 18:35 <REP> d-------- c:\users\Session\plugtmp-78
2009-02-05 09:02 . 2009-02-05 16:52 <REP> d-------- c:\users\Session\plugtmp-77
2009-02-04 08:21 . 2009-02-04 08:21 <REP> d-------- c:\users\Session\byeC9A4.tmp
2009-02-04 08:13 . 2009-02-04 08:13 <REP> d-------- c:\program files\Navilog1
2009-02-04 07:45 . 2009-02-04 07:45 <REP> d-------- c:\users\Session\plugtmp-76
2009-02-04 06:51 . 2009-02-04 06:51 552,622 -ra------ c:\users\Session\Navilog1old.zip
2009-02-04 06:50 . 2009-02-04 06:50 552,629 -ra------ c:\users\Session\Navilog1.zip
2009-02-03 14:24 . 2009-02-03 14:58 <REP> d-------- c:\users\Session\plugtmp-75
2009-02-03 06:20 . 2009-02-03 06:20 <REP> d-------- c:\users\Session\plugtmp-74
2009-02-02 16:07 . 2009-02-02 17:04 <REP> d-------- c:\users\Session\plugtmp-73
2009-02-01 10:07 . 2009-02-01 10:07 <REP> d-------- c:\users\Session\ccF2F7.tmp
2009-01-31 05:43 . 2009-01-31 05:43 <REP> d-------- c:\windows\System32\config\systemprofile\DWDDEE9.tmp
2009-01-28 10:16 . 2009-01-28 11:24 <REP> d-------- c:\users\Session\plugtmp-72
2009-01-24 09:34 . 2009-01-24 09:34 1,887,112 --a------ c:\users\Session\FlashPlayerUpdate.exe
2009-01-24 07:11 . 2009-01-25 08:09 <REP> d-------- c:\program files\FindyKill
2009-01-18 08:43 . 2009-02-13 19:08 <REP> d-------- c:\users\Session\Low
2009-01-17 09:11 . 2009-01-17 09:11 <REP> d-------- c:\program files\Common Files\xing shared
2009-01-17 09:06 . 2009-01-17 09:12 <REP> d-------- c:\users\Session\rninst~7
2009-01-17 07:14 . 2009-01-17 07:14 581 --a------ c:\windows\~WRD0001.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 04:54 --------- d-----w c:\program files\Avast4
2009-02-13 20:38 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2009-02-11 16:08 --------- d-----w c:\progra~2\NVIDIA
2009-02-11 05:13 --------- d-----w c:\program files\CCleaner2
2009-02-09 09:20 6,168 ----a-w c:\users\Session\AppData\Roaming\wklnhst.dat
2009-01-24 06:22 --------- d-----w c:\program files\Antiespion
2009-01-17 09:30 --------- d-----w c:\program files\Alzip
2009-01-17 08:11 --------- d-----w c:\program files\Common Files\Real
2009-01-17 06:54 --------- d-----w c:\program files\Anti-Malware
2009-01-16 14:12 --------- d-----w c:\program files\Big Kahuna Reef 2
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 14:48 --------- d-----w c:\users\Session\AppData\Roaming\Malwarebytes
2009-01-11 14:48 --------- d-----w c:\progra~2\Malwarebytes
2009-01-10 08:11 --------- d-----w c:\program files\The Cleaner
2009-01-09 11:56 --------- d-----w c:\progra~2\WinZip
2009-01-09 10:48 --------- d-----w c:\users\Session\AppData\Roaming\ESTsoft
2009-01-09 10:15 --------- d-----w c:\program files\7-Zip2
2009-01-09 10:10 --------- d-----w c:\program files\7-Zip
2009-01-08 18:58 --------- d-----w c:\program files\ma-config.com
2009-01-08 18:58 --------- d-----w c:\progra~2\ma-config.com
2009-01-06 19:07 --------- d-----w c:\program files\Spybot
2009-01-05 05:04 --------- d-----w c:\program files\AviSynth 2.5
2009-01-01 13:48 --------- d-----w c:\program files\Oberon Media
2009-01-01 13:32 --------- d-----w c:\program files\PopCap Games
2009-01-01 13:32 --------- d-----w c:\progra~2\PopCap
2009-01-01 13:01 81,984 ----a-w c:\windows\System32\bdod.bin
2009-01-01 13:01 --------- d-----w c:\program files\Common Files\Softwin
2008-12-31 07:22 158,960 ----a-w c:\users\Session\SSUPDATE.EXE
2008-12-31 07:17 152,904 ----a-w c:\windows\System32\vghd.scr
2008-12-31 07:17 103 ----a-w c:\users\Session\pMdArqpo.bat
2008-12-31 07:17 --------- d-----w c:\users\Session\AppData\Roaming\vghd
2008-12-31 07:17 --------- d-----w c:\program files\vghd
2008-12-30 19:26 --------- d-----w c:\program files\Zylom Games
2008-12-30 13:33 --------- d-----w c:\users\Session\AppData\Roaming\Zylom
2008-12-28 09:58 --------- d--h--w c:\progra~2\{A850D4D9-871B-4234-908D-21C457767270}
2008-12-28 09:58 --------- d-----w c:\program files\IconesBureau
2008-12-27 10:02 --------- d-----w c:\program files\Common Files\Ahead
2008-12-27 10:00 --------- d-----w c:\progra~2\Nero
2008-12-27 05:53 144,268 ----a-r c:\users\Session\vgatv.zip
2008-12-26 08:51 --------- d-----w c:\program files\VistaCodecPack
2008-12-26 08:50 --------- d-----w c:\progra~2\VistaCodecs
2008-12-21 18:58 --------- d-----w c:\program files\Ad-aware 6
2008-12-21 08:21 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-21 08:21 --------- d-----w c:\program files\Java
2008-12-21 07:51 --------- d-----w c:\program files\CyberLink
2008-12-21 07:51 --------- d-----w c:\progra~2\CyberLink
2008-12-21 07:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 06:12 --------- d-----w c:\users\Session\AppData\Roaming\SUPERAntiSpyware.com
2008-12-21 06:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-20 19:36 --------- d-----w c:\users\Session\AppData\Roaming\vlc
2008-12-20 19:36 --------- d-----w c:\users\Session\AppData\Roaming\Smart Panel
2008-12-20 19:36 --------- d-----w c:\program files\Smart Panel
2008-12-20 19:36 --------- d-----w c:\program files\PowerDVD
2008-12-20 19:36 --------- d-----w c:\program files\Antipub
2008-12-18 16:04 --------- d-----w c:\users\Session\AppData\Roaming\IcoFX
2008-12-18 16:03 --------- d-----w c:\program files\IcoFX 1.6
2008-12-18 14:54 --------- d-----w c:\users\Session\AppData\Roaming\ArcSoft
2008-12-14 06:54 --------- d-----w c:\users\Session\AppData\Roaming\DivX
2008-12-07 12:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 12:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-12-02 10:31 297,309 ----a-w c:\users\Session\RunVG.exe
2008-11-24 15:45 1,203,296 ----a-w c:\users\Session\GoogleToolbar.exe
2008-11-24 14:32 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-11-18 13:59 9,019,464 ----a-w c:\users\Session\setup-vghd_2cck1UPxtsEZ00N.exe
2008-11-10 07:02 4,964,408 ----a-w c:\users\Session\PandoSetup.exe
2008-10-05 11:04 5,460,959 ----a-w c:\users\Session\eToroSetup.exe
2008-09-29 17:46 94,208 ----a-w c:\users\Session\BarControl.dll
2008-09-29 17:46 745,472 ----a-w c:\users\Session\GoogleToolbar.dll
2008-09-29 17:46 743,016 ----a-w c:\users\Session\GDSSetup.exe
2008-08-13 17:39 31,592 ----a-w c:\users\Session\nos_uninstall.exe
2008-08-12 05:46 40,448 ----a-w c:\users\Session\CmdLineExt03.dll
2008-08-12 05:46 22,068 ----atw c:\users\Session\SIntfNT.dll
2008-08-12 05:46 17,324 ----atw c:\users\Session\SIntf32.dll
2008-08-12 05:46 12,305 ----atw c:\users\Session\SIntf16.dll
2008-08-11 04:58 1,174,664 ----a-w c:\users\Session\SymLCSVC.EXE
2008-07-25 12:47 18,815,501 ----a-w c:\users\Session\bande_annonce2.zip
2008-07-06 18:19 249,520 ----a-w c:\users\Session\installation.exe
2008-05-14 16:52 524 ----a-w c:\users\Session\srtspsp.dat
2008-05-14 16:52 284 ----a-w c:\users\Session\srtspse.dat
2008-05-14 16:52 2,204 ----a-w c:\users\Session\srtspso.dat
2007-12-17 23:46 174 --sha-w c:\program files\desktop.ini
2007-10-17 16:15 2,364,704 ----a-w c:\users\Session\GoogleInstApp.exe
2007-09-17 12:10 6,871,480 ----a-w c:\users\Session\FFTB-REAL_signed.exe
2007-09-17 12:10 50,688 ----a-w c:\users\Session\fftbapi.dll
2006-11-14 10:15 15,872 ----a-w c:\users\Session\ddxgb.sys
2008-09-24 16:12 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-13 18:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-13 18:05 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-13 18:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-08-01 6604104]
"CursorFX"="c:\program files\IconesBureau\CursorFX.exe" [2008-02-19 418632]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-14 1232896]
"ckiiy"="c:\users\session\appdata\local\ckiiy.exe" [2009-01-20 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-01-23 90112]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"InternetDownload_upgrade"="c:\program files\VersalSoft\InternetDownload\InternetDownload.exe" [2008-11-24 361472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-17 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"HDReg"="c:\program files\HDReg\HDRegApp.exe" [2005-06-21 192512]
"NvExportOEMDefaults"="c:\windows\system32\NVCPL.DLL" [2008-10-17 13584928]
"NvRegisterMCTray"="c:\windows\system32\NVMCTRAY.DLL" [2008-10-17 92704]

c:\users\Session\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\Session\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-07 143360]

c:\users\Session\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\Session\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-07 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL,c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL,c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL,c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\MAGICS~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0FEA69FA-553C-4C3C-8928-CF923C176E21}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{B4D52483-9465-46FC-8DB2-AD86D56802B6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23E59B88-8FBB-4750-9EF5-61B066C70C23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{576D0A87-D844-481D-8A62-DC7D3F180B35}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1BCC2663-3AA1-4842-B077-2FD23E92EE4D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{CB18EA85-CB83-4241-B1C3-52D82FD0B49A}i:\\program files\\faces of war\\facesofwar.exe"= UDP:i:\program files\faces of war\facesofwar.exe:FOW Application
"UDP Query User{1C4724DD-7206-40FA-9A8A-8B6BD6B21775}i:\\program files\\faces of war\\facesofwar.exe"= TCP:i:\program files\faces of war\facesofwar.exe:FOW Application
"TCP Query User{9E0522DE-3501-4766-ABAE-24A0B69079F8}c:\\windows\\temp\\navbrowser.exe"= UDP:c:\windows\temp\navbrowser.exe:navbrowser.exe
"UDP Query User{631041ED-DD74-45EA-A111-2B913716FE40}c:\\windows\\temp\\navbrowser.exe"= TCP:c:\windows\temp\navbrowser.exe:navbrowser.exe
"TCP Query User{FDA14FC9-D22B-4BF1-9C4A-C1AA86889D8D}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{6662BCAB-56E2-4FF4-99DD-CF1F50D3EF99}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"TCP Query User{2237C9AD-B9E3-4E40-BEA3-6BE11044CF92}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0DDAACC3-6A96-4042-9EC0-53AC4E2A0060}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{98166DF0-92E5-4C97-841F-E57628FCBA0E}c:\\users\\session\\desktop\\emule\\emule0.49b\\emule.exe"= UDP:c:\users\session\desktop\emule\emule0.49b\emule.exe:emule.exe
"UDP Query User{EEE41595-FE60-4CA3-BCA1-FC8E83900D5F}c:\\users\\session\\desktop\\emule\\emule0.49b\\emule.exe"= TCP:c:\users\session\desktop\emule\emule0.49b\emule.exe:emule.exe
"TCP Query User{4EC88E93-B84B-46D3-AB22-83B46F15AC5D}c:\\program files\\echanblard\\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eChanblard
"UDP Query User{CACCEEC6-093C-46D8-BD91-CDB30020259F}c:\\program files\\echanblard\\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eChanblard
"TCP Query User{0611DB85-FBF7-4BDE-B9FE-7ED96B7A898E}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{5CCDE445-A441-4A6F-8700-D294E3C1421F}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{3812895D-88B8-4247-9A1C-BA52690A8D68}"= UDP:56223:Pando P2P TCP Listening Port
"{65CFB66D-076A-40D5-B6A9-A15F9B95C7C6}"= TCP:56223:Pando P2P UDP Listening Port
"{FBF91EB0-151A-4145-A46E-419B1BB9889E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{81C07AC5-36EC-4C8C-9E1A-81EFE60305DA}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{7F267BE0-8917-4738-AC62-5B33B0931AC9}"= UDP:i:\program files\ma-config.com\maconfservice.exe:maconfservice
"{FB86ABE8-9767-4B67-9D18-E14AB6DDD2D9}"= TCP:i:\program files\ma-config.com\maconfservice.exe:maconfservice
"{D07FC06B-5B07-4C44-A315-86D0B736B3ED}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1D8F8658-1394-4A94-AC03-E93D7C6EBF84}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange HSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R1 aswSP;avast! Self Protection; [x]
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 SASENUM;SASENUM; [x]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE
*Deregistered* - AmdTools
*Deregistered* - Beep
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - Ecache
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - nvraid
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - VIAPFD
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wdf01000
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SUPERAntiSpyware - i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-RealAV.exe - c:\program files\RealAV\RealAV.exe
HKLM-Run-WooCnxMon - c:\progra~1\Wanadoo\CnxMon.exe
HKLM-Run-amd_dc_opt - i:\program files\AMD\amd_dc_opt\amd_dc_opt.exe
HKLM-Run-RegistryMechanic - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - i:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - i:\program files\SUPERAntiSpyware\SASWINLO.DLL


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.01net.com/telecharger/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Session\AppData\Roaming\Mozilla\Firefox\Profiles\6uivcz1r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx??mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 07:36:15
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RealAV.exe = c:\program files\RealAV\RealAV.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????V?????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...


**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1492)
c:\program files\Microsoft Office2003\OFFICE11\msohev.dll
.
Heure de fin: 2009-02-14 7:40:08
ComboFix-quarantined-files.txt 2009-02-14 06:38:51

Avant-CF: 141,591,789,568 octets libres
Après-CF: 141,506,854,912 octets libres

317
0

Discussions similaires

Iptv beug
leogauthier15 -
bazfile -

1 réponse
Bug de chaîne IPTV
GeraltDeRiv13 -
bazfile -

1 réponse