Sujet Précédent Sujet Suivant

Pages interrnet qui souvre tout seul

dams78300 Messages postés 118 Statut Membre -  
 Utilisateur anonyme -
Bonjour, jai un souci depuis quelque jour quand je suis sur internet et que je navigue souvent un autre onglet souvre avec une autre page blanche quelqun pourrais m'aidez svp car ses super relou de fermer la fenetre a chaque fois merci

processeur : intel core quad cpu q6600 @ 2,40 ghz
windows vista
antivirus : kaspersky

37 réponses

Précédent
  • 1
  • 2
Réponse 21 / 37
dams78300 Messages postés 118 Statut Membre
 
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 12/31/07 10:10:58 Ver: 5.15
USER : damien ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 7.0.1.321 (Activated)
C:\ (Local Disk) - NTFS - Total:455 Go (Free:309 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (Local Disk) - NTFS - Total:465 Go (Free:465 Go)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 03/04/2009| 5:49 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\damien\AppData\Roaming\Azureus\torrents\CloneDVD_v2.9.2.0_+_keygen[www.daemonstreet.com].torrent
C:\Users\damien\AppData\Roaming\Azureus\torrents\VSO_ConvertXtoDVD_3.3.4.106e_+_Keygen[www.daemonstreet.com][1].torrent

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009|19:23 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 03/04/2009| 5:51 - Option : [2]

-----------\\ Fin du rapport a 5:51:04,26
0
Réponse 22 / 37
dams78300 Messages postés 118 Statut Membre
 
voila jme suis permis de refaire sque tu mavais dit MBAM pour voir si setai comme tout a lheure donc je tenvoie un copie coller

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1935
Windows 6.0.6001 Service Pack 1

03/04/2009 06:02:04
mbam-log-2009-04-03 (06-02-04).txt

Type de recherche: Examen rapide
Eléments examinés: 60694
Temps écoulé: 3 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

apparament il y a plus rien ^^ enfin a toi de voir
0
Réponse 23 / 37
Utilisateur anonyme
 
SAlut !

Oui, je l'aurais vu sur le rapport hijackthis suivant de toute façon. Ça m'a l'air ok.

Fais un nouveau rapport hijackthis stp que tu me posteras.

A++
0
Réponse 24 / 37
dams78300 Messages postés 118 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:01, on 02/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vphc600.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\ServoApp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\damien\AppData\Local\cucswii.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [phc600] C:\Windows\vphc600.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
O4 - HKLM\..\Run: [Server Application] C:\Windows\system32\ServoApp.exe
O4 - HKLM\..\Run: [GDI Manager] "C:\Program Files\MFP Server\App\Common\MFPAgent.exe"
O4 - HKLM\..\Run: [track monitor] C:\Program Files\MSN Track Monitor\msntrack.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DMSN] C:\Program Files\Dialflirt\dialmsn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S3B6A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S1008.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [win.com] C:\Windows\system32\win.com
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [cucswii] "c:\users\damien\appdata\local\cucswii.exe" cucswii
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin600.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
Utilisateur anonyme
 
Ce n'est pas le bon rapport:

Scan saved at 13:05:01, on 02/04/2009

--> Refais un scan récent.

S'il te sort toujours le même rapport, désinstalle hijackthis et télécharge-le à nouveau.

++
0
Réponse 26 / 37
dams78300 Messages postés 118 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:37, on 03/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vphc600.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\ServoApp.exe
C:\Program Files\MFP Server\App\Common\MFPAgent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Cpasbien Toolbar - {5f67de8f-699c-425b-9fde-e07a37d6b691} - C:\Program Files\Cpasbien\tbCpas.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [phc600] C:\Windows\vphc600.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
O4 - HKLM\..\Run: [Server Application] C:\Windows\system32\ServoApp.exe
O4 - HKLM\..\Run: [GDI Manager] "C:\Program Files\MFP Server\App\Common\MFPAgent.exe"
O4 - HKLM\..\Run: [track monitor] C:\Program Files\MSN Track Monitor\msntrack.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DMSN] C:\Program Files\Dialflirt\dialmsn.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S3B6A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S1008.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [win.com] C:\Windows\system32\win.com
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: TrayMin300.exe.lnk = C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin600.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
0
Réponse 27 / 37
Utilisateur anonyme
 
Ok!

La suite:

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:

http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.

-- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.
-- Sauvegarde ce rapport puis fais un copier/coller de ce rapport dans ta prochaine réponse.
0
Réponse 28 / 37
dams78300 Messages postés 118 Statut Membre
 
jai fai sque tu ma dit quand une page noir souvre rien se passe ses toujour vide
0
Réponse 29 / 37
dams78300 Messages postés 118 Statut Membre
 
nn ses bon sa recherche
0
Réponse 30 / 37
Utilisateur anonyme
 
EDIT: OK
0
Réponse 31 / 37
dams78300 Messages postés 118 Statut Membre
 
bon bas je fai comme tu me dit mes a chaque fois sa reste bloquer au niveau du scan ses la page bleu avec marquer scan.............. et sa reste comme sa
0
Réponse 32 / 37
Utilisateur anonyme
 
Bon, donc, je vais remettre ce que j'ai supprimé tout à l'heure:

Sous VISTA

==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.

===============================================

Ne lance pas l'outil par double-clic, mais fais un clic-droit et choisis "Exécuter en tant qu'Administrateur".

-- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.
-- Sauvegarde ce rapport puis fais un copier/coller de ce rapport dans ta prochaine réponse.
0
Réponse 33 / 37
dams78300 Messages postés 118 Statut Membre
 
grr toujour pareiil pourtant je fai bien comme tu me dit
0
Réponse 34 / 37
Utilisateur anonyme
 
Bon, on va essayer autre chose:


/!\ Désactive tes protections résidentes (Antivirus, Antispywares, etc...) /!\

Télécharge ComboFix (de sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
* Il va te demander d'installer la console de récupération : ACCEPTE!.
* Ne touche pas au pc durant le scan.
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un Tutoriel sur l'utilisation de ComboFix (à lire avant de le lancer)

-->> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 35 / 37
dams78300 Messages postés 118 Statut Membre
 
ComboFix 09-04-01.01 - damien 2009-04-03 14:43:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3326.2140 [GMT 2:00]
Lancé depuis: c:\users\damien\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.
[i] ADS - Windows: deleted 48 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\damien\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\windows\ktd32.atm
c:\windows\Tasks\kzkmkaam.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
.

2009-04-03 03:25 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-03 03:25 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-03 03:25 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-03 03:25 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-03 03:25 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-03 03:25 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-03 03:25 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-04-03 03:25 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-03 03:18 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-03 03:18 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-03 03:18 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-03 03:18 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-03 03:18 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-03 03:17 . 2009-04-03 03:17 <REP> d-------- c:\users\damien\AppData\Roaming\Malwarebytes
2009-04-03 03:17 . 2009-04-03 03:17 <REP> d-------- c:\users\All Users\Malwarebytes
2009-04-03 03:17 . 2009-04-03 03:17 <REP> d-------- c:\programdata\Malwarebytes
2009-04-03 03:17 . 2009-04-03 03:17 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 03:17 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-03 03:17 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 01:36 . 2009-04-03 05:57 <REP> d-------- c:\program files\Navilog1
2009-04-02 19:21 . 2009-04-03 05:51 <REP> d-------- C:\ToolBar SD
2009-04-02 12:50 . 2009-04-02 12:50 <REP> d-------- c:\program files\Trend Micro
2009-03-31 05:21 . 2009-03-31 05:22 <REP> d-------- c:\program files\NDSROM Player
2009-03-31 05:05 . 2009-03-31 05:06 <REP> d-------- c:\program files\Pcsx2_0.9.4
2009-03-30 22:42 . 2009-03-30 22:42 <REP> d-------- c:\program files\Inventel
2009-03-13 00:42 . 2009-02-17 02:30 2,736,890 --a------ c:\windows\System32\GameMon.des
2009-03-11 11:29 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 11:29 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 11:29 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 11:29 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 11:28 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 11:28 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 08:39 . 2009-03-11 08:40 2,045,693,541 --a------ c:\users\damien\america_s_army_jeu_complet_v2.8.3_anglais_211128.exe
2009-03-10 06:46 . 2009-03-10 06:46 <REP> d-------- c:\program files\OpenAL
2009-03-10 06:46 . 2009-03-10 06:46 413,696 --a------ c:\windows\System32\wrap_oal.dll
2009-03-10 06:46 . 2009-03-10 06:46 110,592 --a------ c:\windows\System32\OpenAL32.dll
2009-03-10 06:45 . 2009-03-10 06:46 <REP> d-------- c:\program files\AssaultCube_v1.0
2009-03-10 04:16 . 2009-03-10 04:16 <REP> d-------- c:\program files\Cpasbien
2009-03-10 04:16 . 2009-03-10 04:16 <REP> d-------- c:\program files\Conduit
2009-03-10 04:16 . 2009-03-10 04:16 1,489,168 --a------ c:\users\damien\barres de taches internet.exe
2009-03-10 01:30 . 2009-03-10 03:42 253,952 --a------ c:\windows\System32\incom_.exe
2009-03-10 01:23 . 2009-03-10 01:25 39,424 --a------ c:\windows\zipinst.exe
2009-03-09 23:45 . 2009-03-09 23:45 <REP> d-------- c:\program files\WinPcap
2009-03-09 23:45 . 2009-03-09 23:46 <REP> d-------- c:\program files\MSN Track Monitor
2009-03-09 07:02 . 2009-03-09 07:02 32 --a------ c:\windows\hip
2009-03-09 07:00 . 2009-03-09 07:02 <REP> d-------- c:\program files\SplitCam
2009-03-09 04:59 . 2007-01-18 09:44 182 --a------ c:\windows\System32\DartTelnet.dep
2009-03-09 04:59 . 2007-01-18 09:44 162 --a------ c:\windows\System32\DartSock.dep
2009-03-09 02:25 . 2009-03-09 05:50 <REP> d-------- c:\program files\Teamspeak2_RC2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 12:45 1,043,006,752 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-03 12:23 --------- d-----w c:\programdata\Kaspersky Lab
2009-04-03 11:46 --------- d-----w c:\users\damien\AppData\Roaming\Xfire
2009-04-03 11:45 --------- d-s---w c:\program files\Xfire
2009-04-03 11:44 13,967,540 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-03 04:10 --------- d-----w c:\users\damien\AppData\Roaming\Azureus
2009-04-02 20:09 --------- d-----w c:\users\damien\AppData\Roaming\teamspeak2
2009-03-31 02:10 --------- d-----w c:\program files\Vuze
2009-03-11 23:06 --------- d-----w c:\program files\Windows Mail
2009-03-10 02:30 --------- d--h--w c:\users\damien\AppData\Roaming\ijjigame
2009-03-10 02:23 --------- d-----w c:\programdata\WildTangent
2009-03-10 02:09 --------- d-----w c:\program files\Microsoft Works
2009-03-10 01:17 --------- d-----w c:\users\damien\AppData\Roaming\LimeWire
2009-03-09 05:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 15:47 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 12:26 --------- d-----w c:\program files\Windows Live
2009-02-18 16:05 --------- d-----w c:\program files\FormatFactory
2009-02-11 18:06 1,470,464 ----a-w c:\windows\System32\libmySQL50.dll
2009-02-11 18:06 --------- d-----w c:\program files\GildenIdent
2009-02-08 09:30 972 ----a-w c:\users\damien\AppData\Roaming\wklnhst.dat
2009-02-07 02:41 --------- d-----w c:\program files\LG PC Suite II
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-03 17:45 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:45 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-18 12:16 47,360 ----a-w c:\users\damien\AppData\Roaming\pcouffin.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-05-09 13:36 174 --sha-w c:\program files\desktop.ini
2008-07-06 14:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-07-06 14:51 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-07-06 14:51 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5f67de8f-699c-425b-9fde-e07a37d6b691}"= "c:\program files\Cpasbien\tbCpas.dll" [2009-03-08 2079256]

[HKEY_CLASSES_ROOT\clsid\{5f67de8f-699c-425b-9fde-e07a37d6b691}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f67de8f-699c-425b-9fde-e07a37d6b691}]
2009-03-08 14:28 2079256 --a------ c:\program files\Cpasbien\tbCpas.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5f67de8f-699c-425b-9fde-e07a37d6b691}"= "c:\program files\Cpasbien\tbCpas.dll" [2009-03-08 2079256]

[HKEY_CLASSES_ROOT\clsid\{5f67de8f-699c-425b-9fde-e07a37d6b691}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5F67DE8F-699C-425B-9FDE-E07A37D6B691}"= "c:\program files\Cpasbien\tbCpas.dll" [2009-03-08 2079256]

[HKEY_CLASSES_ROOT\clsid\{5f67de8f-699c-425b-9fde-e07a37d6b691}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-18 171448]
"EPSON Stylus SX400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928]
"EPSON Stylus SX400 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"win.com"="c:\windows\system32\win.com" [2006-11-02 6656]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 1783136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"phc600"="c:\windows\vphc600.exe" [2006-10-16 344064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]
"GDI Manager"="c:\program files\MFP Server\App\Common\MFPAgent.exe" [2008-05-06 741376]
"track monitor"="c:\program files\MSN Track Monitor\msntrack.exe" [2006-03-30 241664]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

c:\users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2007-02-07 2399824]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin300.exe.lnk - c:\program files\Philips\SPC 600NC PC Camera\TrayMin600.exe [2008-06-24 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5849F780-6F5C-478F-8E98-71C9A4F32FF0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{F486B515-5105-42F2-B151-22F40F2F3CFA}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{3902E5A9-90CB-4EB9-B56B-73A97F748158}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{A1910998-C178-42E2-9981-9BADCC0B26DD}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{274FBD11-3E24-466F-B458-88B1F47B6807}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{4737D80D-3CC8-430C-80C0-0830370BBAA3}c:\\users\\damien\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zws8fdgt\\yuleech-bbo_fr_setup_0_1_exe[1].exe"= UDP:c:\users\damien\appdata\local\microsoft\windows\temporary internet files\content.ie5\zws8fdgt\yuleech-bbo_fr_setup_0_1_exe[1].exe:yuleech-bbo_fr_setup_0_1_exe[1].exe
"UDP Query User{7AAE5F65-3E2D-4355-BB3B-34E41D43EEF0}c:\\users\\damien\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\zws8fdgt\\yuleech-bbo_fr_setup_0_1_exe[1].exe"= TCP:c:\users\damien\appdata\local\microsoft\windows\temporary internet files\content.ie5\zws8fdgt\yuleech-bbo_fr_setup_0_1_exe[1].exe:yuleech-bbo_fr_setup_0_1_exe[1].exe
"TCP Query User{5E4F6C90-A9EB-4DAB-939C-723820804F85}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{0987100C-A48D-46CE-A135-DFF83E67A61D}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{6722C1B5-1B40-40EF-8738-9E17B36B005A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{35C1FE48-ACF9-49B1-BD7F-9FE5991A3A8C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D894BB30-A970-437E-9DFC-1989DB439F22}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C2BCA748-F1D3-44E7-ADD8-5D0AC54F3E5F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{B2759F51-C3A7-44DA-AD4A-6BD8119BC628}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4B555E53-38B7-4733-B086-02B380FC1161}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6E47E33C-1D92-4003-AC33-C4E6668239F5}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{708188FB-9B22-4191-BA9A-7A579970E76C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{ED581DCF-54ED-460F-A882-B7881BB7CA43}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D3C9CEE5-8356-4BED-89EC-D1F3CCD5794C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{64B997F0-25F5-46C9-BEE6-028A25CAD14D}c:\\users\\damien\\appdata\\local\\temp\\low\\plauncher.exe"= UDP:c:\users\damien\appdata\local\temp\low\plauncher.exe:plauncher.exe
"UDP Query User{F76EF242-F996-4D01-8193-DB98CC39E088}c:\\users\\damien\\appdata\\local\\temp\\low\\plauncher.exe"= TCP:c:\users\damien\appdata\local\temp\low\plauncher.exe:plauncher.exe
"{6CBCBE50-09F4-4FBC-8976-3DA7EADA9C7B}"= UDP:c:\users\damien\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{98D208A2-CAFF-407E-A6DE-24FF1BE8B3E0}"= TCP:c:\users\damien\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{8333950A-D251-4E61-A7BD-DEDD7E7F4DF9}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{184DBCC9-EF5B-4004-BFC5-6FF8BF8FDB52}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"{2EB2085A-6BFE-405C-AE6C-AF0FCCC9DFB4}"= TCP:14135:Server Application
"{FC49210E-2DEA-4D9C-B1F2-132F7CF5C382}"= UDP:14135:Server Application
"{A755973D-1C35-401D-8531-7D21DAC04A59}"= TCP:13621:MFP Setup Wizard
"{48E0FC76-3996-4386-AA59-A58FAAB809C1}"= TCP:13878:MFP Manager
"{F53F8AE7-B99F-4143-B0BF-E2C2D211AE6C}"= TCP:13364:MFP Server Manager
"{E74E1E80-55E8-4C83-9787-EB054CD052AE}"= TCP:69:MFP Server Manager TFTP
"TCP Query User{AFF2B1E8-947F-4176-844D-FC7A04DD4FE6}c:\\program files\\mfp server\\app\\common\\mfpagent.exe"= UDP:c:\program files\mfp server\app\common\mfpagent.exe:MFP Agent
"UDP Query User{BADFD4D5-A77C-46E3-944F-1FA2C20CD120}c:\\program files\\mfp server\\app\\common\\mfpagent.exe"= TCP:c:\program files\mfp server\app\common\mfpagent.exe:MFP Agent
"TCP Query User{8DA30457-6EBF-410D-928F-7CC849A375FC}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{55AEABDB-2085-4638-989B-D0FD0E09176C}c:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:c:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"{0CBF9BEA-D608-4ACD-A1FC-11356C35DD23}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{A1766EA2-FE86-499E-BF79-199F44FFB5BE}c:\\ijji\\english\\ijjipurpleoutbound.exe"= UDP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"UDP Query User{BD2E7999-7271-4939-B953-70F7D62FF371}c:\\ijji\\english\\ijjipurpleoutbound.exe"= TCP:c:\ijji\english\ijjipurpleoutbound.exe:ijjiPurpleOutBound Application
"TCP Query User{C031DB85-92B3-4BA9-B881-3F7EFB8E8CC8}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{55767BF3-0452-467A-97EB-A98DA7629AF3}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{F230A1EC-EA1C-4E76-A861-A43947E248B4}c:\\users\\damien\\desktop\\teamspeak spam\\teamspeak spam\\spamer.exe"= UDP:c:\users\damien\desktop\teamspeak spam\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{6EE126A6-C9B0-45B6-80A5-FD494AACCF37}c:\\users\\damien\\desktop\\teamspeak spam\\teamspeak spam\\spamer.exe"= TCP:c:\users\damien\desktop\teamspeak spam\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{F8587B4E-6838-4DE0-BD13-242E9D5E05E4}c:\\users\\damien\\appdata\\roaming\\powertcp\\telnet for activex\\bin\\debugserver.exe"= UDP:c:\users\damien\appdata\roaming\powertcp\telnet for activex\bin\debugserver.exe:debugserver.exe
"UDP Query User{66864667-3D1B-445B-928A-0B71A3F83E3A}c:\\users\\damien\\appdata\\roaming\\powertcp\\telnet for activex\\bin\\debugserver.exe"= TCP:c:\users\damien\appdata\roaming\powertcp\telnet for activex\bin\debugserver.exe:debugserver.exe
"TCP Query User{EF4BEFEF-EEAC-4994-85AC-BAD7300AF003}c:\\users\\damien\\appdata\\local\\temp\\rar$ex02.072\\teamspeak spam\\spamer.exe"= UDP:c:\users\damien\appdata\local\temp\rar$ex02.072\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{27DF3C69-4E36-48FB-AFFD-3257530E7663}c:\\users\\damien\\appdata\\local\\temp\\rar$ex02.072\\teamspeak spam\\spamer.exe"= TCP:c:\users\damien\appdata\local\temp\rar$ex02.072\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{52592E43-A1EC-4245-90BE-C6EC6A7848FD}c:\\users\\damien\\appdata\\local\\temp\\rar$ex00.195\\teamspeak spam\\spamer.exe"= UDP:c:\users\damien\appdata\local\temp\rar$ex00.195\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{7203911A-764B-47C1-A5EF-3718C9D99B23}c:\\users\\damien\\appdata\\local\\temp\\rar$ex00.195\\teamspeak spam\\spamer.exe"= TCP:c:\users\damien\appdata\local\temp\rar$ex00.195\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{EFBC09A6-C51F-4EE9-AB69-477AFB80EEF8}c:\\users\\damien\\appdata\\local\\temp\\rar$ex00.041\\teamspeak spam\\spamer.exe"= UDP:c:\users\damien\appdata\local\temp\rar$ex00.041\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{A0BEC9BE-9064-4B69-9E9B-61B778D7DD42}c:\\users\\damien\\appdata\\local\\temp\\rar$ex00.041\\teamspeak spam\\spamer.exe"= TCP:c:\users\damien\appdata\local\temp\rar$ex00.041\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{1916BB4D-35A4-485E-94DD-038E385DECAA}c:\\windows\\services.exe"= UDP:c:\windows\services.exe:services
"UDP Query User{3FEECD1C-3A20-4D76-97ED-B92A3D73D317}c:\\windows\\services.exe"= TCP:c:\windows\services.exe:services
"TCP Query User{2CA1B580-6A28-4B3C-8D31-60D7FBB73D5D}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Explorateur Windows
"UDP Query User{3C4013F2-7A53-4A6E-BABE-6022507D6ED9}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Explorateur Windows
"TCP Query User{62A5C52B-CEA5-4672-87FC-1AC2A6EF4F1B}c:\\users\\damien\\desktop\\spamer.exe"= UDP:c:\users\damien\desktop\spamer.exe:spamer.exe
"UDP Query User{5F15B29A-E2F9-4725-AC32-6F0A48C8A38F}c:\\users\\damien\\desktop\\spamer.exe"= TCP:c:\users\damien\desktop\spamer.exe:spamer.exe

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\DVDPlay\[u]0/u00.fcl [2007-01-02 18:24:26 39408]
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\System32\drivers\mfpec.sys [2009-01-18 34944]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-01-02 198240]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
R3 WUSBVBus;MFP Server Detector;c:\windows\System32\drivers\mfpvbus.sys [2009-01-18 10240]
S3 AliWGP;Composite Device;c:\windows\System32\drivers\mfpcomp.sys [2009-01-18 10880]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-02 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 phc600;USB PC Camera (SPC600NC);c:\windows\System32\drivers\phc600.sys [2008-06-24 422144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d938ee-b7c4-11dd-8287-001e8c5bfa53}]
\shell\AutoRun\command - M:\start.exe
\shell\iledefrance\command - M:\start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{0C8947CD-FD16-461A-9CBB-D1591EFB6817}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-DMSN - c:\program files\Dialflirt\dialmsn.exe
HKCU-Run-GameTracker - c:\program files\GameTracker\GTLite.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-MFP Manager - c:\program files\MFP Server\MFPAgent.exe

.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
Trusted Zone: localhost
FF - ProfilePath - c:\users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\dtrh6ik1.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 14:46:59
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(684)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Heure de fin: 2009-04-03 14:49:38
ComboFix-quarantined-files.txt 2009-04-03 12:49:35

Avant-CF: 331 564 445 696 octets libres
Après-CF: 331,529,924,608 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=46 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46
287 --- E O F --- 2009-04-03 01:37:30
0
Réponse 36 / 37
Utilisateur anonyme
 
RE!

Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER

Va dans "Options">>"Avancé". Décoche la première ligne.

Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

==========================================

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe.

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

A noter: Les rapports se trouvent également ici: C:\rsit.

++
0
Réponse 37 / 37
Utilisateur anonyme
 
Plus de nouvelle...
0

Discussions similaires

Xiaomi Redmi Note 11 : volume augment tout seul
Wasa -
oblixx -

3 réponses
Redmi note 8 pro problème son
mtex1131 -
Daf -

112 réponses
Son qui monte tout seul
AllezLOUya -
Didi64_549 -

1 réponse
Télépone portable qui émet des bips !
CC10 -
CC10 -

3 réponses
Mon téléphone envoie des messages tout seul
Bapt37 -
Panth33ra -

17 réponses