Sujet Précédent Sujet Suivant

Adware google / wikipédia

Résolu
-nicolas- Messages postés 6778 Statut Contributeur -  
 Utilisateur anonyme -
Bonsoir,

j'ai choppé un adware qui me pourrit la vie. Dès que je fais une recherche sur google, un menu "sponsored links" apparait sur la gauche : http://www.noelshack.com/voir/130309/virus078563.JPG

mais aussi sur wikipedia : http://www.noelshack.com/voir/130309/virus1085990.JPG

j'ai déjà scanné avec avira premium, malwarebytes, windows defender et superantispyware, et j'ai tenté un nettoyage avec ccleaner... tout cela sans succès ...

J'ai mené des recherches, mais rien ne semble marcher...

aidez moi svp !
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
re !

DDS (Ver_09-03-16.01) - NTFSx86
Run by nico at 16:24:37,50 on 11/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1534.785 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Creative\Creative ZEN (DVP-FL0001)\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\nico\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uWindow Title =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: thesuperads search enhancer: {5f25ea5b-cd98-1c3e-6af9-9a74e3a923b7} - c:\windows\system32\lmhjfhbakdsmkinvl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
EB: Search panel: {48ee3a80-3147-f8b7-44b8-cd0f1eff4fe8} - c:\windows\system32\lmhjfhbakdsmkinvl.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [ACTIVBOARD] c:\program files\packard bell\fiji\aboard.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CTCheck] c:\program files\creative\creative zen (dvp-fl0001)\zen media explorer\CTCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nico\appdata\roaming\mozilla\firefox\profiles\p7mh6y1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\lmhjfhbakdsmkinvl.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\nico\appdata\roaming\mozilla\firefox\profiles\p7mh6y1p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-2-21 21144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 55024]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-4-29 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-4-29 432897]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2009-2-21 43520]
S2 gupdate1c98d36c500d0c9;Google Update Service (gupdate1c98d36c500d0c9);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-4-21 216232]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-1-11 28224]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 7408]

=============== Created Last 30 ================

2009-05-11 16:22 62,076 a------- c:\windows\system32\lmhjfhbakdsmkinvl.dll-uninst.exe
2009-05-10 20:21 <DIR> --d----- c:\program files\Ad-remover
2009-05-08 19:58 <DIR> --d----- c:\program files\Quicksys
2009-05-07 17:43 <DIR> --d----- c:\program files\trend micro
2009-05-06 20:32 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\users\nico\appdata\roaming\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-06 19:53 <DIR> --d----- c:\users\nico\appdata\roaming\Malwarebytes
2009-05-06 19:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-06 19:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 19:53 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-06 19:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 19:53 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-06 14:10 566,272 a------- c:\windows\system32\lmhjfhbakdsmkinvl.dll
2009-05-02 00:35 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-02 00:33 <DIR> --d----- c:\users\nico\appdata\roaming\Atari
2009-04-29 13:48 <DIR> --d----- c:\users\nico\appdata\roaming\Avira
2009-04-29 13:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 13:30 <DIR> --d----- c:\program files\Avira
2009-04-21 20:03 <DIR> --d----- c:\program files\id Software
2009-04-21 01:24 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-19 11:54 <DIR> --d----- c:\programdata\Messenger Plus!
2009-04-19 11:54 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-04-18 20:47 <DIR> --d----- c:\program files\Music NFO Builder
2009-04-18 20:02 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-04-18 15:16 <DIR> --d----- c:\program files\Patch MsnCreative
2009-04-17 19:02 <DIR> --d----- c:\users\nico\amsn
2009-04-17 18:52 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-04-13 13:12 34 a------- c:\users\nico\jagex_runescape_preferences.dat
2009-04-13 13:12 <DIR> --d----- c:\windows\.jagex_cache_32
2009-04-11 20:09 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-11 20:08 <DIR> --d----- c:\users\nico\.housecall6.6

==================== Find3M ====================

2009-05-10 14:29 681,474 a------- c:\windows\system32\perfh00C.dat
2009-05-10 14:29 128,676 a------- c:\windows\system32\perfc00C.dat
2009-05-02 22:58 51,200 a------- c:\windows\inf\infpub.dat
2009-05-02 22:58 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-02 22:57 86,016 a------- c:\windows\inf\infstor.dat
2009-04-03 18:47 20,693 a------- c:\windows\War3Unin.dat
2009-04-03 18:42 126,976 a------- c:\windows\War3Unin.exe
2009-04-03 18:42 2,829 a------- c:\windows\War3Unin.pif
2009-04-02 20:26 1,698 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 13:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 13:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 13:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 13:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 13:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 13:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 13:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 13:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 13:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 13:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 13:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 13:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 13:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 13:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 13:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 13:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 13:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 13:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 06:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 06:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 06:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 06:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 06:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 06:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 06:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 06:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 05:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 04:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-27 02:29 319,984 a------- c:\windows\DIFxAPI.dll
2009-02-24 21:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 21:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 21:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 21:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-21 16:17 146,288 a------- c:\windows\hpoins18.dat
2009-02-18 15:44 135,168 a------- c:\windows\system32\nvcod140.dll
2009-02-13 10:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 10:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-01-11 22:16 174 a--sh--- c:\program files\desktop.ini
2009-01-11 22:06 665,600 a------- c:\windows\inf\drvindex.dat
2007-01-27 02:56 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2007-01-27 02:56 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2007-01-27 02:56 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2007-01-27 02:56 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:25:19,06 ===============
0
Réponse 22 / 35
Utilisateur anonyme
 
Hello

L'infection est revenue.

Tu veux bien envoyer ce fichier sur VirusTotal stp ?

c:\program files\mozilla firefox\components\lmhjfhbakdsmkinvl.dll

Donne moi ensuite le lien ;)

Je te prépare la suite en attendant
++
0
Réponse 23 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
putin il veut pas partir on dirait >_<

http://www.virustotal.com/fr/analisis/ec8c455d3677810c9c059d79e5f7c485
0
Réponse 24 / 35
Utilisateur anonyme
 
Re,

T'inquiète pas pour ça :)

Bon, la suite.

N'utilises plus FireFox tant que je ne te l'aurais pas dit!

1/

Zippe moi ce dossier: C:\Program Files\Ad-remover\Quarantine et envoie le moi par mail à cette adresse: AdRemover.contact@gmail.com , merci :).

2/
Désinstalle Ad-remover ( relance-le, choisi 'uninstal' ) , puis re-télécharge le à cette adresse: http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

Choisi le nettoyage, 'Adwares Connus' patiente .. laisse le rapport sur ton disque dur une fois fini.

3/

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\

Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

(!) Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 50 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

Tutorial ( aide ):
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Poste moi le rapport d'Ad-remover ainsi que celui de Combofix.

Courage :).

++

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
Ad remover :

------- LOGFILE OF AD-REMOVER 1.1.3.7 | ONLY XP/VISTA -------

Updated by C_XX on 11/05/2009 at 16:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares

********************

Start at: 17:18:04, 11/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-NICO
Current User: nico - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
- K:\ (File System: NTFS)

(!) ---- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{48EE3A80-3147-F8B7-44B8-CD0F1EFF4FE8}
HKCR\CLSID\{5F25EA5B-CD98-1C3E-6AF9-9A74E3A923B7}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F25EA5B-CD98-1C3E-6AF9-9A74E3A923B7}
.
C:\Windows\System32\lmhjfhbakdsmkinvl.dll
C:\Windows\System32\lmhjfhbakdsmkinvl.dll-uninst.exe
C:\Program Files\Mozilla FireFox\Components\lmhjfhbakdsmkinvl.dll
C:\Users\nico\AppData\Local\Temp\tmp220A.tmp

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: p7mh6y1p.default (nico)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/#General");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
(User.js) user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
(User.js) user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
.
(Prefs.js) Removed: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) Removed: user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
(Prefs.js) Removed: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) Removed: user_pref("keyword.URL", "hxxp://www26.yoog.com/search.php?q=");
(User.js) Removed: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) Removed: user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
(User.js) Removed: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) Removed: user_pref("keyword.URL", "hxxp://www26.yoog.com/search.php?q=");
(User.js) Removed: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) Removed: user_pref("browser.search.defaulturl", "hxxp://www26.yoog.com/search.php?q=");
(User.js) Removed: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) Removed: user_pref("keyword.URL", "hxxp://www26.yoog.com/search.php?q=");

---- Internet Explorer Version 8.0.6001.18702 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_USERS\S-1-5-21-2784458472-1996006743-1886199985-1002\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========

C:\Users\nico\.housecall6.6\patch.exe
[218736 Byte(s)|--a------|11/04/2009 20:08|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]

C:\Users\nico\Documents\Downloads\Roxio Creator 2009 Keygen.exe
[137728 Byte(s)|--a------|12/03/2009 22:24|HashMD5: ad225c457b1515ac5aa2dfc6f0f2261b |CRC32: d84ef3d4]

C:\Users\nico\Documents\Downloads\quake.4_keygen+\keygen.exe
[97792 Byte(s)|--a------|13/12/2005 15:00|HashMD5: 8dd577b8680a705a1347a5b5eb6261fc |CRC32: 36283462]

+---------------------------------------------------------------------------+

5053 Byte(s) - C:\Ad-Report-Clean-10.05.2009.log
5506 Byte(s) - C:\Ad-Report-Clean-11.05.2009.log
4729 Byte(s) - C:\Ad-Report-Scan-10.05.2009.log
634 Byte(s) - C:\Ad-Report-Scan-11.05.2009.log

19 File(s) - C:\Program Files\Ad-remover\BACKUP
3 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 17:27:50 | 11/05/2009
.
+-----------------| E.O.F
.

-----------------------------------------------------------------------------------------------------------------------------

Combofix :

ComboFix 09-05-10.07 - nico 11/05/2009 17:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1534.825 [GMT 2:00]
Lancé depuis: c:\users\nico\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 18:21 . 2009-05-11 15:26 -------- d-----w c:\program files\Ad-remover
2009-05-08 17:58 . 2009-05-08 17:58 -------- d-----w c:\program files\Quicksys
2009-05-07 15:43 . 2009-05-07 15:43 -------- d-----w c:\program files\trend micro
2009-05-07 15:43 . 2009-05-07 15:43 -------- d-----w C:\rsit
2009-05-06 18:32 . 2009-05-06 18:32 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-06 18:32 . 2009-05-07 15:40 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-06 18:32 . 2009-05-06 18:32 -------- d-----w c:\users\nico\AppData\Roaming\SUPERAntiSpyware.com
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\users\nico\AppData\Roaming\Malwarebytes
2009-05-06 17:53 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 17:53 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 22:35 . 2009-05-01 22:35 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-01 22:33 . 2009-05-01 22:33 -------- d-----w c:\users\nico\AppData\Roaming\Atari
2009-04-29 11:48 . 2009-04-29 11:48 -------- d-----w c:\users\nico\AppData\Roaming\Avira
2009-04-29 11:30 . 2009-04-29 11:19 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 11:30 . 2009-04-29 11:30 -------- d-----w c:\program files\Avira
2009-04-21 18:03 . 2009-04-21 18:03 -------- d-----w c:\program files\id Software
2009-04-20 23:24 . 2009-04-20 23:24 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-19 09:54 . 2009-04-19 09:54 -------- d-----w c:\programdata\Messenger Plus!
2009-04-18 18:47 . 2009-04-18 18:47 -------- d-----w c:\program files\Music NFO Builder
2009-04-18 18:02 . 2009-04-18 18:02 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 13:16 . 2009-04-18 13:16 -------- d-----w c:\program files\Patch MsnCreative
2009-04-17 17:14 . 2009-04-17 17:15 -------- d-----w c:\program files\Windows Live
2009-04-17 17:02 . 2009-04-17 17:04 -------- d-----w c:\users\nico\amsn
2009-04-17 16:52 . 2009-04-17 16:52 -------- d-----w c:\program files\Windows Installer Clean Up
2009-04-13 11:12 . 2009-04-13 11:13 34 ----a-w c:\users\nico\jagex_runescape_preferences.dat
2009-04-13 11:12 . 2009-04-13 11:12 -------- d-----w c:\windows\.jagex_cache_32
2009-04-11 18:09 . 2009-04-11 18:08 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-11 18:08 . 2009-04-11 18:09 -------- d-----w c:\users\nico\.housecall6.6

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 14:26 . 2007-01-27 00:57 681474 ----a-w c:\windows\system32\perfh00C.dat
2009-05-11 14:26 . 2007-01-27 00:57 128676 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 17:57 . 2007-01-26 16:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-06 18:31 . 2009-01-18 16:46 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 13:07 . 2009-01-10 19:29 257608 ----a-w c:\users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-02 20:58 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-02 20:58 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-02 20:57 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-02 20:49 . 2009-01-31 20:34 -------- d-----w c:\program files\SystemRequirementsLab
2009-05-02 20:46 . 2009-01-18 16:30 -------- d-----w c:\programdata\ma-config.com
2009-05-02 20:46 . 2009-01-18 16:30 -------- d-----w c:\program files\ma-config.com
2009-04-26 21:37 . 2009-01-11 19:22 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-24 18:59 . 2009-01-20 17:21 -------- d-----w c:\program files\QuickMediaConverter
2009-04-20 23:25 . 2009-02-26 23:00 -------- d-----w c:\program files\DivX
2009-04-18 13:05 . 2009-01-30 17:32 -------- d-----w c:\program files\MSECache
2009-04-16 19:44 . 2009-03-16 20:34 -------- d-----w c:\program files\Audible
2009-04-15 18:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-06 19:19 . 2009-03-19 19:04 -------- d-----w c:\program files\Mp3tag
2009-04-03 16:47 . 2009-04-03 16:42 20693 ----a-w c:\windows\War3Unin.dat
2009-04-03 16:42 . 2009-04-03 16:42 2829 ----a-w c:\windows\War3Unin.pif
2009-04-03 16:42 . 2009-04-03 16:42 126976 ----a-w c:\windows\War3Unin.exe
2009-04-03 15:03 . 2009-04-03 15:03 -------- d-----w c:\program files\THQ
2009-04-02 18:26 . 2009-04-02 18:26 -------- d-----w c:\program files\Electronic Arts
2009-04-02 18:26 . 2009-01-14 12:24 1698 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-29 17:04 . 2009-03-29 17:04 -------- d-----w c:\program files\Megaupload
2009-03-27 06:14 . 2007-01-26 16:14 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 12:17 . 2009-02-28 18:12 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 15:25 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 15:25 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 20:35 . 2009-03-06 16:01 -------- d-----w c:\program files\Creative
2009-03-16 20:33 . 2009-03-06 16:01 -------- d--h--w c:\program files\Creative Installation Information
2009-03-16 20:31 . 2009-03-16 20:31 -------- d-----w c:\program files\Common Files\Creative
2009-03-15 12:39 . 2007-01-26 16:16 -------- d-----w c:\program files\Common Files\Adobe
2009-03-13 19:35 . 2009-01-11 00:15 -------- d-----w c:\program files\Microsoft
2009-03-13 18:57 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-13 18:53 . 2009-03-07 21:18 -------- d-----w c:\program files\Microsoft Works
2009-03-13 18:47 . 2009-02-04 14:40 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-12 20:41 . 2009-02-26 23:00 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-12 20:39 . 2009-03-12 20:28 -------- d-----w c:\program files\Roxio Creator 2009
2009-03-12 20:38 . 2009-03-12 20:31 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-12 20:34 . 2007-01-26 16:20 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-12 20:33 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-03-12 20:28 . 2009-03-12 20:28 -------- d-----w c:\program files\SmartSound Software
2009-03-09 04:19 . 2009-01-10 20:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-09 16:22 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-09 16:22 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 16:22 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-09 16:22 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-09 16:22 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-09 16:22 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-09 16:22 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-09 16:22 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-09 16:22 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-09 16:22 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 16:22 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-09 16:22 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 16:22 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-09 16:22 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 16:22 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 16:22 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 16:22 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-09 16:22 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 12:20 . 2009-03-05 12:20 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-03 04:46 . 2009-04-15 15:25 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 15:25 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 15:25 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 15:25 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 15:25 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 15:25 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 15:25 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 15:25 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 15:25 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 15:25 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-27 00:29 . 2007-01-26 16:14 319984 ----a-w c:\windows\DIFxAPI.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-21 14:17 . 2009-02-03 19:44 146288 ----a-w c:\windows\hpoins18.dat
2009-02-18 13:44 . 2009-02-09 12:18 135168 ----a-w c:\windows\system32\nvcod140.dll
2009-02-13 08:49 . 2009-04-15 15:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 15:25 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-01-11 20:16 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-01-27 00:59 . 2007-01-27 00:59 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-21 91440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-04-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-15 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CTCheck"="c:\program files\Creative\Creative ZEN (DVP-FL0001)\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-04-29 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-07 15:40 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2784458472-1996006743-1886199985-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADDE03A0-D901-4BFD-B31D-4BA4AA1C418D}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{B1D80A3F-D4A7-4F03-819E-73485D705789}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{0D4296E0-6061-4063-BE9D-94969428B856}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{845C6C47-FE62-494B-AD22-7F068B1C68B3}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{68B85345-9E1A-4AF2-B6FF-207E4AFCE139}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{ADD39238-AC6C-4EF6-B161-386EDBB7A39F}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{8C68DD4C-1C01-434E-9787-5081C3F9119F}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{234DCABD-0039-4FA0-A5DE-C1A901996ACA}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1277E6F4-727E-41B0-9007-C076684379D9}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{48063463-827B-437B-84A4-538980A954C1}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{E315DDEE-0E3D-401A-8168-918A8F7B83B3}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{869C9CE4-E55D-4735-980F-C11A0DD2722A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{AA4D537B-838B-4C83-A609-39EA23F9BE5C}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{30420E5A-120A-4494-BDF3-4D1F42E8B819}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D0DE1765-8871-4E2B-A992-DB39665F8E46}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A5EB6E45-989A-4214-A727-8491E1209284}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3BB05137-4D1C-4E49-8940-31614B1EC199}"= UDP:c:\users\nico\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1984EF9F-F04A-4A9F-801A-503EB4CD8E13}"= TCP:c:\users\nico\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{226219FA-DF87-4E48-8A94-EA7CDE836D7B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{F722F4FE-5D09-4716-9A13-AE488814B0E9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{668FAA7F-63F8-4F15-8914-383D2A7B384E}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"UDP Query User{8A9327FB-B8E5-47AD-937D-53166313EF68}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"TCP Query User{3908D586-CFCC-4C0C-BD85-3BE6778EB680}c:\\program files\\website x5 evolution\\website.exe"= UDP:c:\program files\website x5 evolution\website.exe:WebSite X5 Evolution
"UDP Query User{48F42427-410D-4295-A4A5-15A9DE45947D}c:\\program files\\website x5 evolution\\website.exe"= TCP:c:\program files\website x5 evolution\website.exe:WebSite X5 Evolution
"TCP Query User{B8D46EA8-AA39-48AA-B52D-840388DC9037}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FB38B1D9-1344-4484-8F30-1DC9BAAE14E7}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{E9442770-1FFA-40F7-96A3-8B6ED056649F}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{4B4270C4-8ACB-4DA5-B030-A3DA2C24E6BF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{8DD7C48A-1501-41D6-947F-9A1581A4D51C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{371442E9-B27A-4007-AF66-73AD75648F8F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AFFB00B2-D6E7-4B6C-88D7-6EC577E40511}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CF6EE0E4-7F55-4A9F-9C5A-3C1044BC047E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F14C07F-7106-42D1-8C16-A1336DF198A4}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{7584EBA0-00C8-49A1-9881-78B2AC06FBF4}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{FD962382-45AE-44C2-9336-B2126C0A0BEA}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{BFB7454A-31AE-4C3A-B365-E1B6EF2DC8D1}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{085CD172-BABC-4BF0-AA69-83D9677A8C06}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{BB178695-F885-4CAF-8370-EC757CD0E6BC}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{20E60DE7-35B9-494A-A144-77C222CE77DF}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{2B29E91D-DD2D-44D6-A593-FC37B47F887E}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{193F0BE7-D6B7-4D48-B2BD-198395092861}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{B7F0C476-7297-416F-AD0E-AA1BE52114F2}c:\\program files\\valve\\counter-strike source\\srcds.exe"= UDP:c:\program files\valve\counter-strike source\srcds.exe:srcds
"UDP Query User{AC05AE9F-3C7A-4387-841F-701A5F3534BF}c:\\program files\\valve\\counter-strike source\\srcds.exe"= TCP:c:\program files\valve\counter-strike source\srcds.exe:srcds
"{F1AE4E81-F9B1-4507-A9C9-C40562E651C0}"= UDP:6346:Shareaza TCP
"{E782F51E-B594-4A5F-AB35-DB8A687159DA}"= TCP:6346:Shareaza UDP
"{D5CFAF00-2894-484B-A964-98CCF85C3939}"= UDP:c:\users\nico\Documents\Downloads\utorrent.exe:µTorrent (TCP-In)
"{285845B4-B754-4A67-A925-9FC42FDBE4C5}"= TCP:c:\users\nico\Documents\Downloads\utorrent.exe:µTorrent (UDP-In)
"{F905ADCC-A623-47D3-B673-8A11A5FDD4EC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A686EC5B-A674-487F-AE22-BB218E0CFDDE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{41FE987E-ADEC-4AE4-A90C-CA5403570037}"= UDP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{5CF15BC3-D72A-4049-86A4-B56DBAC435BB}"= TCP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{66D97B9D-7041-4C99-86B3-A64818562939}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{3880C72B-EFD6-4D10-98E5-A25C17BBD30D}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{1E2DF8D9-366F-42A3-BF2B-3BCF6AF564BC}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{284349B8-956B-49A5-85C8-99A81639851F}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{443C8EB4-B098-4828-A7A0-5E2778E3D6BA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{E5255387-E110-49AE-BADE-ECA6F7885DC4}e:\\jeux\\warcraft iii\\war3.exe"= UDP:e:\jeux\warcraft iii\war3.exe:Warcraft III
"UDP Query User{9D5E91DD-4014-4A6D-9450-759CE226631B}e:\\jeux\\warcraft iii\\war3.exe"= TCP:e:\jeux\warcraft iii\war3.exe:Warcraft III
"{F0577086-E02D-4112-B1CC-C5802B7D6868}"= UDP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{5F96FC55-4C41-4F96-B94C-089E163F3478}"= TCP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{02862A38-3901-4540-8EED-EA13F9A31E93}"= UDP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{A0B3B906-42F7-4B6B-8D3D-22DE2EF31B21}"= TCP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{EE85808B-C669-477C-8DB5-B2553581D880}"= UDP:e:\jeux\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{BFE51BCA-B343-4505-8F11-A7F4EC160327}"= TCP:e:\jeux\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"TCP Query User{E8AE55DE-B807-4E79-BA27-762607B0E52E}e:\\jeux\\electronic arts\\eadm\\core.exe"= UDP:e:\jeux\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{64CF8EA5-B816-4BA4-9ABB-BF492E91317A}e:\\jeux\\electronic arts\\eadm\\core.exe"= TCP:e:\jeux\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{D24C82F3-7335-4AD1-8340-D83FA9578FB7}e:\\jeux\\quake 4\\quake4ded.exe"= UDP:e:\jeux\quake 4\quake4ded.exe:Quake 4
"UDP Query User{0F747C11-7C62-440A-8567-8FD4045AA03E}e:\\jeux\\quake 4\\quake4ded.exe"= TCP:e:\jeux\quake 4\quake4ded.exe:Quake 4
"TCP Query User{9A5E5095-2B69-43BA-846E-FCFDC32096E8}e:\\jeux\\valve\\counter-strike source\\hl2.exe"= UDP:e:\jeux\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{CE35873B-ACEF-440F-AB56-51E7A45E995B}e:\\jeux\\valve\\counter-strike source\\hl2.exe"= TCP:e:\jeux\valve\counter-strike source\hl2.exe:hl2
"{FD52C7C0-0DE0-4E97-AE27-9631311EED7F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{363E1FD6-832E-4FA4-8B3B-1A0EFD7B3F6A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36FBF30B-C3BB-4DC0-B866-180D2BB3E910}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{E981AF23-F145-48F6-BD70-6F59C18FA3A4}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{FE87A699-137A-48DF-9D7F-10A77441B67B}e:\\jeux\\microsoft games\\age of empire ii\\empires2.exe"= UDP:e:\jeux\microsoft games\age of empire ii\empires2.exe:Age of Empires II
"UDP Query User{6FD77F9D-2DDF-45D4-BE9C-0BF783520A28}e:\\jeux\\microsoft games\\age of empire ii\\empires2.exe"= TCP:e:\jeux\microsoft games\age of empire ii\empires2.exe:Age of Empires II

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [21/02/2009 16:22 21144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [13/05/2008 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [29/04/2009 13:30 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/04/2009 13:30 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [29/04/2009 13:30 432897]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [21/02/2009 16:18 43520]
S2 gupdate1c98d36c500d0c9;Google Update Service (gupdate1c98d36c500d0c9);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2009 19:24 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 01:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 01:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 01:24 170480]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [11/01/2009 00:22 28224]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 01:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [08/01/2009 08:52 1122304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00652dc1-38c9-11de-af7a-0019db4134f7}]
\shell\AutoRun\command - L:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00652dc3-38c9-11de-af7a-0019db4134f7}]
\shell\AutoRun\command - M:\CDCheck.exe
.
Contenu du dossier 'Tâches planifiées'

2009-05-11 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-26 16:38]

2009-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 19:45]

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 17:24]

2009-05-11 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-26 16:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\p7mh6y1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\p7mh6y1p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 17:35
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2784458472-1996006743-1886199985-1002\Software\SecuROM\License information*]
"datasecu"=hex:1f,3a,5b,27,1f,1a,fb,8a,dc,d6,28,95,99,4d,92,38,79,ee,c7,1e,ab,
cb,e8,cc,4d,f5,5d,7e,53,ed,8c,49,ef,53,1d,34,df,1b,4b,50,3d,75,4e,58,3f,4e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Heure de fin: 2009-05-11 17:37
ComboFix-quarantined-files.txt 2009-05-11 15:37

Avant-CF: 61 837 369 344 octets libres
Après-CF: 61 909 794 816 octets libres

385 --- E O F --- 2009-05-11 14:27
0
Réponse 26 / 35
Utilisateur anonyme
 
Re,

Bien reçu :).

J'espère que tu n'as pas relancé FireFox .. fait ceci maintenant :

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


File::
%TEMP%\*.*
C:\Windows\System32\lmhjfhbakdsmkinvl.dll
C:\Windows\System32\lmhjfhbakdsmkinvl.dll-uninst.exe
C:\Program Files\Mozilla FireFox\Components\lmhjfhbakdsmkinvl.dll

DirLook::
C:\Program Files\Mozilla FireFox\Components

Firefox::

FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=



Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt.

S'il n'y a pas de rédémarrage, poste quand même le rapport.

++
0
Réponse 27 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
ComboFix 09-05-10.07 - nico 11/05/2009 18:07.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1534.768 [GMT 2:00]
Lancé depuis: c:\users\nico\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\nico\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FILE ::
c:\program files\Mozilla FireFox\Components\lmhjfhbakdsmkinvl.dll
c:\windows\System32\lmhjfhbakdsmkinvl.dll
c:\windows\System32\lmhjfhbakdsmkinvl.dll-uninst.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 18:21 . 2009-05-11 15:57 -------- d-----w c:\program files\Ad-remover
2009-05-08 17:58 . 2009-05-08 17:58 -------- d-----w c:\program files\Quicksys
2009-05-07 15:43 . 2009-05-07 15:43 -------- d-----w c:\program files\trend micro
2009-05-07 15:43 . 2009-05-07 15:43 -------- d-----w C:\rsit
2009-05-06 18:32 . 2009-05-06 18:32 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-06 18:32 . 2009-05-07 15:40 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-06 18:32 . 2009-05-06 18:32 -------- d-----w c:\users\nico\AppData\Roaming\SUPERAntiSpyware.com
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\users\nico\AppData\Roaming\Malwarebytes
2009-05-06 17:53 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 17:53 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 17:53 . 2009-05-06 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 22:35 . 2009-05-01 22:35 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-01 22:33 . 2009-05-01 22:33 -------- d-----w c:\users\nico\AppData\Roaming\Atari
2009-04-29 11:48 . 2009-04-29 11:48 -------- d-----w c:\users\nico\AppData\Roaming\Avira
2009-04-29 11:30 . 2009-04-29 11:19 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 11:30 . 2009-04-29 11:30 -------- d-----w c:\program files\Avira
2009-04-21 18:03 . 2009-04-21 18:03 -------- d-----w c:\program files\id Software
2009-04-20 23:24 . 2009-04-20 23:24 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-19 09:54 . 2009-04-19 09:54 -------- d-----w c:\programdata\Messenger Plus!
2009-04-18 18:47 . 2009-04-18 18:47 -------- d-----w c:\program files\Music NFO Builder
2009-04-18 18:02 . 2009-04-18 18:02 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 13:16 . 2009-04-18 13:16 -------- d-----w c:\program files\Patch MsnCreative
2009-04-17 17:14 . 2009-04-17 17:15 -------- d-----w c:\program files\Windows Live
2009-04-17 17:02 . 2009-04-17 17:04 -------- d-----w c:\users\nico\amsn
2009-04-17 16:52 . 2009-04-17 16:52 -------- d-----w c:\program files\Windows Installer Clean Up
2009-04-13 11:12 . 2009-04-13 11:13 34 ----a-w c:\users\nico\jagex_runescape_preferences.dat
2009-04-13 11:12 . 2009-04-13 11:12 -------- d-----w c:\windows\.jagex_cache_32
2009-04-11 18:09 . 2009-04-11 18:08 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-11 18:08 . 2009-04-11 18:09 -------- d-----w c:\users\nico\.housecall6.6

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 14:26 . 2007-01-27 00:57 681474 ----a-w c:\windows\system32\perfh00C.dat
2009-05-11 14:26 . 2007-01-27 00:57 128676 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 17:57 . 2007-01-26 16:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-06 18:31 . 2009-01-18 16:46 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 13:07 . 2009-01-10 19:29 257608 ----a-w c:\users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-02 20:58 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-02 20:58 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-02 20:57 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-02 20:49 . 2009-01-31 20:34 -------- d-----w c:\program files\SystemRequirementsLab
2009-05-02 20:46 . 2009-01-18 16:30 -------- d-----w c:\programdata\ma-config.com
2009-05-02 20:46 . 2009-01-18 16:30 -------- d-----w c:\program files\ma-config.com
2009-04-26 21:37 . 2009-01-11 19:22 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-24 18:59 . 2009-01-20 17:21 -------- d-----w c:\program files\QuickMediaConverter
2009-04-20 23:25 . 2009-02-26 23:00 -------- d-----w c:\program files\DivX
2009-04-18 13:05 . 2009-01-30 17:32 -------- d-----w c:\program files\MSECache
2009-04-16 19:44 . 2009-03-16 20:34 -------- d-----w c:\program files\Audible
2009-04-15 18:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-06 19:19 . 2009-03-19 19:04 -------- d-----w c:\program files\Mp3tag
2009-04-03 16:47 . 2009-04-03 16:42 20693 ----a-w c:\windows\War3Unin.dat
2009-04-03 16:42 . 2009-04-03 16:42 2829 ----a-w c:\windows\War3Unin.pif
2009-04-03 16:42 . 2009-04-03 16:42 126976 ----a-w c:\windows\War3Unin.exe
2009-04-03 15:03 . 2009-04-03 15:03 -------- d-----w c:\program files\THQ
2009-04-02 18:26 . 2009-04-02 18:26 -------- d-----w c:\program files\Electronic Arts
2009-04-02 18:26 . 2009-01-14 12:24 1698 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-29 17:04 . 2009-03-29 17:04 -------- d-----w c:\program files\Megaupload
2009-03-27 06:14 . 2007-01-26 16:14 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 12:17 . 2009-02-28 18:12 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 15:25 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 15:25 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 20:35 . 2009-03-06 16:01 -------- d-----w c:\program files\Creative
2009-03-16 20:33 . 2009-03-06 16:01 -------- d--h--w c:\program files\Creative Installation Information
2009-03-16 20:31 . 2009-03-16 20:31 -------- d-----w c:\program files\Common Files\Creative
2009-03-15 12:39 . 2007-01-26 16:16 -------- d-----w c:\program files\Common Files\Adobe
2009-03-13 19:35 . 2009-01-11 00:15 -------- d-----w c:\program files\Microsoft
2009-03-13 18:57 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-03-13 18:53 . 2009-03-07 21:18 -------- d-----w c:\program files\Microsoft Works
2009-03-13 18:47 . 2009-02-04 14:40 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-12 20:41 . 2009-02-26 23:00 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-12 20:39 . 2009-03-12 20:28 -------- d-----w c:\program files\Roxio Creator 2009
2009-03-12 20:38 . 2009-03-12 20:31 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-12 20:34 . 2007-01-26 16:20 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-12 20:33 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-03-12 20:28 . 2009-03-12 20:28 -------- d-----w c:\program files\SmartSound Software
2009-03-09 04:19 . 2009-01-10 20:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-09 16:22 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-09 16:22 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 16:22 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-09 16:22 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-09 16:22 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-09 16:22 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-09 16:22 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-09 16:22 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-09 16:22 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-09 16:22 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 16:22 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-09 16:22 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 16:22 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-09 16:22 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 16:22 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 16:22 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 16:22 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-09 16:22 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 12:20 . 2009-03-05 12:20 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-03 04:46 . 2009-04-15 15:25 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 15:25 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 15:25 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 15:25 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 15:25 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 15:25 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 15:25 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 15:25 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 15:25 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 15:25 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-27 00:29 . 2007-01-26 16:14 319984 ----a-w c:\windows\DIFxAPI.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-21 14:17 . 2009-02-03 19:44 146288 ----a-w c:\windows\hpoins18.dat
2009-02-18 13:44 . 2009-02-09 12:18 135168 ----a-w c:\windows\system32\nvcod140.dll
2009-02-13 08:49 . 2009-04-15 15:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 15:25 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-01-11 20:16 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-01-27 00:59 . 2007-01-27 00:59 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\Mozilla FireFox\Components ----

2009-01-13 21:11 . 2008-09-10 19:37 556 ----a-w c:\program files\Mozilla FireFox\Components\nsJSRealPlayerPlugin.xpt
2009-01-13 21:11 . 2003-10-03 19:29 6789 ----a-w c:\program files\Mozilla FireFox\Components\nppl3260.xpt
2009-01-10 20:12 . 2008-12-02 08:04 34011 ----a-w c:\program files\Mozilla FireFox\Components\WebContentConverter.js
2009-01-10 20:12 . 2008-12-02 08:04 6667 ----a-w c:\program files\Mozilla FireFox\Components\txEXSLTRegExFunctions.js
2009-01-10 20:12 . 2008-12-02 08:04 49926 ----a-w c:\program files\Mozilla FireFox\Components\storage-Legacy.js
2009-01-10 20:12 . 2008-12-02 08:04 3142 ----a-w c:\program files\Mozilla FireFox\Components\pluginGlue.js
2009-01-10 20:12 . 2008-12-02 08:04 6920 ----a-w c:\program files\Mozilla FireFox\Components\nsWebHandlerApp.js
2009-01-10 20:12 . 2008-12-02 08:04 3097 ----a-w c:\program files\Mozilla FireFox\Components\nsURLFormatter.js
2009-01-10 20:12 . 2008-12-02 08:04 19984 ----a-w c:\program files\Mozilla FireFox\Components\nsUrlClassifierListManager.js
2009-01-10 20:12 . 2008-12-02 08:04 50600 ----a-w c:\program files\Mozilla FireFox\Components\nsUrlClassifierLib.js
2009-01-10 20:12 . 2008-12-02 08:04 112848 ----a-w c:\program files\Mozilla FireFox\Components\nsUpdateService.js
2009-01-10 20:12 . 2008-12-02 08:04 3268 ----a-w c:\program files\Mozilla FireFox\Components\nsTryToClose.js
2009-01-10 20:12 . 2008-12-02 08:04 9967 ----a-w c:\program files\Mozilla FireFox\Components\nsTaggingService.js
2009-01-10 20:12 . 2008-12-02 08:04 12513 ----a-w c:\program files\Mozilla FireFox\Components\nsSidebar.js
2009-01-10 20:12 . 2008-12-02 08:04 2854 ----a-w c:\program files\Mozilla FireFox\Components\nsSetDefaultBrowser.js
2009-01-10 20:12 . 2009-02-06 17:03 76786 ----a-w c:\program files\Mozilla FireFox\Components\nsSessionStore.js
2009-01-10 20:12 . 2008-12-02 08:04 11428 ----a-w c:\program files\Mozilla FireFox\Components\nsSessionStartup.js
2009-01-10 20:12 . 2008-12-02 08:04 24273 ----a-w c:\program files\Mozilla FireFox\Components\nsSearchSuggestions.js
2009-01-10 20:12 . 2009-04-23 10:09 110913 ----a-w c:\program files\Mozilla FireFox\Components\nsSearchService.js
2009-01-10 20:12 . 2008-12-02 08:04 25176 ----a-w c:\program files\Mozilla FireFox\Components\nsSafebrowsingApplication.js
2009-01-10 20:12 . 2008-12-02 08:04 13682 ----a-w c:\program files\Mozilla FireFox\Components\nsProxyAutoConfig.js
2009-01-10 20:12 . 2008-12-02 08:04 21420 ----a-w c:\program files\Mozilla FireFox\Components\nsPostUpdateWin.js
2009-01-10 20:12 . 2008-12-02 08:04 33805 ----a-w c:\program files\Mozilla FireFox\Components\nsPlacesTransactionsService.js
2009-01-10 20:12 . 2008-12-02 08:04 77051 ----a-w c:\program files\Mozilla FireFox\Components\nsMicrosummaryService.js
2009-01-10 20:12 . 2008-12-02 08:04 40367 ----a-w c:\program files\Mozilla FireFox\Components\nsLoginManagerPrompter.js
2009-01-10 20:12 . 2008-12-02 08:04 44047 ----a-w c:\program files\Mozilla FireFox\Components\nsLoginManager.js
2009-01-10 20:12 . 2008-12-02 08:04 4302 ----a-w c:\program files\Mozilla FireFox\Components\nsLoginInfo.js
2009-01-10 20:12 . 2008-12-02 08:04 36039 ----a-w c:\program files\Mozilla FireFox\Components\nsLivemarkService.js
2009-01-10 20:12 . 2008-12-02 08:04 41716 ----a-w c:\program files\Mozilla FireFox\Components\nsHelperAppDlg.js
2009-01-10 20:12 . 2008-12-02 08:04 51214 ----a-w c:\program files\Mozilla FireFox\Components\nsHandlerService.js
2009-01-10 20:12 . 2008-12-02 08:04 333468 ----a-w c:\program files\Mozilla FireFox\Components\nsExtensionManager.js
2009-01-10 20:12 . 2008-12-02 08:04 5737 ----a-w c:\program files\Mozilla FireFox\Components\nsDownloadManagerUI.js
2009-01-10 20:12 . 2008-12-02 08:04 6247 ----a-w c:\program files\Mozilla FireFox\Components\nsDefaultCLH.js
2009-01-10 20:12 . 2008-12-02 08:04 29973 ----a-w c:\program files\Mozilla FireFox\Components\nsContentPrefService.js
2009-01-10 20:12 . 2008-12-02 08:04 5005 ----a-w c:\program files\Mozilla FireFox\Components\nsContentDispatchChooser.js
2009-01-10 20:12 . 2008-12-02 08:04 32315 ----a-w c:\program files\Mozilla FireFox\Components\nsBrowserGlue.js
2009-01-10 20:12 . 2008-12-02 08:04 33087 ----a-w c:\program files\Mozilla FireFox\Components\nsBrowserContentHandler.js
2009-01-10 20:12 . 2009-02-06 17:03 29984 ----a-w c:\program files\Mozilla FireFox\Components\nsBlocklistService.js
2009-01-10 20:12 . 2008-12-02 08:04 3104 ----a-w c:\program files\Mozilla FireFox\Components\nsBadCertHandler.js
2009-01-10 20:12 . 2008-12-02 08:04 11659 ----a-w c:\program files\Mozilla FireFox\Components\nsAddonRepository.js
2009-01-10 20:12 . 2008-12-02 08:04 1494 ----a-w c:\program files\Mozilla FireFox\Components\jsconsole-clhandler.js
2009-01-10 20:12 . 2008-12-02 08:04 38238 ----a-w c:\program files\Mozilla FireFox\Components\fuelApplication.js
2009-01-10 20:12 . 2008-12-02 08:04 49694 ----a-w c:\program files\Mozilla FireFox\Components\FeedWriter.js
2009-01-10 20:12 . 2008-12-02 08:04 66215 ----a-w c:\program files\Mozilla FireFox\Components\FeedProcessor.js
2009-01-10 20:12 . 2008-12-02 08:04 25339 ----a-w c:\program files\Mozilla FireFox\Components\FeedConverter.js
2009-01-10 20:12 . 2009-04-27 22:35 134648 ----a-w c:\program files\Mozilla FireFox\Components\brwsrcmp.dll
2009-01-10 20:12 . 2009-04-27 22:35 23032 ----a-w c:\program files\Mozilla FireFox\Components\browserdirprovider.dll
2009-01-10 20:12 . 2009-04-23 10:09 348547 ----a-w c:\program files\Mozilla FireFox\Components\browser.xpt
2009-01-10 20:12 . 2008-12-02 08:04 2927 ----a-w c:\program files\Mozilla FireFox\Components\aboutRobots.js
2009-01-10 20:12 . 2008-12-02 08:04 2925 ----a-w c:\program files\Mozilla FireFox\Components\aboutRights.js

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-21 91440]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-04-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-15 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CTCheck"="c:\program files\Creative\Creative ZEN (DVP-FL0001)\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-04-29 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-07 15:40 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2784458472-1996006743-1886199985-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADDE03A0-D901-4BFD-B31D-4BA4AA1C418D}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{B1D80A3F-D4A7-4F03-819E-73485D705789}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{0D4296E0-6061-4063-BE9D-94969428B856}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{845C6C47-FE62-494B-AD22-7F068B1C68B3}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{68B85345-9E1A-4AF2-B6FF-207E4AFCE139}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{ADD39238-AC6C-4EF6-B161-386EDBB7A39F}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{8C68DD4C-1C01-434E-9787-5081C3F9119F}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{234DCABD-0039-4FA0-A5DE-C1A901996ACA}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1277E6F4-727E-41B0-9007-C076684379D9}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{48063463-827B-437B-84A4-538980A954C1}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{E315DDEE-0E3D-401A-8168-918A8F7B83B3}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{869C9CE4-E55D-4735-980F-C11A0DD2722A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{AA4D537B-838B-4C83-A609-39EA23F9BE5C}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{30420E5A-120A-4494-BDF3-4D1F42E8B819}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D0DE1765-8871-4E2B-A992-DB39665F8E46}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A5EB6E45-989A-4214-A727-8491E1209284}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3BB05137-4D1C-4E49-8940-31614B1EC199}"= UDP:c:\users\nico\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1984EF9F-F04A-4A9F-801A-503EB4CD8E13}"= TCP:c:\users\nico\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{226219FA-DF87-4E48-8A94-EA7CDE836D7B}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{F722F4FE-5D09-4716-9A13-AE488814B0E9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"TCP Query User{668FAA7F-63F8-4F15-8914-383D2A7B384E}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"UDP Query User{8A9327FB-B8E5-47AD-937D-53166313EF68}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"TCP Query User{3908D586-CFCC-4C0C-BD85-3BE6778EB680}c:\\program files\\website x5 evolution\\website.exe"= UDP:c:\program files\website x5 evolution\website.exe:WebSite X5 Evolution
"UDP Query User{48F42427-410D-4295-A4A5-15A9DE45947D}c:\\program files\\website x5 evolution\\website.exe"= TCP:c:\program files\website x5 evolution\website.exe:WebSite X5 Evolution
"TCP Query User{B8D46EA8-AA39-48AA-B52D-840388DC9037}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FB38B1D9-1344-4484-8F30-1DC9BAAE14E7}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{E9442770-1FFA-40F7-96A3-8B6ED056649F}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{4B4270C4-8ACB-4DA5-B030-A3DA2C24E6BF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{8DD7C48A-1501-41D6-947F-9A1581A4D51C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{371442E9-B27A-4007-AF66-73AD75648F8F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AFFB00B2-D6E7-4B6C-88D7-6EC577E40511}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CF6EE0E4-7F55-4A9F-9C5A-3C1044BC047E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F14C07F-7106-42D1-8C16-A1336DF198A4}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{7584EBA0-00C8-49A1-9881-78B2AC06FBF4}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{FD962382-45AE-44C2-9336-B2126C0A0BEA}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{BFB7454A-31AE-4C3A-B365-E1B6EF2DC8D1}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"TCP Query User{085CD172-BABC-4BF0-AA69-83D9677A8C06}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{BB178695-F885-4CAF-8370-EC757CD0E6BC}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{20E60DE7-35B9-494A-A144-77C222CE77DF}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{2B29E91D-DD2D-44D6-A593-FC37B47F887E}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{193F0BE7-D6B7-4D48-B2BD-198395092861}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{B7F0C476-7297-416F-AD0E-AA1BE52114F2}c:\\program files\\valve\\counter-strike source\\srcds.exe"= UDP:c:\program files\valve\counter-strike source\srcds.exe:srcds
"UDP Query User{AC05AE9F-3C7A-4387-841F-701A5F3534BF}c:\\program files\\valve\\counter-strike source\\srcds.exe"= TCP:c:\program files\valve\counter-strike source\srcds.exe:srcds
"{F1AE4E81-F9B1-4507-A9C9-C40562E651C0}"= UDP:6346:Shareaza TCP
"{E782F51E-B594-4A5F-AB35-DB8A687159DA}"= TCP:6346:Shareaza UDP
"{D5CFAF00-2894-484B-A964-98CCF85C3939}"= UDP:c:\users\nico\Documents\Downloads\utorrent.exe:µTorrent (TCP-In)
"{285845B4-B754-4A67-A925-9FC42FDBE4C5}"= TCP:c:\users\nico\Documents\Downloads\utorrent.exe:µTorrent (UDP-In)
"{F905ADCC-A623-47D3-B673-8A11A5FDD4EC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A686EC5B-A674-487F-AE22-BB218E0CFDDE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{41FE987E-ADEC-4AE4-A90C-CA5403570037}"= UDP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{5CF15BC3-D72A-4049-86A4-B56DBAC435BB}"= TCP:c:\program files\DivX\DivX Player\DivX Player.exe:DivX Player
"{66D97B9D-7041-4C99-86B3-A64818562939}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{3880C72B-EFD6-4D10-98E5-A25C17BBD30D}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{1E2DF8D9-366F-42A3-BF2B-3BCF6AF564BC}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{284349B8-956B-49A5-85C8-99A81639851F}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{443C8EB4-B098-4828-A7A0-5E2778E3D6BA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{E5255387-E110-49AE-BADE-ECA6F7885DC4}e:\\jeux\\warcraft iii\\war3.exe"= UDP:e:\jeux\warcraft iii\war3.exe:Warcraft III
"UDP Query User{9D5E91DD-4014-4A6D-9450-759CE226631B}e:\\jeux\\warcraft iii\\war3.exe"= TCP:e:\jeux\warcraft iii\war3.exe:Warcraft III
"{F0577086-E02D-4112-B1CC-C5802B7D6868}"= UDP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{5F96FC55-4C41-4F96-B94C-089E163F3478}"= TCP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{02862A38-3901-4540-8EED-EA13F9A31E93}"= UDP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{A0B3B906-42F7-4B6B-8D3D-22DE2EF31B21}"= TCP:e:\jeux\Ubisoft\Tom Clancy's Endwar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{EE85808B-C669-477C-8DB5-B2553581D880}"= UDP:e:\jeux\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"{BFE51BCA-B343-4505-8F11-A7F4EC160327}"= TCP:e:\jeux\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander
"TCP Query User{E8AE55DE-B807-4E79-BA27-762607B0E52E}e:\\jeux\\electronic arts\\eadm\\core.exe"= UDP:e:\jeux\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{64CF8EA5-B816-4BA4-9ABB-BF492E91317A}e:\\jeux\\electronic arts\\eadm\\core.exe"= TCP:e:\jeux\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{D24C82F3-7335-4AD1-8340-D83FA9578FB7}e:\\jeux\\quake 4\\quake4ded.exe"= UDP:e:\jeux\quake 4\quake4ded.exe:Quake 4
"UDP Query User{0F747C11-7C62-440A-8567-8FD4045AA03E}e:\\jeux\\quake 4\\quake4ded.exe"= TCP:e:\jeux\quake 4\quake4ded.exe:Quake 4
"TCP Query User{9A5E5095-2B69-43BA-846E-FCFDC32096E8}e:\\jeux\\valve\\counter-strike source\\hl2.exe"= UDP:e:\jeux\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{CE35873B-ACEF-440F-AB56-51E7A45E995B}e:\\jeux\\valve\\counter-strike source\\hl2.exe"= TCP:e:\jeux\valve\counter-strike source\hl2.exe:hl2
"{FD52C7C0-0DE0-4E97-AE27-9631311EED7F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{363E1FD6-832E-4FA4-8B3B-1A0EFD7B3F6A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36FBF30B-C3BB-4DC0-B866-180D2BB3E910}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{E981AF23-F145-48F6-BD70-6F59C18FA3A4}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{FE87A699-137A-48DF-9D7F-10A77441B67B}e:\\jeux\\microsoft games\\age of empire ii\\empires2.exe"= UDP:e:\jeux\microsoft games\age of empire ii\empires2.exe:Age of Empires II
"UDP Query User{6FD77F9D-2DDF-45D4-BE9C-0BF783520A28}e:\\jeux\\microsoft games\\age of empire ii\\empires2.exe"= TCP:e:\jeux\microsoft games\age of empire ii\empires2.exe:Age of Empires II

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [21/02/2009 16:22 21144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [13/05/2008 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 12:43 55024]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [29/04/2009 13:30 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/04/2009 13:30 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [29/04/2009 13:30 432897]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [21/02/2009 16:18 43520]
S2 gupdate1c98d36c500d0c9;Google Update Service (gupdate1c98d36c500d0c9);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2009 19:24 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 01:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 01:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 01:24 170480]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [11/01/2009 00:22 28224]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 01:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [08/01/2009 08:52 1122304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 12:44 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00652dc1-38c9-11de-af7a-0019db4134f7}]
\shell\AutoRun\command - L:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00652dc3-38c9-11de-af7a-0019db4134f7}]
\shell\AutoRun\command - M:\CDCheck.exe
.
Contenu du dossier 'Tâches planifiées'

2009-05-11 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-26 16:38]

2009-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 19:45]

2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 17:24]

2009-05-11 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-26 16:34]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\p7mh6y1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\p7mh6y1p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13); user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 18:10
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP00000061738761BF5599FFE8 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2784458472-1996006743-1886199985-1002\Software\SecuROM\License information*]
"datasecu"=hex:1f,3a,5b,27,1f,1a,fb,8a,dc,d6,28,95,99,4d,92,38,79,ee,c7,1e,ab,
cb,e8,cc,4d,f5,5d,7e,53,ed,8c,49,ef,53,1d,34,df,1b,4b,50,3d,75,4e,58,3f,4e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Heure de fin: 2009-05-11 18:12
ComboFix-quarantined-files.txt 2009-05-11 16:12
ComboFix2.txt 2009-05-11 15:37

Avant-CF: 61 900 111 872 octets libres
Après-CF: 61 908 291 584 octets libres

439 --- E O F --- 2009-05-11 14:27

firefox toujours pas relancé, et l'ordinateur n'a pas redémarré ;)
0
Réponse 28 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
Re !

j'ai du nouveau : je n'ai plus de links sur google et wikipédia !!! Merci encore !

Sujet résolu ?!
0
Réponse 29 / 35
Utilisateur anonyme
 
Re,

Désolé du temps de réponse, j'ai eu une coupure internet .. réseau en carton.

peux-tu désinstaller Firefox, et le réinstaller ?

Poste aussi un nouveau rapport DDS stp :)

++
0
Réponse 30 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
re !

DDS (Ver_09-03-16.01) - NTFSx86
Run by nico at 19:26:43,92 on 14/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1534.768 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Creative\Creative ZEN (DVP-FL0001)\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\nico\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [ACTIVBOARD] c:\program files\packard bell\fiji\aboard.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CTCheck] c:\program files\creative\creative zen (dvp-fl0001)\zen media explorer\CTCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nico\appdata\roaming\mozilla\firefox\profiles\d0qhzq9m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-2-21 21144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 55024]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-4-29 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-4-29 432897]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2009-2-21 43520]
S2 gupdate1c98d36c500d0c9;Google Update Service (gupdate1c98d36c500d0c9);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-4-21 216232]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-1-11 28224]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 7408]

=============== Created Last 30 ================

2009-05-11 18:06 <DIR> --d----- C:\ComboFix
2009-05-11 17:31 161,792 a------- c:\windows\SWREG.exe
2009-05-11 17:31 98,816 a------- c:\windows\sed.exe
2009-05-10 20:21 <DIR> --d----- c:\program files\Ad-remover
2009-05-08 19:58 <DIR> --d----- c:\program files\Quicksys
2009-05-07 17:43 <DIR> --d----- c:\program files\trend micro
2009-05-06 20:32 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\users\nico\appdata\roaming\SUPERAntiSpyware.com
2009-05-06 20:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-06 19:53 <DIR> --d----- c:\users\nico\appdata\roaming\Malwarebytes
2009-05-06 19:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-06 19:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 19:53 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-06 19:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 19:53 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-02 00:35 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-02 00:33 <DIR> --d----- c:\users\nico\appdata\roaming\Atari
2009-04-29 13:48 <DIR> --d----- c:\users\nico\appdata\roaming\Avira
2009-04-29 13:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-29 13:30 <DIR> --d----- c:\program files\Avira
2009-04-21 20:03 <DIR> --d----- c:\program files\id Software
2009-04-21 01:24 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-19 11:54 <DIR> --d----- c:\programdata\Messenger Plus!
2009-04-19 11:54 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-04-18 20:47 <DIR> --d----- c:\program files\Music NFO Builder
2009-04-18 20:02 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-04-18 15:16 <DIR> --d----- c:\program files\Patch MsnCreative
2009-04-17 19:02 <DIR> --d----- c:\users\nico\amsn
2009-04-17 18:52 <DIR> --d----- c:\program files\Windows Installer Clean Up

==================== Find3M ====================

2009-05-14 18:51 681,474 a------- c:\windows\system32\perfh00C.dat
2009-05-14 18:51 128,676 a------- c:\windows\system32\perfc00C.dat
2009-05-02 22:58 51,200 a------- c:\windows\inf\infpub.dat
2009-05-02 22:58 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-02 22:57 86,016 a------- c:\windows\inf\infstor.dat
2009-04-13 13:13 34 a------- c:\users\nico\jagex_runescape_preferences.dat
2009-04-11 20:08 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-03 18:47 20,693 a------- c:\windows\War3Unin.dat
2009-04-03 18:42 126,976 a------- c:\windows\War3Unin.exe
2009-04-03 18:42 2,829 a------- c:\windows\War3Unin.pif
2009-04-02 20:26 1,698 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-27 08:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 06:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 13:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 13:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 13:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 13:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 13:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 13:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 13:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 13:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 13:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 13:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 13:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 13:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 13:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 13:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 13:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 13:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 13:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 13:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 06:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 06:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 06:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 06:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 06:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 06:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 06:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 06:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 05:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 04:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-27 02:29 319,984 a------- c:\windows\DIFxAPI.dll
2009-02-24 21:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 21:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 21:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 21:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-21 16:17 146,288 a------- c:\windows\hpoins18.dat
2009-02-18 15:44 135,168 a------- c:\windows\system32\nvcod140.dll
2009-01-11 22:16 174 a--sh--- c:\program files\desktop.ini
2009-01-11 22:06 665,600 a------- c:\windows\inf\drvindex.dat
2007-01-27 02:56 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2007-01-27 02:56 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2007-01-27 02:56 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2007-01-27 02:56 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:27:18,52 ===============
0
Réponse 31 / 35
Utilisateur anonyme
 
Re,

C'est opé.

De ton côté, toujours pas de soucis?

Si non, on peut commencer à désinstaller les outils.

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

( il se peu que sous Vista, le logiciel rame un peu .. laisse lui le temps de finir )

++
0
Réponse 32 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
re !

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Ad-remover: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-remover: trouvé !
C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Ad-remover: trouvé !
C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-remover: trouvé !
C:\Users\nico\Desktop\ComboFix.exe: trouvé !
C:\Users\nico\Desktop\dds.scr: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Users\nico\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Users\nico\Desktop\dds.scr: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Ad-remover: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-remover: supprimé !
C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Ad-remover: ERREUR DE SUPPRESSION !!
C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-remover: supprimé !
0
Réponse 33 / 35
Utilisateur anonyme
 
Re,

Démarrer > exécuter ( ou la touche >Windows+R ) > tape : ' Combofix /u ' , valide par entrée.

Supprime Toolscleaner et son rapport.

Fait ceci: http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

0
Réponse 34 / 35
-nicolas- Messages postés 6778 Statut Contributeur 1 309
 
voilà c'est fait :)

merci encore !

sujet résolu
0
Réponse 35 / 35
Utilisateur anonyme
 
De rien :)

Bonne continuation !

++
0