Virus? trojan? ( redirection sur google(

Question

Bonjour,

 Depuis aujourdhui , lorsque j'utilise Google, les liens ou je clic me dirige vers des sites tres étranges et sans aucun rapport avec le lien ou je clic :( aider moiiii J'ai pourtant été voir sur le net mais chaque fois c'est des solutions individuel pour chacun!

lesane662 · Answer

Salut télécharge Hijackthis 

Installe le sur ton bureau

Une fois installé lance le en cliquant sur l'icone qui est apparu après l'installation

Une fois hijackthis lancé clic sur "Do a system scan and save the logfile"

Post le rapport ainsi généré dans ta prochaine réponse

Max186 · Answer

ok parfait je fait sa de ce pas

Max186 · Answer

et voila



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:21, on 2009-06-14
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rBot_enc.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

lesane662 · Answer

Oula oui effectivement ya un problème !! 

Télécharge Malwarebytes' Anti-Malware 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.
* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
* Sélectionne "Exécuter un examen rapide"
* Clique sur "Rechercher"
* L'analyse démarre, le scan est relativement court.
* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
* Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.


NB : Si MBAM te demande à redémarrer, fais-le. 

Ensuite telecharge Spybot 

installe le , fais bien les mise à jour et fais un scan 

supprime tous ce qui a été trouvé (si il y a quelques choses)

Max186 · Answer

et merde d'apres ta réponse sa lair grave :(



En fait javais fait une analyse avec Malwarebytes ( une rapide ) il ya detecter 2 truc que jai supprimer et redemarrer. Ils sont dans la quarantaine mais jai encore le probleme. La je vien de faire une analyse complete. estr-ce que cela derange ou je doit faire une rapide?

croit tu que je vais pouvoir regler ce probleme ? :(

lesane662 · Answer

Non ca ne dérange pas mais un examen complet n'étai pas nécéssaire ! 

Si tu me dit que tu as déja fait un scan avec malwarebytes alors laisse tomber 
et laisse tomber spybot aussi

Max186 · Answer

ou je peu telecharger ce fichier

Max186 · Answer

:Pahah pas de probleme  jattend le lien alors

lesane662 · Answer

Voila https://www.luanagames.com/index.fr.html , oublie pas de désactiver ton antivirus pour faire la manip

Max186 · Answer

ok voila !

est-ce que c'est sa?

File/Folder :processes not found.
File/Folder explorer.exe not found.
File/Folder  not found.
File/Folder :services not found.
File/Folder Service Bonjour not found.
File/Folder  not found.
File/Folder :files not found.
Folder move failed. C:\ProgramData\SITEguard scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\STOPzilla!\Quarantine\b0f659e5-ee17-4dbe-bcc8-98e8e3c6d724 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\STOPzilla!\Quarantine\42cffe74-be98-4ad8-94c3-636c0a82c938 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\STOPzilla!\Quarantine\0838552a-e3fe-44a6-8675-f55fd3c8c864 scheduled to be moved on reboot.
Folder cleanup  failed. C:\ProgramData\STOPzilla!\Quarantine scheduled to be deleted on reboot.
Folder cleanup  failed. C:\ProgramData\STOPzilla! scheduled to be deleted on reboot.
Folder move failed. C:\Program Files\Common Files\iS3\Anti-Spyware scheduled to be moved on reboot.
Folder cleanup  failed. C:\Program Files\Common Files\iS3 scheduled to be deleted on reboot.
File/Folder C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} not found.
File/Folder C:\System.sav not found.
File/Folder  not found.
File/Folder :reg not found.
File/Folder [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] not found.
File/Folder [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] not found.
File/Folder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder "SunJavaUpdateSched"=- not found.
File/Folder "HP Software Update"=- not found.
File/Folder "QuickTime Task"=- not found.
File/Folder "Adobe Reader Speed Launcher"=- not found.
File/Folder [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] not found.
File/Folder "swg"=- not found.
File/Folder  not found.
File/Folder  not found.
File/Folder  not found.
File/Folder :commands not found.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [reboot] not found.
 
Created on 06-14-2009 20:57:39

lesane662 · Answer

Oui !! 

Est ce que ca t as demandé de redemarrer après ça ? si oui alors fait le et si non redémarre quand même 

Après télécharge CCleaner 

ensuite installe le sur ton bureau puis démmare le , tu clic sur analyse et une fois fais clic sur "lancer le nettoyage" (répète la procédure 1 fois de + )

après , toujours dans Ccleaner , tu clic sur "registre" puis sur "chercher des erreurs" et pour finir clic sur "réparer les erreurs selectionné" (répète ce procédé jusqu'à qu'il n'y ai plus d'erreurs, 2 ou 3 fois suffisent généralement)

redémarre ton pc après ça  

Ensuite relance Hijackthis et post le rapport ainsi généré

Max186 · Answer

en fait ce fichier jai été le voir apres le redemarrage


donc jai deja ccleaner alors je vais faire sa ( deja que je crois lavoir fait 1 fois ) :P

mais eum le move it a rien déranger sur mon pc ?

lesane662 · Answer

Non pourquoi ? t'as un truc qui va pas ?

Max186 · Answer

non c'est correct  meme que le demerrage de lordi a été plus vite ( mais mon probleme de google toujours la ) 

Je suis entrain d'analyser avec ccleaner mais j'ai rien cocher de plus? est-ce que je doit tout cocher dans le nettoyage ou je laisse par defaut? ensuite je supprimer les fichiers

Max186 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:21, on 2009-06-14
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rBot_enc.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

lesane662 · Answer

Bon Bon Bon !!! 

télécharge GenProc

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

Max186 · Answer

Resalut, je veu juste savoir, j'ai utiliser COMBOMIX d'apres un amis sa laurai marcher. J'ai pas eu de probleme sur google pour l'instant. Voici le rapport hijackthis  Est-ce que c'est regler? Si non je vais downloader le logiciel ci haut et refaire des manips :(



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:21, on 2009-06-14
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rBot_enc.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Max186 · Answer

Resalut, je veu juste savoir, j'ai utiliser COMBOMIX d'apres un amis sa laurai marcher. J'ai pas eu de probleme sur google pour l'instant. Voici le rapport hijackthis  Est-ce que c'est regler? Si non je vais downloader le logiciel ci haut et refaire des manips :(



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:21, on 2009-06-14
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] rBot_enc.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

lesane662 · Answer

Non non ! fais attention avec combofix , ce logiciel est très puissant , il faut quelqu'un d'expérimenter pour l'utiliser ! moi je ne m'en sert pas car je ne le connais encore pas très bien 

Essai ça : 

télécharge USBFix de Chiquitine29


&#9654; Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

&#9654; Double clic sur le raccourci UsbFix présent sur ton bureau .

&#9654; Choisi l option 1 ( Recherche )

&#9654; Laisse travailler l outil.

&#9654; Ensuite post le rapport UsbFix.txt qui apparaitra.

&#9654; Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Max186 · Answer

ok j'ai deja utiliser combomix :(  mais pour le truc usb . je doit brancher une clef et analyser sa avec le programme?

voici le rapport 

ComboFix 09-06-14.02 - Maxime 2009-06-14 23:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.2.1036.18.2046.1149 [GMT -4:00]
Lancé depuis: c:\users\Maxime\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Maxime\AppData\Roaming\inst.exe
c:\windows\system32\drivers\SKYNETtmaylogg.sys
c:\windows\system32\SKYNETajbncubk.dll
c:\windows\system32\SKYNETegteawpr.dat
c:\windows\system32\SKYNETjyxjfykd.dll
c:\windows\system32\SKYNETmqtvehlx.dat
D:\Desktop.ini

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETmltnddbj


(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-15 au 2009-06-15  ))))))))))))))))))))))))))))))))))))
.

2009-06-15 02:02 . 2009-05-09 05:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-06-15 02:02 . 2009-05-09 05:50	915456	----a-w-	c:\windows\system32\wininet.dll
2009-06-15 01:53 . 2009-06-15 01:58	--------	d-----w-	c:\program files\Ad-remover
2009-06-15 00:57 . 2009-06-15 00:57	--------	d-----w-	C:\_OTMoveIt
2009-06-15 00:33 . 2009-06-15 01:55	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2009-06-15 00:33 . 2009-06-15 01:55	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-06-15 00:13 . 2009-06-15 00:13	--------	d-----w-	c:\program files\Trend Micro
2009-06-14 23:49 . 2009-06-14 23:49	--------	d-----w-	c:\users\Maxime\AppData\Roaming\Malwarebytes
2009-06-14 23:49 . 2009-05-26 17:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 23:49 . 2009-06-14 23:49	--------	d-----w-	c:\programdata\Malwarebytes
2009-06-14 23:49 . 2009-05-26 17:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-14 23:49 . 2009-06-14 23:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-14 23:28 . 2009-06-14 23:35	--------	d-----w-	c:\programdata\SITEguard
2009-06-14 23:27 . 2009-06-15 00:17	--------	d-----w-	c:\programdata\STOPzilla!
2009-06-14 23:27 . 2009-06-14 23:27	--------	d-----w-	c:\program files\Common Files\iS3
2009-06-14 19:40 . 2009-06-14 19:51	55052	----a-w-	c:\windows\War3Unin.dat
2009-06-14 19:40 . 2009-06-14 19:51	2829	----a-w-	c:\windows\War3Unin.pif
2009-06-14 19:40 . 2009-06-14 19:51	139264	----a-w-	c:\windows\War3Unin.exe
2009-06-14 19:37 . 2009-06-14 20:23	--------	d-----w-	c:\program files\Warcraft III
2009-06-13 21:54 . 2009-04-30 12:42	428032	----a-w-	c:\windows\system32\EncDec.dll
2009-06-13 21:54 . 2009-04-30 12:52	292352	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-13 21:54 . 2009-04-30 12:44	1244672	----a-w-	c:\windows\system32\mcmde.dll
2009-06-10 06:26 . 2009-04-21 12:04	2028032	----a-w-	c:\windows\system32\win32k.sys
2009-06-10 06:25 . 2009-04-23 12:56	696832	----a-w-	c:\windows\system32\localspl.dll
2009-06-10 06:25 . 2009-04-23 13:01	788992	----a-w-	c:\windows\system32\rpcrt4.dll
2009-05-26 04:18 . 2009-05-26 04:18	--------	d-----w-	c:\programdata\vsosdk
2009-05-26 02:18 . 2009-06-11 16:06	--------	d-----w-	c:\users\Maxime\AppData\Roaming\Vso
2009-05-26 02:18 . 2009-05-26 02:18	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2009-05-26 02:18 . 2009-05-26 02:18	47360	----a-w-	c:\users\Maxime\AppData\Roaming\pcouffin.sys
2009-05-26 02:18 . 2007-03-19 01:37	65602	----a-w-	c:\windows\system32\cook3260.dll
2009-05-26 02:18 . 2006-09-29 17:26	176165	----a-w-	c:\windows\system32\drv23260.dll
2009-05-26 02:18 . 2006-09-29 17:25	208935	----a-w-	c:\windows\system32\drv33260.dll
2009-05-26 02:18 . 2006-09-29 17:24	217127	----a-w-	c:\windows\system32\drv43260.dll
2009-05-26 02:18 . 2002-12-10 07:20	102439	----a-w-	c:\windows\system32\sipr3260.dll
2009-05-26 02:18 . 2006-05-20 21:16	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2009-05-26 02:18 . 2006-05-12 00:21	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2009-05-26 02:18 . 2009-05-26 02:18	--------	d-----w-	c:\program files\VSO
2009-05-20 17:01 . 2009-05-25 03:27	--------	d-----w-	c:\users\Maxime\AppData\Roaming\Mount&Blade
2009-05-19 20:50 . 2009-06-09 21:30	--------	d-----w-	c:\program files\Savage 2 - A Tortured Soul
2009-05-19 02:46 . 2009-05-19 02:49	--------	d-----w-	c:\program files\Aquaria

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 03:08 . 2009-05-28 05:48	31966	----a-w-	c:\programdata\nvModes.dat
2009-06-15 01:13 . 2008-12-01 16:14	--------	d-----w-	c:\program files\CCleaner
2009-06-14 20:06 . 2007-12-11 23:06	--------	d-----w-	c:\program files\Starcraft
2009-06-08 01:32 . 2008-05-20 20:29	--------	d-----w-	c:\program files\Diablo II
2009-05-28 05:48 . 2007-08-20 16:13	--------	d-----w-	c:\programdata\NVIDIA
2009-05-28 05:36 . 2008-09-29 00:01	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-05-28 05:36 . 2008-09-28 20:37	--------	d-----w-	c:\program files\AGEIA Technologies
2009-05-28 05:15 . 2008-07-18 15:13	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-05-27 02:27 . 2008-05-23 00:55	--------	d-----w-	c:\users\Maxime\AppData\Roaming\NeroDCTemplates
2009-05-26 02:19 . 2007-08-20 14:32	699984	----a-w-	c:\windows\system32\perfh00C.dat
2009-05-26 02:19 . 2007-08-20 14:32	121814	----a-w-	c:\windows\system32\perfc00C.dat
2009-05-25 18:56 . 2008-09-30 19:54	--------	d-----w-	c:\program files\Cyanide
2009-05-21 15:53 . 2007-08-20 16:00	129736	----a-w-	c:\users\Maxime\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-21 15:45 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Microsoft Games
2009-05-19 02:20 . 2009-05-14 05:03	--------	d-----w-	c:\program files\Mount&Blade
2009-05-16 17:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-12 04:55 . 2009-05-12 04:42	--------	d-----w-	c:\program files\Mediafour
2009-05-12 04:43 . 2007-09-24 02:11	--------	d-----w-	c:\users\Maxime\AppData\Roaming\U3
2009-05-05 19:41 . 2009-05-05 19:22	--------	d-----w-	c:\users\Maxime\AppData\Roaming\Braid
2009-05-03 17:26 . 2007-08-20 15:53	1356	----a-w-	c:\users\Maxime\AppData\Local\d3d9caps.dat
2009-05-03 10:06 . 2007-08-23 01:36	--------	d-----w-	c:\users\Maxime\AppData\Roaming\LimeWire
2009-05-01 04:08 . 2009-05-01 04:08	1505824	----a-w-	c:\windows\system32\nvcpluir.dll
2009-05-01 04:08 . 2009-05-01 04:08	1194528	----a-w-	c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2009-05-01 04:08	1358368	----a-w-	c:\windows\system32\nvsvsr.dll
2009-05-01 04:08 . 2009-05-01 04:08	1292832	----a-w-	c:\windows\system32\nvsvs.dll
2009-05-01 02:02 . 2009-05-01 02:02	9850016	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02	663552	----a-w-	c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02	457248	----a-w-	c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02	4224	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2009-05-01 02:02	3128320	----a-w-	c:\windows\system32\nvwgf2um.dll
2009-05-01 02:02 . 2009-05-01 02:02	1704960	----a-w-	c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02	143360	----a-w-	c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02	143360	----a-w-	c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02	1314816	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02	10366976	----a-w-	c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2008-09-17 13:55	7593472	----a-w-	c:\windows\system32\nvd3dum.dll
2009-05-01 02:02 . 2007-07-07 00:15	983552	----a-w-	c:\windows\system32\nvapi.dll
2009-04-27 04:42 . 2007-09-12 09:28	457248	----a-w-	c:\windows\system32\nvuninst.exe
2009-04-22 20:04 . 2009-04-22 19:48	--------	d-----w-	c:\program files\UseNeXT
2009-04-22 19:57 . 2009-04-22 19:48	--------	d-----w-	c:\users\Maxime\AppData\Roaming\UseNeXT
2009-04-20 21:37 . 2009-04-20 21:37	--------	d-----w-	c:\programdata\dbg
2009-04-20 11:52 . 2009-04-20 11:40	--------	d-----w-	c:\program files\Demigod
2009-04-20 03:35 . 2009-04-20 03:35	--------	d-----w-	c:\program files\The Learning Company
2009-04-20 02:09 . 2009-04-20 02:09	--------	d-----w-	c:\program files\Maxis
2009-04-20 01:13 . 2008-01-10 21:26	--------	d-----w-	c:\program files\Mario Forever 2
2009-04-20 00:34 . 2007-08-20 05:07	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-04-20 00:33 . 2009-04-20 00:33	--------	d-----w-	c:\program files\Enlight
2009-04-18 15:13 . 2007-11-07 03:09	--------	d-----w-	c:\users\Maxime\AppData\Roaming\Winamp
2009-04-18 13:38 . 2008-05-22 17:16	--------	d-----w-	c:\program files\Xvid
2009-04-15 21:35 . 2009-04-15 21:21	33926	----a-w-	c:\windows\scunin.dat
2009-04-15 21:35 . 2009-04-15 21:21	967	----a-w-	c:\windows\ScUnin.pif
2009-04-15 21:35 . 2009-04-15 21:21	70656	----a-w-	c:\windows\ScUnin.exe
2009-04-03 16:39 . 2009-04-03 16:39	70936	----a-w-	c:\windows\system32\PhysXLoader.dll
2007-08-20 18:49 . 2007-08-20 18:49	22	--sha-w-	c:\windows\SMINST\HPCD.sys
2007-08-20 14:35 . 2007-08-20 14:35	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-13 1232896]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-23 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96FFC25D-9BA5-4E18-A63F-C2B47C51DC98}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{42E33277-CF7A-4BD4-BEDA-31D4BDC33D16}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0582DEFD-39BC-42CA-8A6A-D1FAE43876D5}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D6C10447-988C-404B-9852-7FD12C8C05D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{C981CE8D-7FAB-427C-80FF-2F50019EF934}c:\program files\bitlord\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5B02C071-B093-4693-A531-7C39707534D3}c:\program files\bitlord\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{6539B540-7866-49A0-9789-AC4548A2C21D}c:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{894DB543-F803-4B3D-BE30-CB6FE7B2B9E1}c:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.3.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{41068669-EEF3-423B-8FDE-32C0D4AF74B1}c:\program files\bitlord\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{EFD19B5E-7616-4D3F-AD9E-232F6354D457}c:\program files\bitlord\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{CBFE4249-CC95-40EC-9BE7-6D2FEA8B6B68}c:\program files\limewire\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{926E6F08-B7B5-433C-A927-B25E2D08449F}c:\program files\limewire\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{4A13E72B-C8E2-4B10-9D9B-C8CBF8B5AFAD}c:\program files\utorrent\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A2D39607-7747-4732-A73C-BFBEEB177E29}c:\program files\utorrent\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{03533B04-FD93-43EE-A2E5-327284D6B6F7}c:\windows\system32\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{0E8E9FA5-F4AD-4A43-B9A5-638C7B889228}c:\windows\system32\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{8A856121-CA40-430B-9860-6E3B123F0BF7}c:\program files\black isle\bgii - soa\bgmain.exe"= UDP:c:\program files\black isle\bgii - soa\bgmain.exe:Baldur's Gate II - Shadows of Amn - Throne of Bhaal
"UDP Query User{C7AA519D-D85D-4BCC-9672-15F54870F3FD}c:\program files\black isle\bgii - soa\bgmain.exe"= TCP:c:\program files\black isle\bgii - soa\bgmain.exe:Baldur's Gate II - Shadows of Amn - Throne of Bhaal
"TCP Query User{0F9FCFF9-A3F8-4ECD-881D-F66D76DA0F9C}c:\program files\electronic arts\eadm\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2B7394E0-72BA-4273-B21E-3CA6AE159F4B}c:\program files\electronic arts\eadm\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{502BA1E1-93EF-4BB0-82EF-5FB92F265D64}"= UDP:c:\program files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"{875769F0-AC9A-427D-B782-1B236C8BAAE0}"= TCP:c:\program files\SEGA\Medieval II Total War\medieval2.exe:Medieval II Total War
"TCP Query User{299F5EB3-A212-458A-B1BF-50F6D7C33E88}c:\users\maxime\desktop\diablo3-gameplaytrailer_en-gb-downloader.exe"= UDP:c:\users\maxime\desktop\diablo3-gameplaytrailer_en-gb-downloader.exe:diablo3-gameplaytrailer_en-gb-downloader.exe
"UDP Query User{AF3BEB26-31EC-4CFB-8CBE-B3E19E6ECDDB}c:\users\maxime\desktop\diablo3-gameplaytrailer_en-gb-downloader.exe"= TCP:c:\users\maxime\desktop\diablo3-gameplaytrailer_en-gb-downloader.exe:diablo3-gameplaytrailer_en-gb-downloader.exe
"TCP Query User{46CE8C38-C8BD-4423-A119-5CB2492A0661}c:\users\maxime\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe"= UDP:c:\users\maxime\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe:diablo3-cinematictrailer_fr-fr-downloader.exe
"UDP Query User{F3E06718-1EB8-4B21-B9BC-F5739316BDC1}c:\users\maxime\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe"= TCP:c:\users\maxime\desktop\diablo3-cinematictrailer_fr-fr-downloader.exe:diablo3-cinematictrailer_fr-fr-downloader.exe
"TCP Query User{5389859D-9F37-460B-87BE-8FD8AC131E6D}c:\program files\thq\titan quest immortal throne\tqit_.exe"= UDP:c:\program files\thq\titan quest immortal throne\tqit_.exe:Tqit_
"UDP Query User{FD244000-006D-4613-97F3-D6F08C9BD88A}c:\program files\thq\titan quest immortal throne\tqit_.exe"= TCP:c:\program files\thq\titan quest immortal throne\tqit_.exe:Tqit_
"TCP Query User{90C227C7-0B76-41C1-BEED-CD7A21D1E3BB}c:\program files\diablo ii\game.exe"= UDP:c:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{4FB18D11-94EB-4CDD-9D42-F7B7D0725D6E}c:\program files\diablo ii\game.exe"= TCP:c:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{A5B1A772-E806-47AB-AD56-303F270B0048}c:\program files\electronic arts\eadm\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{929A0415-45F7-4175-9C82-A75F84908F2C}c:\program files\electronic arts\eadm\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{065B4F68-9C62-4F61-9902-3CE2223C680B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8A1E4E1D-A6B7-4061-BA00-3F10D5F2D5CD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{0ABFCE9C-5093-454E-AEE5-A48D0BC3E1A3}c:\program files\starcraft\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{5F208BEF-BC3C-4672-BF9F-612D72C440D7}c:\program files\starcraft\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{312073F7-4C6C-4FEA-8B7A-231421435807}c:\program files\microsoft games\age of empires ii\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{A831F62B-D07B-480D-A179-E633F8F17F62}c:\program files\microsoft games\age of empires ii\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{A047BA00-7B29-4AAD-A6D2-12994D0C42D4}c:\program files\monte cristo\silverfall\silverfall.exe"= UDP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"UDP Query User{1E4A5EDE-6821-471B-9124-FBD51EAE5711}c:\program files\monte cristo\silverfall\silverfall.exe"= TCP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"{0FDC46D3-E019-4FC7-9587-0E77ED81DFEB}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{8BAD3408-09C0-4B09-98C0-B72B4DC9557E}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{56DA23CA-3B75-46E2-B97D-A373AC36166E}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{503287E0-B460-48CE-99A1-C8FEB55D35F5}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{DBD45C3B-50CF-4BBE-B8A6-7708BB850A65}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{1A5DBA32-9790-4CCB-A2BC-CC17FB34550B}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{2C4FE4BE-E5B5-404A-8341-905B14A4C394}c:\program files\cyanide\loki\loki.exe"= UDP:c:\program files\cyanide\loki\loki.exe:Loki
"UDP Query User{A81D4463-E265-4DA9-9A92-7A77312AAE2F}c:\program files\cyanide\loki\loki.exe"= TCP:c:\program files\cyanide\loki\loki.exe:Loki
"{B84DDA7E-C789-4A70-A46B-E4AAA9CEC7E7}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{CA46A858-D53A-402D-8CEE-D1DF8962C4C2}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"TCP Query User{163D358B-4A3A-4DA8-8CCB-E251E7BF6426}c:\users\maxime\desktop\diablo3-wizardtrailer_fr-fr-downloader.exe"= UDP:c:\users\maxime\desktop\diablo3-wizardtrailer_fr-fr-downloader.exe:diablo3-wizardtrailer_fr-fr-downloader.exe
"UDP Query User{559908C7-58F2-4638-8AEF-1CB087AFDEAB}c:\users\maxime\desktop\diablo3-wizardtrailer_fr-fr-downloader.exe"= TCP:c:\users\maxime\desktop\diablo3-wizardtrailer_fr-fr-downloader.exe:diablo3-wizardtrailer_fr-fr-downloader.exe
"TCP Query User{05AB690D-EA43-410D-BCEC-3FA964784FB5}c:\program files\limewire\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C2A76E84-D40F-467B-81AC-AB5F21CAB403}c:\program files\limewire\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{0EC0F2D5-9277-4720-84C3-2A6E223EC912}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E1AE9A0E-6AD5-4A04-9EA6-83B4F75A4D70}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{B2974053-7BC6-4B62-ADF9-432EF4B57D91}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{DD944348-05D4-4AC8-9FEA-DD9D6C8E4AD7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{45E50B6B-69B7-4EA9-9FA6-A8647FC959B2}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{B9F81107-8319-4330-A92F-F2B0EAB1E5FC}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{4217EDB8-CD07-4A67-8571-B6C15AFF0E5C}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{0EF12C00-AE89-417B-8B3A-AD8476417223}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{8BAA7B1F-138D-4CDE-841A-0932937533BC}c:\users\maxime\desktop\tlkedit-r13b\tlkedit.exe"= UDP:c:\users\maxime\desktop\tlkedit-r13b\tlkedit.exe:tlkedit.exe
"UDP Query User{487C5049-E97D-47A0-8570-FBD2F80298B7}c:\users\maxime\desktop\tlkedit-r13b\tlkedit.exe"= TCP:c:\users\maxime\desktop\tlkedit-r13b\tlkedit.exe:tlkedit.exe
"TCP Query User{26C033DC-7288-4DFD-B4E1-163BE7CD8171}c:\users\maxime\desktop\tlkedit-r13b\tlkedit2.exe"= UDP:c:\users\maxime\desktop\tlkedit-r13b\tlkedit2.exe:tlkedit2.exe
"UDP Query User{888E1438-F95A-486E-B719-AF259929C9FF}c:\users\maxime\desktop\tlkedit-r13b\tlkedit2.exe"= TCP:c:\users\maxime\desktop\tlkedit-r13b\tlkedit2.exe:tlkedit2.exe
"TCP Query User{5148D001-9DE5-4B5C-9474-F69C4FCF4DA5}c:\program files\atari\tlkedit-r13b\tlkedit2.exe"= UDP:c:\program files\atari\tlkedit-r13b\tlkedit2.exe:TlkEdit2
"UDP Query User{9CEB928C-FD55-49A1-9A47-1F25E33F4E6A}c:\program files\atari\tlkedit-r13b\tlkedit2.exe"= TCP:c:\program files\atari\tlkedit-r13b\tlkedit2.exe:TlkEdit2
"TCP Query User{9232904F-6CC6-4560-AD2B-2AC15A757770}c:\program files\atari\tlkedit-r13b\tlkedit.exe"= UDP:c:\program files\atari\tlkedit-r13b\tlkedit.exe:TlkEdit
"UDP Query User{1D768EB1-3CE2-49FD-8299-AFB81A913239}c:\program files\atari\tlkedit-r13b\tlkedit.exe"= TCP:c:\program files\atari\tlkedit-r13b\tlkedit.exe:TlkEdit
"{FB4E3DB6-95F6-4423-9F36-12CB9D2E6511}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{B2A124C1-0F92-43B2-A59A-61F8D0A58839}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{DD12CC4E-A3D6-4865-9262-1F3118B1C50C}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{A69DB30B-FC06-453F-BB76-9A240EBCB8BC}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"TCP Query User{1FC498A5-9FC8-4820-B25B-FF6AE6990C22}c:\users\maxime\desktop\sc2-battlereport-2_pegi-downloader.exe"= UDP:c:\users\maxime\desktop\sc2-battlereport-2_pegi-downloader.exe:sc2-battlereport-2_pegi-downloader.exe
"UDP Query User{CCF2DE2C-7A29-402A-B52C-AAEE6886BC7A}c:\users\maxime\desktop\sc2-battlereport-2_pegi-downloader.exe"= TCP:c:\users\maxime\desktop\sc2-battlereport-2_pegi-downloader.exe:sc2-battlereport-2_pegi-downloader.exe
"TCP Query User{EDA128A5-E571-4C29-810E-7AC9590F7453}c:\windows\system32\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{4C0EDCB9-D906-4EBD-85A6-A6D887F2B5C6}c:\windows\system32\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{98FF359D-73C3-4A2F-812D-FB8690854CDD}c:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe"= UDP:c:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe:Warlords Battlecry III
"UDP Query User{BF48FCA1-AB25-4A06-9F50-11AB18EA5C83}c:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe"= TCP:c:\program files\enlight\infinite interactive\warlords battlecry iii\battlecry iii.exe:Warlords Battlecry III
"TCP Query User{1F73C898-0954-4E10-8D7A-3CC9FB609192}l:\bin\demigod.exe"= UDP:l:\bin\demigod.exe:Demigod Application
"UDP Query User{3B6AC7AF-3F3C-42F7-8990-29055627BFD2}l:\bin\demigod.exe"= TCP:l:\bin\demigod.exe:Demigod Application
"TCP Query User{5F07ADC5-C2D2-40BE-9F0A-49FA890744A1}c:\program files\demigod\bin\demigod.exe"= UDP:c:\program files\demigod\bin\demigod.exe:Demigod Application
"UDP Query User{43CF0CE6-D42C-42A3-902A-5C40BC85BC27}c:\program files\demigod\bin\demigod.exe"= TCP:c:\program files\demigod\bin\demigod.exe:Demigod Application
"TCP Query User{8EA0869D-5CAD-4B49-947F-5ED718A3A372}c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume_sse2.exe"= UDP:c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume_sse2.exe:desmume_sse2.exe
"UDP Query User{F10ECC60-A7A3-4863-9DBF-C9F20CFA521C}c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume_sse2.exe"= TCP:c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume_sse2.exe:desmume_sse2.exe
"TCP Query User{3BE18F0B-4989-41E5-8BE2-B3B604FEA387}c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume.exe"= UDP:c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume.exe:desmume.exe
"UDP Query User{BEC7B6CC-F28F-45D8-A686-59B840801F06}c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume.exe"= TCP:c:\users\maxime\desktop\stade de gravure wii\emulateur\nds\desmume.exe:desmume.exe
"TCP Query User{06E40F1F-0ABF-4064-9178-423C8FDE5D0B}c:\program files\savage 2 - a tortured soul\savage2.exe"= UDP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{12E2A605-2AC4-416C-9AA7-4FB2FBE3626B}c:\program files\savage 2 - a tortured soul\savage2.exe"= TCP:c:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"{95488186-FCF5-4F6E-B3D5-D5BA8220B7D1}"= UDP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"{578CCB37-3C27-48DC-9A08-CBA9DD6769B9}"= TCP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"TCP Query User{5650F85E-B810-40EA-9DA4-934131643779}c:\program files\atari\tlkedit-r13b\tlkedit2.exe"= UDP:c:\program files\atari\tlkedit-r13b\tlkedit2.exe:TlkEdit2
"UDP Query User{953E0376-8F43-40FB-B9C2-B31677970967}c:\program files\atari\tlkedit-r13b\tlkedit2.exe"= TCP:c:\program files\atari\tlkedit-r13b\tlkedit2.exe:TlkEdit2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 acedrv11;acedrv11;c:\windows\System32\drivers\ACEDRV11.sys [2008-01-23 501560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{BF2F8DEC-4B3F-4D62-BDBD-E60CBC8051E8}.job
- c:\windows\system32\msfeedssync.exe [2009-06-15 11:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rds.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=73&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\users\Maxime\AppData\Roaming\Mozilla\Firefox\Profiles\9lk039z7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.rds.ca/
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 23:23
Windows 6.0.6000  NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 


c:\windows\TEMP\TMP0000001E3B5CDFCD1AA03227 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-570582801-723735634-2208069505-1000\Software\SecuROM\License information*]
"datasecu"=hex:35,a5,d9,45,17,ec,e6,a9,6b,ff,23,09,02,40,f4,24,5c,63,f5,2c,34,
   3b,b6,66,a8,ca,f6,f4,a0,ef,ce,e2,e3,0b,5a,80,43,6f,7b,9e,73,51,86,62,18,02,\
"rkeysecu"=hex:9a,70,1e,37,6f,6d,f7,7b,76,20,c8,8d,f6,c4,ae,a4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-06-15 23:25
ComboFix-quarantined-files.txt  2009-06-15 03:25

Avant-CF: 63 543 488 512 octets libres
Après-CF: 63 563 415 552 octets libres

313	--- E O F ---	2009-06-15 02:03

lesane662 · Answer

Pour combofix je peu pas te dire grand chose car je ne connais pas encore ce logiciel (je suis encore en formation)

Mais pour USBFix oui , si tu as des disque amovible du genre clé usb, disque dure externe .................. branche les et fais ce que je t'ai indiqué avec USBFix

Max186 · Answer

daccord la jai travaillé toute la journée et je travaille encore mais dans 3 heure je vais faire sa!

Max186 · Answer

j'ai fini trop tard du travail et je retravail encore..eje vais faire sa ce soir... :(

lesane662 · Answer

OK pas de problème !

Virus? trojan? ( redirection sur google(

24 réponses

Votre réponse

Discussions similaires

Newsletters