Ordinateur qui délire ???
Fermé
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
-
10 août 2009 à 23:03
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 - 11 août 2009 à 20:28
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 - 11 août 2009 à 20:28
A voir également:
- Ordinateur qui délire ???
- Ordinateur qui rame - Guide
- Ordinateur ecran noir - Guide
- Comment réinitialiser un ordinateur - Guide
- Cpu ordinateur - Guide
- Snapchat sur ordinateur - Télécharger - Messagerie
14 réponses
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
10 août 2009 à 23:09
10 août 2009 à 23:09
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
10 août 2009 à 23:13
10 août 2009 à 23:13
merci de ta rapidité
Rapport GenProc 2.613 [1] - 2009-08-10 à 17:11:40
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]
~~ CM DISK ERROR ~~
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri) sur le Bureau.
- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.
- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
ComboFix (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Yas *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.
# Etape 3/
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le Bureau. Exécute l'option R : si l'infection est détectée, exécute l'option N. Sauvegarde ce rapport sur ton bureau.
# Etape 4/
Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.
# Etape 5/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 6/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 7/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport rapport.txt situé sur le Bureau ;
- Le contenu du rapport msnfix.txt situé dans C:\Windows ;
- Le contenu du rapport Yoog.txt situé sur le Bureau ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.613 2009-08-10 à 17:11:55
Smitfraud:le 2009-08-10 à 17:12:25 "C:\Windows\System32\msxml71.dll"
MSNFix:le 2009-08-10 à 17:12:30 "C:\Windows\System32\ACER.exe"
Yoog:le 2009-08-10 à 17:12:34 "C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\searchplugins\Yoog Search.xml "
TDSS:le 2009-08-10 à 17:12:34 PFROP Skynet*
TDSS:le 2009-08-10 à 17:12:34 PFROP UAC*
Rapport GenProc 2.613 [1] - 2009-08-10 à 17:11:40
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]
~~ CM DISK ERROR ~~
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri) sur le Bureau.
- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.
- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
ComboFix (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Yas *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).
# Etape 2/
Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.
# Etape 3/
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le Bureau. Exécute l'option R : si l'infection est détectée, exécute l'option N. Sauvegarde ce rapport sur ton bureau.
# Etape 4/
Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.
# Etape 5/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 6/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 7/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport rapport.txt situé sur le Bureau ;
- Le contenu du rapport msnfix.txt situé dans C:\Windows ;
- Le contenu du rapport Yoog.txt situé sur le Bureau ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.613 2009-08-10 à 17:11:55
Smitfraud:le 2009-08-10 à 17:12:25 "C:\Windows\System32\msxml71.dll"
MSNFix:le 2009-08-10 à 17:12:30 "C:\Windows\System32\ACER.exe"
Yoog:le 2009-08-10 à 17:12:34 "C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\searchplugins\Yoog Search.xml "
TDSS:le 2009-08-10 à 17:12:34 PFROP Skynet*
TDSS:le 2009-08-10 à 17:12:34 PFROP UAC*
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
10 août 2009 à 23:16
10 août 2009 à 23:16
suit ces manips
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
10 août 2009 à 23:27
10 août 2009 à 23:27
le lien pour le MSNFiX ne marche pas..
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
10 août 2009 à 23:55
10 août 2009 à 23:55
Bon encore une problème. Jai tout installer sauf MSN fix puisqu'il ne marche pas, mais la j'ai un autre probleme. Aussitot que j'essaie d'ouvrir Smitfraudfix, combofix et Yoog_fix, les programmes ferment automatiquement avec un message d'erreur "Smitfraudfix.exe a cessé de fonctionner.".......
Je commence a désespérer !
Je commence a désespérer !
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
11 août 2009 à 00:17
11 août 2009 à 00:17
en mode sans echec ?
non, alors relis
non, alors relis
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
11 août 2009 à 00:40
11 août 2009 à 00:40
Oui oui !! En mode sans échec, Combofix ne veut pas démarrer.. Et j'ai laisser YoogFix rouler pendant plus de 20 minutes sans avoir de nouvelles...
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
11 août 2009 à 01:07
11 août 2009 à 01:07
clique droit sur combofix.exe (en mode sans echec)
renomme le en Winlogon.exe
valide
clique droit sur Winlogon.exe (en mode sans echec toujours)
choisi exécuter en tant qu'administrateur
le scan dure 10 à 20 minutes après prévoir 1 voir 2 redémarrages
poste le rapport qui s'ouvrira .
renomme le en Winlogon.exe
valide
clique droit sur Winlogon.exe (en mode sans echec toujours)
choisi exécuter en tant qu'administrateur
le scan dure 10 à 20 minutes après prévoir 1 voir 2 redémarrages
poste le rapport qui s'ouvrira .
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
11 août 2009 à 05:51
11 août 2009 à 05:51
Bon.. jai fait les scans avec smitfraudfix et jai enfin réussi avec combofix !!!!! Et résultat... MES MOTEURS DE RECHERCHES FONCTIONNENT A NOUVEAU !!!
Merci beaucoup a toi.. je vais poster tout de même mes .Logs des deux programmes... Merci :)
Mes 2 prochains posts seront respectivement mes logs smitfraudfix et combofix.
Merci beaucoup a toi.. je vais poster tout de même mes .Logs des deux programmes... Merci :)
Mes 2 prochains posts seront respectivement mes logs smitfraudfix et combofix.
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
11 août 2009 à 05:52
11 août 2009 à 05:52
mitFraudFix v2.422
Scan done at 18:09:00,23, 2009-08-10
Run from C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Windows\system32\msxml71.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 18:09:00,23, 2009-08-10
Run from C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Windows\system32\msxml71.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
11 août 2009 à 05:52
11 août 2009 à 05:52
ComboFix 09-08-10.01 - Yas 2009-08-10 23:29.1.2 - NTFSx86
Lancé depuis: c:\users\Yas\Desktop\Winlogon.exe.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
?
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-07-11 au 2009-08-11 ))))))))))))))))))))))))))))))))))))
.
2009-08-11 03:38 . 2009-08-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:57 . 2009-08-10 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 21:31 . 2009-08-10 22:14 -------- d-----w- C:\Yoog_Fix
2009-08-10 21:11 . 2009-08-10 21:11 -------- d-----w- C:\Genproc
2009-08-10 20:35 . 2009-08-10 20:13 144896 ----a-w- c:\windows\msb.exe
2009-08-10 20:12 . 2009-08-10 20:12 20480 ------w- c:\windows\system32\UACobtfyownvn.dll
2009-08-10 20:11 . 2009-08-10 20:12 30208 ----a-w- c:\windows\system32\UACdbffslhspv.dll
2009-08-10 20:11 . 2009-08-10 20:11 144896 ----a-w- c:\windows\msa.exe
2009-08-10 20:11 . 2009-08-10 20:11 207364 ----a-w- c:\windows\system32\msxml71.dll
2009-08-10 20:11 . 2009-08-10 20:11 269 ----a-w- c:\windows\system32\UACxudxuremsy.dat
2009-08-10 20:11 . 2009-08-10 22:38 6462 ----a-w- c:\windows\system32\uacinit.dll
2009-08-10 20:11 . 2009-08-10 22:38 74240 ----a-w- c:\windows\system32\UACtwucqbpmns.dll
2009-08-10 20:11 . 2009-08-10 20:11 26624 ----a-w- c:\windows\system32\UACkqpdcycksx.dll
2009-08-10 20:11 . 2009-08-10 20:11 54784 ----a-w- c:\windows\system32\drivers\UACcpixcstoce.sys
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\Norton
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\program files\NortonInstaller
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-31 22:05 . 2009-08-10 18:08 58341 ----a-w- c:\windows\system32\u_vvtxijqtyysr.dll.exe
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\progra~2\WindowsSearch
2009-07-31 04:36 . 2009-07-31 04:36 -------- d-----w- c:\program files\uTorrent
2009-07-31 04:35 . 2009-08-10 22:38 -------- d-----w- c:\users\Yas\AppData\Roaming\uTorrent
2009-07-31 04:30 . 2009-07-31 04:30 -------- d-----w- c:\users\Yas\AppData\Roaming\DivX
2009-07-28 04:59 . 2009-07-28 05:00 -------- d-----w- c:\program files\Hero Editor
2009-07-28 04:59 . 2009-07-28 04:59 249856 ------w- c:\windows\Setup1.exe
2009-07-28 04:59 . 2009-07-28 04:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-15 23:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 23:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 23:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 23:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:50 . 2008-06-19 04:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 20:49 . 2008-06-19 04:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-10 20:43 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 20:43 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 20:22 . 2009-03-28 01:21 -------- d-----w- c:\progra~2\Skype
2009-08-10 20:21 . 2008-06-20 01:56 -------- d-----w- c:\program files\Yahoo!
2009-08-09 23:20 . 2008-06-25 19:13 -------- d-----w- c:\users\Yas\AppData\Roaming\LimeWire
2009-08-07 22:00 . 2007-12-21 05:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-06 20:05 . 2009-03-28 01:23 -------- d-----w- c:\users\Yas\AppData\Roaming\skypePM
2009-08-06 08:37 . 2008-06-19 18:59 -------- d-----w- c:\progra~2\Apple Computer
2009-08-05 22:06 . 2007-12-21 05:43 -------- d-----w- c:\progra~2\Symantec
2009-08-05 22:02 . 2008-08-17 06:37 -------- d-----w- c:\program files\Norton Security Scan
2009-08-04 21:13 . 2008-08-13 07:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-28 19:44 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 18:39 . 2009-06-13 21:01 680 ----a-w- c:\users\Yas\AppData\Local\d3d9caps.dat
2009-07-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 07:02 . 2007-12-21 05:34 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\users\Yas\AppData\Roaming\Malwarebytes
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-28 21:21 . 2008-06-19 20:36 27649 ----a-w- c:\users\Yas\AppData\Roaming\nvModes.dat
2009-06-27 04:58 . 2009-06-08 21:21 -------- d-----w- c:\program files\Starcraft
2009-06-23 20:48 . 2009-06-21 18:35 691 ----a-w- c:\users\Yas\AppData\Roaming\GetValue.vbs
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:27 3986 ----a-w- c:\windows\system32\tmp.reg
2009-06-21 18:31 . 2008-06-22 17:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\program files\SmitfraudFix
2009-06-21 17:50 . 2009-06-21 17:50 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Trend Micro
2009-06-19 20:36 . 2009-06-19 20:36 -------- d-----w- c:\program files\Alwil Software
2009-06-19 20:02 . 2009-03-03 01:35 -------- d-----w- c:\program files\KaraFun
2009-06-19 20:00 . 2007-12-21 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 19:59 . 2008-08-19 04:20 -------- d-----w- c:\program files\Google
2009-06-08 21:27 . 2009-06-08 21:22 32358 ----a-w- c:\windows\scunin.dat
2009-06-08 21:27 . 2009-06-08 21:22 967 ----a-w- c:\windows\ScUnin.pif
2009-06-08 21:27 . 2009-06-08 21:22 69632 ----a-w- c:\windows\ScUnin.exe
2009-06-02 15:17 . 2009-06-21 18:27 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-31 288048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-287840835-1693792894-3782310430-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E7B5DB18-5051-41B8-8F61-09EB5AA226D0}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{8A3E38F4-8A57-44B8-9C9B-0ABBB230E961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A0E23145-DDA0-46CF-B6BF-80B4900C4727}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7EADDB14-6E00-415F-846A-E34671397E6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{953592D6-13CD-4EB4-BF15-686D0A2EAD18}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{D2CE0D43-5B73-4C95-A672-D1280161408A}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{A7EAEA02-6951-4440-953E-2A5C5384EC12}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{502BA454-87D2-4C90-ACFB-46A1398F1025}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{946B8809-5DBB-4E00-A401-D5842C819B6C}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{B01A9C45-1A6B-47C6-85EF-88B18DAB59FC}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{CA2A1D44-9813-4EEB-9A07-20139F250223}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{8C921A04-8752-415F-9C72-2994E46F4EB5}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{074FD994-357B-4305-9A6F-BCFFD60303A7}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= UDP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"UDP Query User{7096A8B7-F688-4E58-B921-5A954DD612AA}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= TCP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"{0D0B273F-6849-4C41-AFFC-342DFD131502}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{960CB3CC-DD63-47B4-891C-51C75832C55D}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{7911E1E3-C163-4869-B6D5-2E12B1AE582B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D3E4A25B-0B6C-49F9-BF66-6EDF29783318}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C46B175F-9F32-4DA1-B07C-AC82E48C14A7}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A849B45C-C433-4F81-809D-39151A26B3AE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B6B2DA92-C1CE-46E0-9F40-EDBB08AECD4F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1DB6CB03-9946-4DE5-B244-BA8322B3CFA5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5E9A7807-E9DB-405C-AFFF-99F5F35BE47D}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= UDP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"UDP Query User{BCC0203F-8CC3-4669-A421-45C98064C7A9}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= TCP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"{A00234E9-70F6-443F-9CDD-E69ABB588F19}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{672BC997-615A-4479-B2F7-EA0013FD8A02}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{32F731D3-F181-4A41-959D-AF6AAF0F3D73}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{76855EAF-9DCF-4064-AD50-0AC22C83DCCD}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{C63016D4-CD35-449D-B9B8-F2EEB240F6F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{538C081E-DE31-46BB-B690-454436BF8D53}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B8A2F0BF-0C53-455A-A29F-D6AE0FBE20B1}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7275E529-68E4-4471-9760-793985B1DAF4}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{34EA8406-3470-466C-96F8-FFBFDD771FE7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{DCE87C74-8B93-48FE-8494-E9AE5C69BCC8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{C56772C9-D95C-4D76-8C51-DC88E2AEF737}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{687CCB87-45CD-4891-9246-11B0661C66F0}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{48AC174E-B5A3-4829-81A2-A254D37C072A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{775A237C-5755-495A-91F2-CA3ACD0B540A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{00C6903E-B027-4527-AFD9-DEB8F117A1F0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{7AE84740-6C06-470E-8B79-1C80A32278DC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{B9C32D6B-9173-42A2-AD4C-BD4ECCDF36B4}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{687E24BB-7C34-4F51-9547-95E45A150A0D}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{9D926585-1286-4989-A32C-2CD5D7F756B1}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{0AF53DC5-74C9-4868-8CDF-3B0D99748DC6}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{DB62CFDD-9C88-40DD-B381-AB422F05FEA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{70FB83C5-C43F-46A3-A88B-62EC090F745E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6EDE684F-6862-49D1-9B29-2AD426350618}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{065F31DD-D76C-445E-9913-C53E99DCB657}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EBCAAF9C-B32A-4BA5-8AC8-2EC940E407C3}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{D6CDB925-5D02-4178-A4B3-770DF1871AD3}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{AAA7C4CB-65C4-48E4-AB88-F31B48A6A7B9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{816A7B0A-7E2F-4BCA-AAB3-E81BDBBB9DB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{ADDA0A49-8F4A-4DF1-B3CC-6C83776EC754}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{138E4537-9A83-441D-AB00-8A88521775F8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-12-21 50688]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-06-19 233472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-21 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-12-21 43008]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-12-21 26368]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-12-21 42240]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
"imagepath"="\systemroot\system32\drivers\SKYNETtpdyrvii.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETtpdyrvii.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-08-11 23:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-08-11 03:48
Avant-CF: 72 687 267 840 octets libres
Après-CF: 72 322 076 672 octets libres
320 --- E O F --- 2009-08-10 18:09
Lancé depuis: c:\users\Yas\Desktop\Winlogon.exe.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
?
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-07-11 au 2009-08-11 ))))))))))))))))))))))))))))))))))))
.
2009-08-11 03:38 . 2009-08-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:57 . 2009-08-10 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 21:31 . 2009-08-10 22:14 -------- d-----w- C:\Yoog_Fix
2009-08-10 21:11 . 2009-08-10 21:11 -------- d-----w- C:\Genproc
2009-08-10 20:35 . 2009-08-10 20:13 144896 ----a-w- c:\windows\msb.exe
2009-08-10 20:12 . 2009-08-10 20:12 20480 ------w- c:\windows\system32\UACobtfyownvn.dll
2009-08-10 20:11 . 2009-08-10 20:12 30208 ----a-w- c:\windows\system32\UACdbffslhspv.dll
2009-08-10 20:11 . 2009-08-10 20:11 144896 ----a-w- c:\windows\msa.exe
2009-08-10 20:11 . 2009-08-10 20:11 207364 ----a-w- c:\windows\system32\msxml71.dll
2009-08-10 20:11 . 2009-08-10 20:11 269 ----a-w- c:\windows\system32\UACxudxuremsy.dat
2009-08-10 20:11 . 2009-08-10 22:38 6462 ----a-w- c:\windows\system32\uacinit.dll
2009-08-10 20:11 . 2009-08-10 22:38 74240 ----a-w- c:\windows\system32\UACtwucqbpmns.dll
2009-08-10 20:11 . 2009-08-10 20:11 26624 ----a-w- c:\windows\system32\UACkqpdcycksx.dll
2009-08-10 20:11 . 2009-08-10 20:11 54784 ----a-w- c:\windows\system32\drivers\UACcpixcstoce.sys
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\Norton
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\program files\NortonInstaller
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-31 22:05 . 2009-08-10 18:08 58341 ----a-w- c:\windows\system32\u_vvtxijqtyysr.dll.exe
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\progra~2\WindowsSearch
2009-07-31 04:36 . 2009-07-31 04:36 -------- d-----w- c:\program files\uTorrent
2009-07-31 04:35 . 2009-08-10 22:38 -------- d-----w- c:\users\Yas\AppData\Roaming\uTorrent
2009-07-31 04:30 . 2009-07-31 04:30 -------- d-----w- c:\users\Yas\AppData\Roaming\DivX
2009-07-28 04:59 . 2009-07-28 05:00 -------- d-----w- c:\program files\Hero Editor
2009-07-28 04:59 . 2009-07-28 04:59 249856 ------w- c:\windows\Setup1.exe
2009-07-28 04:59 . 2009-07-28 04:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-15 23:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 23:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 23:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 23:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:50 . 2008-06-19 04:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 20:49 . 2008-06-19 04:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-10 20:43 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 20:43 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 20:22 . 2009-03-28 01:21 -------- d-----w- c:\progra~2\Skype
2009-08-10 20:21 . 2008-06-20 01:56 -------- d-----w- c:\program files\Yahoo!
2009-08-09 23:20 . 2008-06-25 19:13 -------- d-----w- c:\users\Yas\AppData\Roaming\LimeWire
2009-08-07 22:00 . 2007-12-21 05:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-06 20:05 . 2009-03-28 01:23 -------- d-----w- c:\users\Yas\AppData\Roaming\skypePM
2009-08-06 08:37 . 2008-06-19 18:59 -------- d-----w- c:\progra~2\Apple Computer
2009-08-05 22:06 . 2007-12-21 05:43 -------- d-----w- c:\progra~2\Symantec
2009-08-05 22:02 . 2008-08-17 06:37 -------- d-----w- c:\program files\Norton Security Scan
2009-08-04 21:13 . 2008-08-13 07:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-28 19:44 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 18:39 . 2009-06-13 21:01 680 ----a-w- c:\users\Yas\AppData\Local\d3d9caps.dat
2009-07-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 07:02 . 2007-12-21 05:34 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\users\Yas\AppData\Roaming\Malwarebytes
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-28 21:21 . 2008-06-19 20:36 27649 ----a-w- c:\users\Yas\AppData\Roaming\nvModes.dat
2009-06-27 04:58 . 2009-06-08 21:21 -------- d-----w- c:\program files\Starcraft
2009-06-23 20:48 . 2009-06-21 18:35 691 ----a-w- c:\users\Yas\AppData\Roaming\GetValue.vbs
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:27 3986 ----a-w- c:\windows\system32\tmp.reg
2009-06-21 18:31 . 2008-06-22 17:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\program files\SmitfraudFix
2009-06-21 17:50 . 2009-06-21 17:50 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Trend Micro
2009-06-19 20:36 . 2009-06-19 20:36 -------- d-----w- c:\program files\Alwil Software
2009-06-19 20:02 . 2009-03-03 01:35 -------- d-----w- c:\program files\KaraFun
2009-06-19 20:00 . 2007-12-21 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 19:59 . 2008-08-19 04:20 -------- d-----w- c:\program files\Google
2009-06-08 21:27 . 2009-06-08 21:22 32358 ----a-w- c:\windows\scunin.dat
2009-06-08 21:27 . 2009-06-08 21:22 967 ----a-w- c:\windows\ScUnin.pif
2009-06-08 21:27 . 2009-06-08 21:22 69632 ----a-w- c:\windows\ScUnin.exe
2009-06-02 15:17 . 2009-06-21 18:27 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-31 288048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-287840835-1693792894-3782310430-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E7B5DB18-5051-41B8-8F61-09EB5AA226D0}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{8A3E38F4-8A57-44B8-9C9B-0ABBB230E961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A0E23145-DDA0-46CF-B6BF-80B4900C4727}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7EADDB14-6E00-415F-846A-E34671397E6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{953592D6-13CD-4EB4-BF15-686D0A2EAD18}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{D2CE0D43-5B73-4C95-A672-D1280161408A}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{A7EAEA02-6951-4440-953E-2A5C5384EC12}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{502BA454-87D2-4C90-ACFB-46A1398F1025}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{946B8809-5DBB-4E00-A401-D5842C819B6C}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{B01A9C45-1A6B-47C6-85EF-88B18DAB59FC}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{CA2A1D44-9813-4EEB-9A07-20139F250223}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{8C921A04-8752-415F-9C72-2994E46F4EB5}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{074FD994-357B-4305-9A6F-BCFFD60303A7}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= UDP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"UDP Query User{7096A8B7-F688-4E58-B921-5A954DD612AA}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= TCP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"{0D0B273F-6849-4C41-AFFC-342DFD131502}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{960CB3CC-DD63-47B4-891C-51C75832C55D}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{7911E1E3-C163-4869-B6D5-2E12B1AE582B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D3E4A25B-0B6C-49F9-BF66-6EDF29783318}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C46B175F-9F32-4DA1-B07C-AC82E48C14A7}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A849B45C-C433-4F81-809D-39151A26B3AE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B6B2DA92-C1CE-46E0-9F40-EDBB08AECD4F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1DB6CB03-9946-4DE5-B244-BA8322B3CFA5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5E9A7807-E9DB-405C-AFFF-99F5F35BE47D}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= UDP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"UDP Query User{BCC0203F-8CC3-4669-A421-45C98064C7A9}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= TCP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"{A00234E9-70F6-443F-9CDD-E69ABB588F19}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{672BC997-615A-4479-B2F7-EA0013FD8A02}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{32F731D3-F181-4A41-959D-AF6AAF0F3D73}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{76855EAF-9DCF-4064-AD50-0AC22C83DCCD}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{C63016D4-CD35-449D-B9B8-F2EEB240F6F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{538C081E-DE31-46BB-B690-454436BF8D53}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B8A2F0BF-0C53-455A-A29F-D6AE0FBE20B1}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7275E529-68E4-4471-9760-793985B1DAF4}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{34EA8406-3470-466C-96F8-FFBFDD771FE7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{DCE87C74-8B93-48FE-8494-E9AE5C69BCC8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{C56772C9-D95C-4D76-8C51-DC88E2AEF737}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{687CCB87-45CD-4891-9246-11B0661C66F0}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{48AC174E-B5A3-4829-81A2-A254D37C072A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{775A237C-5755-495A-91F2-CA3ACD0B540A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{00C6903E-B027-4527-AFD9-DEB8F117A1F0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{7AE84740-6C06-470E-8B79-1C80A32278DC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{B9C32D6B-9173-42A2-AD4C-BD4ECCDF36B4}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{687E24BB-7C34-4F51-9547-95E45A150A0D}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{9D926585-1286-4989-A32C-2CD5D7F756B1}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{0AF53DC5-74C9-4868-8CDF-3B0D99748DC6}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{DB62CFDD-9C88-40DD-B381-AB422F05FEA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{70FB83C5-C43F-46A3-A88B-62EC090F745E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6EDE684F-6862-49D1-9B29-2AD426350618}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{065F31DD-D76C-445E-9913-C53E99DCB657}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EBCAAF9C-B32A-4BA5-8AC8-2EC940E407C3}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{D6CDB925-5D02-4178-A4B3-770DF1871AD3}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{AAA7C4CB-65C4-48E4-AB88-F31B48A6A7B9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{816A7B0A-7E2F-4BCA-AAB3-E81BDBBB9DB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{ADDA0A49-8F4A-4DF1-B3CC-6C83776EC754}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{138E4537-9A83-441D-AB00-8A88521775F8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-12-21 50688]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-06-19 233472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-21 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-12-21 43008]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-12-21 26368]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-12-21 42240]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
"imagepath"="\systemroot\system32\drivers\SKYNETtpdyrvii.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETtpdyrvii.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-08-11 23:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-08-11 03:48
Avant-CF: 72 687 267 840 octets libres
Après-CF: 72 322 076 672 octets libres
320 --- E O F --- 2009-08-10 18:09
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
11 août 2009 à 10:22
11 août 2009 à 10:22
c'est pas terminé relance combofix encore une fois
puis lance yoog aussi
puis lance yoog aussi
Tehyas
Messages postés
15
Date d'inscription
dimanche 28 juin 2009
Statut
Membre
Dernière intervention
23 octobre 2009
11 août 2009 à 20:21
11 août 2009 à 20:21
Voici respectivement mes 2 nouveaux .log de yoog et ensuite dans le prochain post de combofix.
Yoog_Fix 3.0.1 de Batch_Man | Yas (Administrateur)
Debut a 13:12 le 2009-08-11
Microsoft® Windows Vista(6.0.6001)
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Ram : 2045,7 Mo
Fail-safe boot
Antivirus: ESET NOD32 Antivirus 3.0 3.0 (Activated)
UAC : OFF
Lancé de "C:\Users\Yas\Downloads\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:114371 Mo/Free:3432 Mo)
D:\ [Fixed] - NTFS - (Total:110787 Mo/Free:3721 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.5.2 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default
------------[Extensions Firefox]
[Yas] moveplayer@movenetworks.com = Move Media Player
{20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
ProductName = Adobe Shockwave Player
Vendor = Adobe Systems Inc
Version = 11.0.0.465
Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 8.1.1.10
Vendor = Apple Inc.
ProductName = DNA
Version = 1.0.0.1
Vendor = BitTorrent, Inc.
Path = C:\Program Files\DNA\plugins\npbtdna.dll
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX© Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
GeckoVersion = 1.7.2
Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
Vendor = VideoLAN
Version = 0.8.6h
------------[Plugins de recherche]
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[2009-07-30 19:41 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[2009-07-30 19:41 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[2009-05-01 17:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008-08-06 16:22 | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007-08-29 17:47 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008-11-23 22:00 | 410976 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-05-12 14:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009-05-18 18:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009-07-30 19:41 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 20:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007-05-10 23:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-05-01 17:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 7.0.6001.18000
L1 = HKLM\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
--------[Browser Helper Object]
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie)
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96},@SANS NOM=(valeur non d‚finie)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=(valeur non d‚finie)
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
--------[Extensions]
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[2009-08-10 18:14] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
[2009-08-10 18:31] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n2.txt - (Choix 1 : Recherche / Suppression)
[2009-08-11 13:20] C:\Yoog_Fix\Logs\Rapport_11_08_2009_n3.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_11_08_2009_3.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 13h 20min]
Yoog_Fix 3.0.1 de Batch_Man | Yas (Administrateur)
Debut a 13:12 le 2009-08-11
Microsoft® Windows Vista(6.0.6001)
Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Ram : 2045,7 Mo
Fail-safe boot
Antivirus: ESET NOD32 Antivirus 3.0 3.0 (Activated)
UAC : OFF
Lancé de "C:\Users\Yas\Downloads\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:114371 Mo/Free:3432 Mo)
D:\ [Fixed] - NTFS - (Total:110787 Mo/Free:3721 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.5.2 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default
------------[Extensions Firefox]
[Yas] moveplayer@movenetworks.com = Move Media Player
{20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
ProductName = Adobe Shockwave Player
Vendor = Adobe Systems Inc
Version = 11.0.0.465
Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 8.1.1.10
Vendor = Apple Inc.
ProductName = DNA
Version = 1.0.0.1
Vendor = BitTorrent, Inc.
Path = C:\Program Files\DNA\plugins\npbtdna.dll
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX© Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
GeckoVersion = 1.7.2
Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
Vendor = VideoLAN
Version = 0.8.6h
------------[Plugins de recherche]
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[2009-07-30 19:41 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[2009-07-30 19:41 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[2009-05-01 17:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008-08-06 16:22 | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007-08-29 17:47 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008-11-23 22:00 | 410976 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-05-12 14:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009-05-18 18:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009-07-30 19:41 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 20:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007-05-10 23:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-05-01 17:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 7.0.6001.18000
L1 = HKLM\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
--------[Browser Helper Object]
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie)
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96},@SANS NOM=(valeur non d‚finie)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=(valeur non d‚finie)
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
--------[Extensions]
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[2009-08-10 18:14] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
[2009-08-10 18:31] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n2.txt - (Choix 1 : Recherche / Suppression)
[2009-08-11 13:20] C:\Yoog_Fix\Logs\Rapport_11_08_2009_n3.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_11_08_2009_3.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 13h 20min]
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
11 août 2009 à 20:28
11 août 2009 à 20:28
ok, j'attends combofix