Sujet Précédent Sujet Suivant

Seekservice114

strictmaximum Messages postés 111 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
Voilà, j'ai eu l'autre jour une requête de seekservice 114 qui demandait à se connecter à internet, heureusement "zone alarm" m'a averti, j'ai refusé...
Ensuite pour supprimer cet "exe" j'ai dû employer "file assassin" car il me fallait une autorisation pour le virer !
Si je l'ai supprimé c'est que j'ai lu sur d'autres forums que c'était un virus, mais il fallait faire des analyses "hijackis" et envoyer le rapport etc.
J'ai préféré le virer moi-même ...
Est-ce que quelqu'un sait vraiment ce que c'est que ce truc qui cherche à se connecter à internet et revient puisqu'en une semaine je l'ai viré deux fois ! Et d'où il peut provenir ...

merci d'avance

Strictmaximum

43 réponses

Précédent
Réponse 21 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Oui il est bien compatible Vista
0
Réponse 22 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
ok ça je l'ai et je connais bien malwarbyte je vais le faire, mais demain là dodo ! je te tiens au courant via le forum ...
Encore merci de te soucier de mes problème à cette heure tardive !

cïao
0
Réponse 23 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok ;-)

A demain
0
Réponse 24 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
Geoffrey5 bonjour, le seul scan qui a marché c'est avec combofix voilà le rapport ...

ComboFix 09-08-10.06 - Pc de wam 15/08/2009 11:47.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1828 [GMT 2:00]
Running from: c:\users\Pc de wam\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 09:14 . 2008-06-05 16:18 5737 ----a-w- c:\users\Valerie\AppData\Local\gnc.exe
2009-08-15 09:14 . 2008-06-05 16:18 5737 ----a-w- c:\users\Administrateur\AppData\Local\gnc.exe
2009-08-15 09:01 . 2009-08-15 09:22 -------- d-----w- c:\program files\Navilog1
2009-08-14 23:57 . 2009-08-14 23:57 -------- d-----w- c:\program files\trend micro
2009-08-14 23:57 . 2009-08-14 23:57 -------- d-----w- C:\rsit
2009-08-13 17:25 . 2009-08-13 17:25 -------- d-----w- c:\users\Valerie\AppData\Roaming\Malwarebytes
2009-08-13 15:02 . 2009-08-13 15:02 -------- d-----w- c:\program files\Windows Media Components
2009-08-13 08:40 . 2009-08-13 08:40 -------- d-----w- c:\program files\Maïdo Production
2009-08-12 19:24 . 2009-08-12 19:24 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-08-09 18:27 . 2009-08-09 18:27 -------- d-----w- c:\programdata\Apowersoft
2009-08-08 14:30 . 2009-08-08 14:30 -------- d-----w- c:\program files\PCPitstop
2009-08-08 07:08 . 2009-08-08 07:08 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\IObit
2009-08-08 07:08 . 2009-08-08 07:08 -------- d-----w- c:\program files\IObit
2009-08-06 11:48 . 2009-08-06 11:56 -------- d-----w- c:\program files\PhotoFiltre
2009-08-06 09:48 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-06 09:48 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-06 09:48 . 2009-08-06 09:48 -------- d-----w- c:\program files\iPod
2009-08-06 09:48 . 2009-08-06 09:48 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-06 09:48 . 2009-08-06 09:48 -------- d-----w- c:\program files\iTunes
2009-08-06 09:47 . 2009-08-06 09:47 -------- d-----w- c:\program files\Bonjour
2009-08-06 09:34 . 2009-08-06 09:34 -------- d-----w- c:\program files\Easy Video Downloader
2009-08-04 06:49 . 2009-08-04 06:49 -------- d-----w- c:\users\Pc de wam\AppData\Local\Exalead
2009-07-30 18:40 . 2009-07-30 18:40 -------- d-----w- c:\program files\MSN Messenger
2009-07-30 17:07 . 2009-02-06 16:08 55280 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-07-30 15:14 . 2009-07-30 15:14 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-30 15:12 . 2009-07-30 15:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-26 14:27 . 2009-07-26 14:31 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-26 14:27 . 2009-07-30 17:05 -------- d-----w- c:\program files\Windows Live
2009-07-26 14:13 . 2009-07-26 14:13 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-26 14:08 . 2009-07-26 14:08 86576 ----a-w- c:\users\Pc de wam\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-07-26 14:07 . 2009-07-26 14:07 392728 ----a-w- c:\users\Pc de wam\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-07-26 14:07 . 2009-07-26 14:07 135680 ----a-w- c:\users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-07-26 14:07 . 2009-07-26 14:07 132672 ----a-w- c:\users\Pc de wam\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 09:54 . 2009-02-24 12:15 -------- d-----w- c:\program files\pdfforge Toolbar
2009-08-15 09:36 . 2009-01-26 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 09:36 . 2009-01-26 16:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-15 09:35 . 2008-12-11 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 09:34 . 2009-01-05 15:47 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-15 09:01 . 2008-01-21 08:40 713304 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-15 09:01 . 2008-01-21 08:40 143336 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-15 08:57 . 2009-01-13 10:55 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-08-15 08:55 . 2009-01-07 14:00 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-14 19:52 . 2009-02-04 16:04 -------- d-----w- c:\programdata\Google Updater
2009-08-14 15:15 . 2008-12-11 13:47 1 ----a-w- c:\users\Pc de wam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-13 17:43 . 2009-01-12 21:56 -------- d-----w- c:\program files\Micro Application
2009-08-13 17:43 . 2008-03-15 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 08:40 . 2009-08-13 08:40 -------- d-----w- c:\program files\Maïdo Production
2009-08-12 19:20 . 2009-02-21 21:01 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\Command & Conquer(tm) 3  La Fureur de Kane
2009-08-12 08:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 16:54 . 2008-12-11 16:58 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\Skype
2009-08-11 16:51 . 2008-12-11 16:59 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\skypePM
2009-08-06 10:12 . 2008-12-22 03:53 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\dvdcss
2009-08-06 10:00 . 2009-01-11 15:33 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\Apple Computer
2009-08-06 09:48 . 2008-12-14 19:23 -------- d-----w- c:\program files\Common Files\Apple
2009-08-06 09:48 . 2008-12-14 19:22 -------- d-----w- c:\programdata\Apple Computer
2009-08-06 09:47 . 2009-01-16 07:23 -------- d-----w- c:\program files\QuickTime
2009-08-03 20:26 . 2008-12-11 18:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 11:36 . 2008-12-11 15:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-12-11 15:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 18:27 . 2009-06-15 11:27 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\vlc
2009-07-30 18:27 . 2009-03-10 08:33 -------- d-----w- c:\program files\Glary Utilities
2009-07-30 10:38 . 2009-01-13 10:55 352615 ---ha-w- c:\windows\system32\drivers\vsconfig(91).xml
2009-07-26 14:27 . 2009-02-18 22:47 -------- d-----w- c:\programdata\WLInstaller
2009-07-25 09:02 . 2009-06-16 23:04 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-07-22 05:35 . 2009-06-10 05:57 -------- d-----w- c:\users\Pc de wam\AppData\Roaming\gtk-2.0
2009-07-21 21:52 . 2009-07-29 18:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 15:23 . 2009-03-03 20:14 -------- d-----w- c:\programdata\Electronic Arts
2009-07-18 10:56 . 2009-02-05 16:14 -------- d-----w- c:\program files\Crawler
2009-07-18 10:53 . 2008-12-11 20:14 -------- d-----w- c:\program files\Electronic Arts
2009-07-18 10:53 . 2009-07-19 10:47 2701312 ----a-w- c:\windows\Internet Logs\xDB80A3.tmp
2009-07-17 13:54 . 2009-08-12 08:02 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 08:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 08:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 08:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 08:02 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 16:16 . 2008-12-29 18:22 1 ----a-w- c:\users\Valerie\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-08 13:08 . 2008-12-11 17:25 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-06 17:18 . 2008-12-11 14:52 116104 ----a-w- c:\users\Valerie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 07:25 . 2009-04-19 20:41 172920 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-04 07:09 . 2009-03-16 16:12 -------- d-----w- c:\program files\Safari
2009-07-03 08:42 . 2009-07-03 08:41 31834577 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2009_07_03_10_35_10_full.dmp.zip
2009-07-03 08:17 . 2009-07-01 16:17 -------- d-----w- c:\program files\MagicDisc
2009-06-30 18:37 . 2008-12-11 21:47 -------- d-----w- c:\programdata\TrackMania
2009-06-27 07:53 . 2008-12-11 12:37 116104 ----a-w- c:\users\Pc de wam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-27 07:43 . 2009-01-27 22:44 -------- d-----w- c:\program files\Finale 2002
2009-06-27 07:42 . 2009-03-16 16:18 -------- d-----w- c:\program files\Food Force - Version Française
2009-06-27 07:41 . 2009-04-16 12:58 -------- d-----w- c:\programdata\Media Center Programs
2009-06-25 12:46 . 2009-06-25 12:46 10134 ----a-r- c:\users\Pc de wam\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-25 12:46 . 2009-06-25 12:46 -------- d-----w- c:\program files\Microsoft WSE
2009-06-21 14:30 . 2009-03-27 07:05 6031786 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-18 10:02 . 2009-06-18 10:01 2665 ----a-w- c:\users\Pc de wam\errorlog.tmp
2009-06-16 23:41 . 2009-06-16 23:41 -------- d-----w- c:\program files\DivX
2009-06-16 23:41 . 2009-06-16 23:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-15 23:15 . 2009-08-12 08:02 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 14:54 . 2009-08-12 08:02 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 14:53 . 2009-07-15 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:53 . 2009-08-12 08:02 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 14:53 . 2009-08-12 08:02 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 14:53 . 2009-08-12 08:02 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 14:52 . 2009-08-12 08:02 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 14:52 . 2009-07-15 10:58 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-08-12 08:02 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 14:52 . 2009-07-15 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:48 . 2009-08-12 08:02 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:42 . 2009-07-15 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 11:42 . 2009-08-12 08:02 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 11:38 . 2009-08-12 08:02 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-07 15:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-07 14:51 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-04 12:07 . 2009-08-12 08:02 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-03-18 14:21 . 2009-03-18 14:21 61 --sh--w- c:\windows\cnerolf.dat
2006-05-03 10:06 . 2009-02-25 22:02 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-02-25 22:02 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-02-25 22:02 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Google Update"="c:\users\Pc de wam\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-26 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2004-01-07 53248]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-05 68592]
"a-squared"="c:\program files\a-squared Anti-Dialer\a2adguard.exe" [2008-06-03 1497744]
"a-squared Anti-Dialer"="c:\program files\a-squared Anti-Dialer\a2adguard.exe" [2008-06-03 1497744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]

c:\users\Valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\Pc de wam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-7-26 135680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-5-6 118784]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-12-11 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Pc de wam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk]
backup=c:\windows\pss\DesktopEarth AutoStart.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Pc de wam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9b,9f,e2,e5,84,e7,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3401825297-215223651-1193373890-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01FF3703-8975-429B-875A-AB12919BCBC8}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2FB1E4DC-655B-4D66-BC5F-35F864C3CAF8}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{4801CD5B-F558-4808-9CD9-4DFB2F24AC55}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{616AABAB-E816-4AAD-8898-F38B1255D749}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FD0915E6-9BAD-4C0E-98F8-71A181A5E87C}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{EAC16019-5FFD-4479-9BD1-FF44C6A1B94C}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{41BD57FF-08B7-4BBF-9C4D-841047B98225}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{A1BD7223-D5C0-41CC-8383-CC548B9377A0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A94CAEAB-F114-4E1A-B80D-1855BE3D0118}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{77A91AC7-5ED4-464C-BDC3-29578898AD7C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"TCP Query User{B06C7328-753A-4252-9464-BBEDC74C7C4B}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{F4940668-C5EE-4DA9-A6CE-53E8112DD88F}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{1B23C882-A377-4834-9E5B-568A515FF910}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B135110A-46B4-4180-8EBA-1E4B30C14504}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{FC819692-5277-4BBA-8859-CB3093D2AA21}"= UDP:c:\program files\Neuf\Kit\9mail.exe:Assistant de messagerie
"{56942CA2-83C8-4E42-AC84-54A46DF28ABB}"= TCP:c:\program files\Neuf\Kit\9mail.exe:Assistant de messagerie
"{51BFACC5-1079-4DE9-A489-8C58084B67E8}"= UDP:c:\program files\Neuf\Kit\9props.exe:Etat de votre connexion
"{A37D0CC8-CCC9-4083-91A9-9DF688103CB3}"= TCP:c:\program files\Neuf\Kit\9props.exe:Etat de votre connexion
"{42E3FABF-BC0E-4012-A2DC-B67E604D1FB7}"= UDP:c:\program files\Neuf\Kit\9conf.exe:Reconfigurer votre connexion
"{FDB7C274-84A1-4F42-8D73-E4BB6BE6D9B5}"= TCP:c:\program files\Neuf\Kit\9conf.exe:Reconfigurer votre connexion
"{F643AC2E-E611-4A12-B8F3-75AEF3A71C8F}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{1875B86A-5D43-488D-98A0-7E64F27C58F1}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{2DEA0FF4-D6BA-4D94-8314-35565FE0F447}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{77870088-DCF7-43F6-92CA-B52F9F4FFA00}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{C1868309-C67A-4FC8-A349-826DAEA40696}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{4F3CAA27-96FC-4F01-8306-D676D104D266}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"{E8122EC5-604A-49BC-8FB5-1D03A4EFAD4A}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{9BF118AC-D5ED-4856-B3A3-B9C1383CD72F}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{9520839C-2B82-4FB6-A277-B31B873F44AE}"= Disabled:UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{E89CC638-5CB7-4DE1-9CBB-57DD2B14E6BB}"= Disabled:TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
"{1D5AB5DF-8845-44DA-895A-03F9D639A7E1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6A40A4A9-0D74-4D42-8037-1A1D8123BA35}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C9300A55-5492-434F-8FF8-DCBD36416884}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{14E388DC-F378-4E20-95F7-DE6099A82E37}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{34336C4A-3B38-4FAD-B87C-E11AC2C70850}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{7096149B-37C6-4724-80B4-09A3D7121727}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{C5758B98-3D78-4987-80AC-AD3C96806BC6}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{CFA04BE6-97A8-4B17-9172-CD5822535567}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{0238ACDC-14A8-4540-B2E8-857D78E6BDBE}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{A432CC13-1204-4079-9150-38F1FE167D70}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{1443CD08-6DDC-42C0-BF5E-3040E4F1D58E}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{736F815B-4BF8-4B13-A4B4-12083442AA0E}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{C4CD8915-428B-412E-9C89-4C497017F04A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{2EE92D32-1E08-406E-9D63-6C71E05347E5}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E72EA533-DA3E-4176-A507-39B93B70D51D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F68D65FC-421C-4D8F-A56B-ABDA79723021}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F505B036-785B-4EF7-923C-33D6BE181F26}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{ACC63375-3331-4DBA-B66A-E4769412E4BD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C676C503-F333-4C43-8479-5D948214054B}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{14D294CD-52A7-4C5D-8D20-6ED4B991FB01}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [05/05/2009 19:27 130936]
R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [11/12/2008 19:21 4064]
R2 a2AntiDialer;a-squared Anti-Dialer Service;c:\program files\a-squared Anti-Dialer\a2service.exe [05/05/2009 21:45 425080]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\ACEDRV11.sys [23/01/2008 10:19 501560]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [08/06/2009 14:04 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPNT.SYS [11/02/2009 21:41 14976]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [31/03/2009 17:02 1153368]
S2 gupdate1c9a430e71f83c9;Google Update Service (gupdate1c9a430e71f83c9);c:\program files\Google\Update\GoogleUpdate.exe [17/02/2009 01:44 133104]
S2 SeekService Service;SeekService Service;"c:\programdata\SeekService\seekservice114.exe" "c:\program files\SeekService\seekservice.dll" Service --> c:\programdata\SeekService\seekservice114.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/01/2009 17:10 1527900]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/07/2009 19:07 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ovt530;Webcam Classic;c:\windows\System32\drivers\ov530vid.sys [11/12/2008 19:09 161792]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [05/05/2009 19:27 348752]
S3 ultradfg;ultradfg;c:\windows\System32\drivers\ultradfg.sys [18/02/2009 10:41 30720]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [10/01/2009 17:10 544768]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-27 08:49]

2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 20:20]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 23:44]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 23:44]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3401825297-215223651-1193373890-1000Core.job
- c:\users\Pc de wam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-26 14:36]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3401825297-215223651-1193373890-1000UA.job
- c:\users\Pc de wam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-26 14:36]

2009-08-09 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-08 07:22]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{53BCF99A-B7BE-4D6D-B65D-EA2FD115B83F} - (no file)

.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chat-land.org
Trusted Zone: localhost
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Pc de wam\AppData\Roaming\Mozilla\Firefox\Profiles\7vvd3hdt.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Pc de wam\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 11:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3401825297-215223651-1193373890-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,52,a0,0d,d0,fe,84,11,33,92,cb,01,78,d9,ba,c9,8b,b2,09,f6,a8,c8,34,
bf,78,49,aa,c4,a6,e0,5f,21,cf,0b,99,1a,2f,94,91,7d,07,19,8e,98,8e,01,ae,ae,\
"??"=hex:11,f0,60,db,37,28,f5,a2,92,4d,28,5e,99,c6,56,4b

[HKEY_USERS\S-1-5-21-3401825297-215223651-1193373890-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,35,73,a4,bb,5a,71,17,df,28,7b,46,3c,3b,0d,fd,08,32,06,e8,3e,
e9,74,33,47,69,04,b2,2b,e0,81,f7,12,db,12,f0,01,48,bb,7f,b5,09,63,89,94,57,\
"rkeysecu"=hex:f4,a0,52,ce,91,d6,c9,59,5b,71,4b,1c,82,f4,1f,c9

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{21f135ff-0279-49c8-ad5a-4d13124e7244}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{29491500-32a1-4a81-98b9-c9518aec5484}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00016c
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2b14e14f-230c-4346-8dab-1d681809389b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001e2a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{92ac5daa-a1aa-486b-967b-802804a599ef}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001e2a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d532b358-133f-43c0-b4c3-125eaacd384d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001e2a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-08-15 12:00
ComboFix-quarantined-files.txt 2009-08-15 10:00

Pre-Run: 21 449 842 688 octets libres
Post-Run: 21 423 202 304 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,9,10,11,12,14,15,16,17,18
449 --- E O F --- 2009-08-14 06:39
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonjour,

Malwarebytes ne marche pas ??!!
0
Réponse 26 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
en cours depuis 35 minutes ...
0
Réponse 27 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
encours dpuis 36 minutes ....

et le scan de combofix ça te parle pas ?
0
Réponse 28 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok... ComboFix a supprimé une partie des tollbars infectées ;-)
0
Réponse 29 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
malwarbyte resultat du scan negatif....
(J'étais parti faire une sieste, je suis pas loin d'agen, aujourd'hui la ville la plus chaude de france 38° sous abri, 45 ou 50 dehors !)

Je vais faire un scan avec spybot !
0
Réponse 30 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Dans la barre des tâches, clique sur Démarrer puis sur Exécuter

▶ Tape Msconfig puis clique sur OK

▶ Clique sur l'onglet "services" et décoche la case SeekService

▶ Ensuite clique sur Appliquer ==> OK

Ensuite refais un nouveau rapport avec RSIT stp
0
Réponse 31 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
En attendand jai fait un scan malwarbyte, avira anti virus et spybot, rien ! Résultats négatifs !
0
Réponse 32 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
J'ai regardé sur mon disque C: plus de seekservice et j'ai fait msconfig pas de seekservice dans les services non-plus !
dernier log de RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pc de wam at 2009-08-15 22:20:47
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 20 GB (11%) free of 185 GB
Total RAM: 3070 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:14, on 15/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Pc de wam\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Pc de wam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pc de wam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9a430e71f83c9) (gupdate1c9a430e71f83c9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeekService Service - Unknown owner - C:\ProgramData\SeekService\seekservice114.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 33 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pc de wam at 2009-08-15 22:20:47
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 20 GB (11%) free of 185 GB
Total RAM: 3070 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:14, on 15/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Pc de wam\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Pc de wam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pc de wam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Pc de wam\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c9a430e71f83c9) (gupdate1c9a430e71f83c9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SeekService Service - Unknown owner - C:\ProgramData\SeekService\seekservice114.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 34 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
tu vois ? parce que c'est en gris clair !
0
Réponse 35 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Pourrais-tu réessayer ToobarSD stp ??
0
Réponse 36 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
Se passe toujours rien la fenêtre disparait et puis rien ... !
0
Réponse 37 / 43
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Supprime-le et réinstalle pour voir...

Si l'option 1 ne va pas, fais directement l'option 2
0
Réponse 38 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
j'avais déja supprimé et réinstallé deux minutes je fais l'option 2
(encore merci de passer du temps)
0
Réponse 39 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
Pareil ! Rien ne se passe !
0
Réponse 40 / 43
strictmaximum Messages postés 111 Statut Membre 18
 
je peux faire un autre combofix si tu veux ?
0