Problème de pubs intempestives sur firefox
Résolu
mjkite29
Messages postés
10
Statut
Membre
-
Narco!4 Messages postés 2446 Statut Contributeur -
Narco!4 Messages postés 2446 Statut Contributeur -
Bonjour,
J'ai depuis quelques jours un problème sur mon internet, j'ai firefox + avast sous vista, et j'ai des pubs fenetres intempestives qui arrivent ... ça commence à être très énervant.
J'ai essayé plusieurs choses, Ad Aware + spybot, ensuite Adblock Plus en supplément de firefox ... mais rien n'y fait, j'ai toujours ces fenetres qui viennent ...
HELP ME !!!!!!
J'ai depuis quelques jours un problème sur mon internet, j'ai firefox + avast sous vista, et j'ai des pubs fenetres intempestives qui arrivent ... ça commence à être très énervant.
J'ai essayé plusieurs choses, Ad Aware + spybot, ensuite Adblock Plus en supplément de firefox ... mais rien n'y fait, j'ai toujours ces fenetres qui viennent ...
HELP ME !!!!!!
A voir également:
- Problème de pubs intempestives sur firefox
- Bloquer les pubs sur youtube - Accueil - Streaming
- Downloadhelper firefox - Télécharger - Outils pour navigateurs
- Telecharger firefox - Télécharger - Navigateurs
- Exporter favoris firefox - Guide
- Supprimer les pubs - Guide
7 réponses
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Bonsoir,
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
# Double-clique sur " RSIT.exe " pour le lancer .
( si sous vista --> click droit sur le fichier et choisir exécuter en tant qu'administrateur )
# dans la fenêtre qui va s’ouvrir choisis 1 month pour l'option "List files/folders created ...".
# clique ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse. deux rapports vont être crées.
# Poste en deux messages le contenu de " log.txt ", et de " info.txt " ( dans la barre des tâches).
Note : Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
# Double-clique sur " RSIT.exe " pour le lancer .
( si sous vista --> click droit sur le fichier et choisir exécuter en tant qu'administrateur )
# dans la fenêtre qui va s’ouvrir choisis 1 month pour l'option "List files/folders created ...".
# clique ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse. deux rapports vont être crées.
# Poste en deux messages le contenu de " log.txt ", et de " info.txt " ( dans la barre des tâches).
Note : Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
Narco!4 voilà le résultat :
Rapport GenProc 2.627 [1] - 15/09/2009 à 19:19:13
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:47, on 15/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\outil\Marianne_GenProc.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.2.4650\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku117.exe
Rapport GenProc 2.627 [1] - 15/09/2009 à 19:19:13
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.3) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:47, on 15/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\outil\Marianne_GenProc.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.2.4650\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku117.exe
verni29, voilà le premier :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marianne at 2009-09-15 19:21:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 94 GB (64%) free of 148 GB
Total RAM: 3066 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:34, on 15/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marianne\Downloads\RSIT.exe
C:\Program Files\trend micro\Marianne.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.2.4650\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku117.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marianne at 2009-09-15 19:21:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 94 GB (64%) free of 148 GB
Total RAM: 3066 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:34, on 15/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marianne\Downloads\RSIT.exe
C:\Program Files\trend micro\Marianne.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.7.2.4650\NPIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.1.1010\ssd.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sukoku Service - Unknown owner - C:\ProgramData\Sukoku\sukoku117.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
voilà ton résultat NARCO :
ComboFix 09-09-14.02 - Marianne 15/09/2009 19:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1829 [GMT 2:00]
Lancé depuis: c:\users\Marianne\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2941588813-870258832-2538812315-500
c:\$recycle.bin\S-1-5-21-3317431821-2754218308-1391888111-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.7.2.4650\adwpx.exe
c:\program files\Internet Saving Optimizer\3.7.2.4650\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.2.4650\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\unins000.dat
c:\program files\Internet Saving Optimizer\3.7.2.4650\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEaddon.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\System Search Dispatcher\1.4.1.1010\ssD.dll
c:\windows\msetup
c:\windows\msetup\BASW-00503A66\data1.cab
c:\windows\msetup\BASW-00503A66\data1.hdr
c:\windows\msetup\BASW-00503A66\data2.cab
c:\windows\msetup\BASW-00503A66\engine32.cab
c:\windows\msetup\BASW-00503A66\layout.bin
c:\windows\msetup\BASW-00503A66\PlayCamera\CameraOn.wav
c:\windows\msetup\BASW-00503A66\PlayCamera\Click.wav
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_chs_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_cht_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_deu_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_eng_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_esp_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_fra_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ita_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_kor_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ptg_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_rus_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ukr_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\HookDllPS2.dll
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\Back_Big.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\Back_Small.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbCancel.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbHelp.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbOk.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbOpen.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbPreviewOff.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbPreviewOn.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbRecordOff.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbRecordOn.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbSnap.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\PlayCamera.ico
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_chs.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_cht.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_deu.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_eng.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_esp.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_fra.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ita.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_kor.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ptg.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_rus.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ukr.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\PlayCamera.exe
c:\windows\msetup\BASW-00503A66\PlayCamera\SSHook.dll
c:\windows\msetup\BASW-00503A66\PlayCamera\Uninst.ico
c:\windows\msetup\BASW-00503A66\setup.exe
c:\windows\msetup\BASW-00503A66\setup.ibt
c:\windows\msetup\BASW-00503A66\setup.ini
c:\windows\msetup\BASW-00503A66\setup.iss
c:\windows\msetup\BASW-00503A66\SWDesc.txt
c:\windows\msetup\BASW-01038A05\ChgWLANSettings.exe
c:\windows\msetup\MSetup.exe
c:\windows\msetup\MSetupLog.log
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-15 au 2009-09-15 ))))))))))))))))))))))))))))))))))))
.
2009-09-15 17:35 . 2009-09-15 17:35 -------- d-----w- c:\users\Marianne\AppData\Local\temp
2009-09-15 17:35 . 2009-09-15 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-15 17:21 . 2009-09-15 17:21 -------- d-----w- c:\program files\trend micro
2009-09-15 17:21 . 2009-09-15 17:21 -------- d-----w- C:\rsit
2009-09-15 17:18 . 2009-09-15 17:19 -------- d-----w- C:\GenProc
2009-09-15 15:34 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 15:34 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 15:34 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 15:34 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 15:34 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-15 15:34 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 15:34 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-14 16:47 . 2009-09-14 16:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-14 16:41 . 2009-09-14 16:41 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-14 16:41 . 2009-09-14 16:41 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-14 16:20 . 2009-09-14 16:20 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-14 16:20 . 2009-09-14 16:41 -------- d-----w- c:\programdata\Lavasoft
2009-09-14 16:20 . 2009-09-14 16:20 -------- d-----w- c:\program files\Lavasoft
2009-09-14 16:19 . 2009-09-14 17:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-14 16:19 . 2009-09-14 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\users\Marianne\AppData\Roaming\Malwarebytes
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\programdata\Malwarebytes
2009-09-13 17:11 . 2009-09-13 17:11 -------- d-----w- c:\users\Marianne\AppData\Roaming\SoftInform
2009-09-13 17:10 . 2009-09-13 17:18 -------- d-----w- c:\users\Marianne\AppData\Roaming\AdsCleaner
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\programdata\Sukoku
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\program files\Sukoku
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-09 15:53 . 2009-09-09 15:53 -------- d-----w- c:\program files\DoubleD
2009-09-09 15:53 . 2009-09-09 16:05 -------- dc-h--w- c:\programdata\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE}
2009-09-09 15:46 . 2009-09-09 15:49 -------- d-----w- c:\program files\DivX
2009-09-09 15:46 . 2009-09-09 15:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-04 14:00 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 07:55 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-08-22 09:12 . 2009-08-22 09:12 -------- d-----w- c:\users\Marianne\AppData\Local\Downloaded Installations
2009-08-22 09:12 . 2009-08-22 09:12 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\programdata\Studio 12
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\program files\Pinnacle
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-08-19 18:21 . 2009-08-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2009-08-18 10:58 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-18 10:58 . 2009-08-18 10:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-17 12:02 . 2009-08-17 12:05 -------- d-----w- c:\program files\VCW VicMan's Photo Editor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 16:42 . 2008-12-30 01:21 724052 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-15 16:42 . 2008-12-30 01:21 146398 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 15:35 . 2008-12-30 18:27 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-13 20:05 . 2009-07-11 19:34 -------- d-----w- c:\program files\Google
2009-09-13 19:37 . 2009-07-20 17:43 -------- d-----w- c:\programdata\Electronic Arts
2009-09-13 19:31 . 2009-07-01 12:50 -------- d-----w- c:\programdata\HP Product Assistant
2009-09-13 19:30 . 2008-12-30 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 19:30 . 2009-07-20 17:08 -------- d-----w- c:\program files\Electronic Arts
2009-09-10 05:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 05:21 . 2008-12-30 02:28 -------- d-----w- c:\programdata\Microsoft Help
2009-09-07 16:17 . 2009-08-05 13:36 -------- d-----w- c:\users\Marianne\AppData\Roaming\vlc
2009-08-22 09:14 . 2009-06-26 12:52 131160 ----a-w- c:\users\Marianne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-22 09:08 . 2009-07-02 14:44 -------- d-----w- c:\programdata\Pinnacle
2009-08-21 09:49 . 2009-06-26 15:33 78948 ----a-w- c:\programdata\nvModes.dat
2009-08-18 11:07 . 2009-06-28 19:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-18 11:02 . 2009-06-26 13:48 -------- d-----w- c:\program files\Windows Live
2009-08-14 17:07 . 2009-09-09 15:35 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 15:35 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 15:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 15:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 15:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 15:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 15:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 15:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 15:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 15:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-13 08:18 . 2009-08-12 12:02 -------- d-----w- c:\program files\MCK3
2009-08-05 13:36 . 2009-08-05 13:36 -------- d-----w- c:\users\Marianne\AppData\Roaming\dvdcss
2009-08-05 13:35 . 2009-08-05 13:35 -------- d-----w- c:\program files\VideoLAN
2009-07-29 09:45 . 2009-07-01 12:55 -------- d-----w- c:\users\Marianne\AppData\Roaming\HP
2009-07-20 17:40 . 2009-07-20 17:40 -------- d-----w- c:\program files\Microsoft WSE
2009-07-18 16:06 . 2009-07-29 09:20 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 09:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 09:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 15:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 15:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 15:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 15:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-09 15:35 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 15:35 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 15:35 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 15:35 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 12:58 . 2009-07-01 12:40 188582 ----a-w- c:\windows\hpoins30.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-14 520024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-08 6273568]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5F0EE730-53F9-4906-A901-47A11FFC8931}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F67F7041-360E-49D1-B936-AEF4E14D5B7E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C1DD4B16-DDFF-403D-AA8E-A89C2E133B14}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{DB90B064-4227-48D7-80C1-DA934163650D}"= e:\setup\hpznui01.exe:hpznui01.exe
"{0A753B37-E69A-4C10-9899-A715E9F8C93E}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{BF51480E-60AE-4BF8-A1A1-BE1A7B9F0D2F}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4B446F57-BFDD-4F34-8E3C-9DC297692A3F}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5B0C2DCF-B9C8-4A71-A5DF-B4E80BD9A962}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{97D216F7-CE20-4956-B546-108687ED8DAD}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{96CAEF4D-F2A8-442A-8CED-F1D45E0DFC68}"= c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{E29ADF43-E02B-45A3-9B2F-00EF21E6C16C}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{19DFB54C-E76F-4F2A-8B5E-EDE1D2B7FD22}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{AF105CD7-1E88-449C-8AC6-C46FE35168BD}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{C2CCD797-1FDE-4F84-95EB-6428D5093944}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{455B5FB0-43D1-45E2-9284-2548527CDEBD}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{C981BB3D-11B6-42CB-88E4-A91DCCD3A35B}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{23EC8EED-542A-45AB-B588-D51FC5801B9F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"TCP Query User{3E69D46F-E51F-48DE-8D42-74C1ECDAAE45}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8391A27B-47F4-4E53-8F68-72B1566785FD}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{DBCFCD58-C49E-444E-A904-3D264A40A085}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{FBB1E99C-6E69-4664-B1A9-265A15B9C881}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C91A40F2-5B58-4C76-B7F3-04CEF7F80023}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{F2925DC1-691C-420C-A5D7-73520A2767C6}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{1C6186D6-B845-455E-AD6B-F50731EF14A3}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{975046ED-5CC9-440D-BD39-3CF1AF0BC9A3}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{6DEA7166-F5F8-4B68-A195-B10F88961995}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14/09/2009 18:41 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [15/09/2009 17:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [15/09/2009 17:34 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [15/09/2009 17:34 53328]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [30/12/2008 03:43 13312]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/09/2009 18:19 1153368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [30/12/2008 03:12 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [30/12/2008 03:40 242048]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
S2 Sukoku Service;Sukoku Service;c:\programdata\Sukoku\sukoku117.exe [09/09/2009 17:55 54760]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29/07/2008 04:45 904192]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-09-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\k59mij40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
AddRemove-{BED1705F-7558-40f7-9F52-6C6FBD58EA2E} - c:\program files\HP\Digital Imaging\{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}\setup\hpzscr01.exe -datfile hposcr30.dat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 19:35
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\Marianne\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Heure de fin: 2009-09-15 19:37
ComboFix-quarantined-files.txt 2009-09-15 17:37
Avant-CF: 98 130 522 112 octets libres
Après-CF: 98 105 106 432 octets libres
333 --- E O F --- 2009-09-14 16:07
ComboFix 09-09-14.02 - Marianne 15/09/2009 19:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1829 [GMT 2:00]
Lancé depuis: c:\users\Marianne\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2941588813-870258832-2538812315-500
c:\$recycle.bin\S-1-5-21-3317431821-2754218308-1391888111-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.7.2.4650\adwpx.exe
c:\program files\Internet Saving Optimizer\3.7.2.4650\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.7.2.4650\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.2.4650\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.7.2.4650\unins000.dat
c:\program files\Internet Saving Optimizer\3.7.2.4650\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEaddon.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\System Search Dispatcher\1.4.1.1010\ssD.dll
c:\windows\msetup
c:\windows\msetup\BASW-00503A66\data1.cab
c:\windows\msetup\BASW-00503A66\data1.hdr
c:\windows\msetup\BASW-00503A66\data2.cab
c:\windows\msetup\BASW-00503A66\engine32.cab
c:\windows\msetup\BASW-00503A66\layout.bin
c:\windows\msetup\BASW-00503A66\PlayCamera\CameraOn.wav
c:\windows\msetup\BASW-00503A66\PlayCamera\Click.wav
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_chs_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_cht_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_deu_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_eng_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_esp_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_fra_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ita_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_kor_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ptg_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_rus_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\Help\PlayCamera_ukr_s.chm
c:\windows\msetup\BASW-00503A66\PlayCamera\HookDllPS2.dll
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\Back_Big.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\Back_Small.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbCancel.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbHelp.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbOk.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbOpen.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbPreviewOff.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbPreviewOn.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbRecordOff.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbRecordOn.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\gbSnap.bmp
c:\windows\msetup\BASW-00503A66\PlayCamera\Images\PlayCamera.ico
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_chs.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_cht.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_deu.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_eng.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_esp.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_fra.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ita.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_kor.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ptg.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_rus.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\Language\PlayCamera_ukr.txt
c:\windows\msetup\BASW-00503A66\PlayCamera\PlayCamera.exe
c:\windows\msetup\BASW-00503A66\PlayCamera\SSHook.dll
c:\windows\msetup\BASW-00503A66\PlayCamera\Uninst.ico
c:\windows\msetup\BASW-00503A66\setup.exe
c:\windows\msetup\BASW-00503A66\setup.ibt
c:\windows\msetup\BASW-00503A66\setup.ini
c:\windows\msetup\BASW-00503A66\setup.iss
c:\windows\msetup\BASW-00503A66\SWDesc.txt
c:\windows\msetup\BASW-01038A05\ChgWLANSettings.exe
c:\windows\msetup\MSetup.exe
c:\windows\msetup\MSetupLog.log
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-15 au 2009-09-15 ))))))))))))))))))))))))))))))))))))
.
2009-09-15 17:35 . 2009-09-15 17:35 -------- d-----w- c:\users\Marianne\AppData\Local\temp
2009-09-15 17:35 . 2009-09-15 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-15 17:21 . 2009-09-15 17:21 -------- d-----w- c:\program files\trend micro
2009-09-15 17:21 . 2009-09-15 17:21 -------- d-----w- C:\rsit
2009-09-15 17:18 . 2009-09-15 17:19 -------- d-----w- C:\GenProc
2009-09-15 15:34 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 15:34 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 15:34 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 15:34 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 15:34 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-15 15:34 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 15:34 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-14 16:47 . 2009-09-14 16:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-14 16:41 . 2009-09-14 16:41 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-14 16:41 . 2009-09-14 16:41 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-14 16:20 . 2009-09-14 16:20 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-14 16:20 . 2009-09-14 16:41 -------- d-----w- c:\programdata\Lavasoft
2009-09-14 16:20 . 2009-09-14 16:20 -------- d-----w- c:\program files\Lavasoft
2009-09-14 16:19 . 2009-09-14 17:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-14 16:19 . 2009-09-14 16:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\users\Marianne\AppData\Roaming\Malwarebytes
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 17:20 . 2009-09-13 17:20 -------- d-----w- c:\programdata\Malwarebytes
2009-09-13 17:11 . 2009-09-13 17:11 -------- d-----w- c:\users\Marianne\AppData\Roaming\SoftInform
2009-09-13 17:10 . 2009-09-13 17:18 -------- d-----w- c:\users\Marianne\AppData\Roaming\AdsCleaner
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\programdata\Sukoku
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\program files\Sukoku
2009-09-09 15:53 . 2009-09-13 19:31 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-09 15:53 . 2009-09-09 15:53 -------- d-----w- c:\program files\DoubleD
2009-09-09 15:53 . 2009-09-09 16:05 -------- dc-h--w- c:\programdata\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE}
2009-09-09 15:46 . 2009-09-09 15:49 -------- d-----w- c:\program files\DivX
2009-09-09 15:46 . 2009-09-09 15:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-04 14:00 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 07:55 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-22 09:13 . 2009-08-22 09:13 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-08-22 09:12 . 2009-08-22 09:12 -------- d-----w- c:\users\Marianne\AppData\Local\Downloaded Installations
2009-08-22 09:12 . 2009-08-22 09:12 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\programdata\Studio 12
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\program files\Pinnacle
2009-08-22 09:08 . 2009-08-22 09:08 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-08-19 18:21 . 2009-08-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2009-08-18 10:58 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-18 10:58 . 2009-08-18 10:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-17 12:02 . 2009-08-17 12:05 -------- d-----w- c:\program files\VCW VicMan's Photo Editor
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 16:42 . 2008-12-30 01:21 724052 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-15 16:42 . 2008-12-30 01:21 146398 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-15 15:35 . 2008-12-30 18:27 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-13 20:05 . 2009-07-11 19:34 -------- d-----w- c:\program files\Google
2009-09-13 19:37 . 2009-07-20 17:43 -------- d-----w- c:\programdata\Electronic Arts
2009-09-13 19:31 . 2009-07-01 12:50 -------- d-----w- c:\programdata\HP Product Assistant
2009-09-13 19:30 . 2008-12-30 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 19:30 . 2009-07-20 17:08 -------- d-----w- c:\program files\Electronic Arts
2009-09-10 05:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 05:21 . 2008-12-30 02:28 -------- d-----w- c:\programdata\Microsoft Help
2009-09-07 16:17 . 2009-08-05 13:36 -------- d-----w- c:\users\Marianne\AppData\Roaming\vlc
2009-08-22 09:14 . 2009-06-26 12:52 131160 ----a-w- c:\users\Marianne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-22 09:08 . 2009-07-02 14:44 -------- d-----w- c:\programdata\Pinnacle
2009-08-21 09:49 . 2009-06-26 15:33 78948 ----a-w- c:\programdata\nvModes.dat
2009-08-18 11:07 . 2009-06-28 19:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-18 11:02 . 2009-06-26 13:48 -------- d-----w- c:\program files\Windows Live
2009-08-14 17:07 . 2009-09-09 15:35 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 15:35 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 15:35 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 15:35 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 15:35 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 15:35 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 15:35 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 15:35 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 15:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 15:35 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-13 08:18 . 2009-08-12 12:02 -------- d-----w- c:\program files\MCK3
2009-08-05 13:36 . 2009-08-05 13:36 -------- d-----w- c:\users\Marianne\AppData\Roaming\dvdcss
2009-08-05 13:35 . 2009-08-05 13:35 -------- d-----w- c:\program files\VideoLAN
2009-07-29 09:45 . 2009-07-01 12:55 -------- d-----w- c:\users\Marianne\AppData\Roaming\HP
2009-07-20 17:40 . 2009-07-20 17:40 -------- d-----w- c:\program files\Microsoft WSE
2009-07-18 16:06 . 2009-07-29 09:20 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 09:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 09:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 15:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 15:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 15:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 15:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-09 15:35 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 15:35 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 15:35 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 15:35 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-01 12:58 . 2009-07-01 12:40 188582 ----a-w- c:\windows\hpoins30.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-14 520024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-08 6273568]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5F0EE730-53F9-4906-A901-47A11FFC8931}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F67F7041-360E-49D1-B936-AEF4E14D5B7E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C1DD4B16-DDFF-403D-AA8E-A89C2E133B14}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{DB90B064-4227-48D7-80C1-DA934163650D}"= e:\setup\hpznui01.exe:hpznui01.exe
"{0A753B37-E69A-4C10-9899-A715E9F8C93E}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{BF51480E-60AE-4BF8-A1A1-BE1A7B9F0D2F}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{4B446F57-BFDD-4F34-8E3C-9DC297692A3F}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5B0C2DCF-B9C8-4A71-A5DF-B4E80BD9A962}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{97D216F7-CE20-4956-B546-108687ED8DAD}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{96CAEF4D-F2A8-442A-8CED-F1D45E0DFC68}"= c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{E29ADF43-E02B-45A3-9B2F-00EF21E6C16C}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{19DFB54C-E76F-4F2A-8B5E-EDE1D2B7FD22}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{AF105CD7-1E88-449C-8AC6-C46FE35168BD}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{C2CCD797-1FDE-4F84-95EB-6428D5093944}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{455B5FB0-43D1-45E2-9284-2548527CDEBD}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{C981BB3D-11B6-42CB-88E4-A91DCCD3A35B}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{23EC8EED-542A-45AB-B588-D51FC5801B9F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"TCP Query User{3E69D46F-E51F-48DE-8D42-74C1ECDAAE45}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{8391A27B-47F4-4E53-8F68-72B1566785FD}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{DBCFCD58-C49E-444E-A904-3D264A40A085}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{FBB1E99C-6E69-4664-B1A9-265A15B9C881}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{C91A40F2-5B58-4C76-B7F3-04CEF7F80023}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{F2925DC1-691C-420C-A5D7-73520A2767C6}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{1C6186D6-B845-455E-AD6B-F50731EF14A3}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{975046ED-5CC9-440D-BD39-3CF1AF0BC9A3}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{6DEA7166-F5F8-4B68-A195-B10F88961995}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [14/09/2009 18:41 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [15/09/2009 17:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [15/09/2009 17:34 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [15/09/2009 17:34 53328]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [30/12/2008 03:43 13312]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/09/2009 18:19 1153368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [30/12/2008 03:12 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [30/12/2008 03:40 242048]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
S2 Sukoku Service;Sukoku Service;c:\programdata\Sukoku\sukoku117.exe [09/09/2009 17:55 54760]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29/07/2008 04:45 904192]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-09-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\k59mij40.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
AddRemove-{BED1705F-7558-40f7-9F52-6C6FBD58EA2E} - c:\program files\HP\Digital Imaging\{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}\setup\hpzscr01.exe -datfile hposcr30.dat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 19:35
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\Marianne\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Heure de fin: 2009-09-15 19:37
ComboFix-quarantined-files.txt 2009-09-15 17:37
Avant-CF: 98 130 522 112 octets libres
Après-CF: 98 105 106 432 octets libres
333 --- E O F --- 2009-09-14 16:07
