Bonjour, Je sais que ce sujet a été traité à plusieurs reprises, mais l'informatique n'étant pas mon domaine de prédilection, je préfère me tourner vers vous pour ne pas faire de bétises. Donc, d'avance, merci de vos collaborations. Voici donc mon problème : après vérification par Spybot S&D, un virus MyWay.MyWebsearch (5 éléments PUPSC) a été détecté. Parallèlement j'ai constaté un fort ralentissement de la réactivité de mon pc. Je ne sais comment me débarrasser de cette belle merde et je me tourne donc vers vous. Merci d'avance Léo

Help ; MyWay.MyWebsearch

Réponse 21 / 48

Utilisateur anonyme

Bonjour,

OK je refais ça

Léo

Réponse 22 / 48

Utilisateur anonyme

Salut,

Voila le scan RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by guigui at 2009-09-26 14:38:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 199 GB (72%) free of 278 GB
Total RAM: 959 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:17, on 26/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX1000.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\guigui\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\guigui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kcxypsfp] C:\Windows\system32\ibynalir.exe
O4 - HKCU\..\Run: [qonpujbc] C:\Windows\system32\apstovob.exe
O4 - HKCU\..\Run: [jheyhpcy] C:\Windows\system32\slcfarov.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate1c9c4eaeea26020) (gupdate1c9c4eaeea26020) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme

C:\Windows\system32\ibynalir.exe
C:\Windows\system32\apstovob.exe
C:\Windows\system32\slcfarov.exe

analyse moi ces 3 fichiers sur Virus total, et colle moi chaque rapport

Réponse 23 / 48

Utilisateur anonyme

Euh dis moi comment faire !!

tu ne m'a jamais parlé de Virus Total

Léo

Utilisateur anonyme

rend toi ici
https://www.virustotal.com/gui/

clique sur parcourir
cherche les fichiers dans le dossier system 32
sélectionne le fichier à analyser
clique sur ouvrir
clique sur envoyer le fichier
une fois le scan terminé, clique sur afficher le dernier rapport

fait le pour chaque fichier

Réponse 24 / 48

Utilisateur anonyme

J'arrive à system 32 mais après je ne trouve pas les fichiers ....

tu peux m'aider ? dans quel dossier les trouver ?

Utilisateur anonyme

En fin de compte, laisse tomber, tu vas faire autre chose, c'est en préparation
Laisse tomber Virus Total

Réponse 25 / 48

Ced_King Messages postés 3519 Date d'inscription Statut Contributeur Dernière intervention 572

Salut vous deux,

Je me permet d'intervenir afin de faire avancer un peu les choses

Pour Virus-total --> Laisse tomber

eole-11, fais ce qui suit :

Désactive le Tea-timer de Spybot, il risque de gêner les scans,il ne sert à rien ( si ce n'est à consommer pour rien...) par-contre si tu décides de le remettre à la fin de la désinfection, il faudra accepter toutes ( sans exéptions) les modifications du registre qui s'afficheront en forme de pop-up.

Regarde sur ce lien pour le désactiver : Désactiver le tea-timer

Ensuite,

# Télécharge OTM de Old_Timer sur ton Bureau.
# Double clique sur OTM.exe afin de lancer l'outil.
# Copie la liste qui se trouve ci-dessous :



:processes
explorer.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"kcxypsfp"=-
"qonpujbc"=-
"jheyhpcy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"NPSStartup"=-

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
* Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

* Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 26 / 48

Utilisateur anonyme

ok je fais ça de suite

te tiens au jus

Réponse 27 / 48

Utilisateur anonyme

@CED_King : j'ai désactiver Tea-Timer comme tu me l'as demandé, j'ai installé OTM et lancé OTM. J'y ai collé le texte que tu m'a filé, et la le rapport s'affiche mais au moment de le copier, j'ai le message suivant qui apparait " OTM version 3.0.0.6 (ne réponds pas)"

je suis allé voir sur C: et là le rapport est vide.

Que dois je faire ?

Réponse 28 / 48

Utilisateur anonyme

EUH, quelqu'un peut m'aider ??

merci

Léo

Utilisateur anonyme

Ced King est parti, moi, je ne peux pas t'aider pour OTM, Ced King le connait mieux, je vais apprendre à m'en servir, car je suis en formation

Réponse 29 / 48

Utilisateur anonyme

ah ok, mais que fait on alors ?

Utilisateur anonyme

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
guide: http://site-naheulbeuk.com/
imprime la procédure ci-dessous:
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci dans la fenêtre :
* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDfix.

Réponse 30 / 48

Utilisateur anonyme

Salut,

SDfix ne se lance pas lorsque je suis en mode sans échèc, j'arrive bien à RunTHis.bat, lorsque je double-clic dessus, rien ne se passe

???

Réponse 31 / 48

Utilisateur anonyme

HELP HELP

Leo

Réponse 32 / 48

Ced_King Messages postés 3519 Date d'inscription Statut Contributeur Dernière intervention 572

Télécharge et installe ccleaner

- Durant l'installation, décoche la case proposant la barre d'outils yahoo et celle : " ajouter l'option des mises à jour"

- Une fois installé, fermes toutes les applications en cours et lance ccleaner

- clic -->option -->avancé et décoche :

" effacer les fichiers etc... plus vieux que 48h

- Sélectionne " nettoyeur " -->> clic sur Analyse puis nettoyage, puis referme le programme...

---------------------------

Télécharge Combofix et enregistre le sur ton bureau

/!\ Désactive la garde ton antivirus /!\

- Déconnecte toi et ferme toutes les applications en cours

- Double clique sur Combofix.exe >> un message apparait > réponds " oui "

- ( installe la console de récupérations)

- Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

- A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt

Réponse 33 / 48

Utilisateur anonyme

Bonjour

OK je vais faire cela de suite

j'envoie le rapport dès que je l'ai.

Léo

Réponse 34 / 48

Utilisateur anonyme

BOnjour
voilà donc le rapport :

ComboFix 09-09-25.01 - guigui 27/09/2009 11:03.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.959.346 [GMT 2:00]
Lancé depuis: c:\users\guigui\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081126-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081126-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2390729158-2659823099-3483317427-500
c:\$recycle.bin\S-1-5-21-892459890-3911459558-1732268608-500
c:\recycler\S-1-5-21-1634630699-3612818655-1983656346-1113
c:\windows\Installer\21bb0.msi
c:\windows\system32\Microsoft\backup.ftp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-27 au 2009-09-27 ))))))))))))))))))))))))))))))))))))
.

2009-09-26 16:04 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-26 14:18 . 2009-09-26 14:18 -------- d-----w- C:\_OTM
2009-09-25 12:32 . 2009-09-25 12:32 -------- d-----w- c:\users\guigui\AppData\Roaming\Malwarebytes
2009-09-25 12:32 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 12:32 . 2009-09-25 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 12:32 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 11:11 . 2009-09-25 11:12 -------- d-----w- C:\ToolBar SD
2009-09-25 10:31 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-25 10:31 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-25 10:31 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-25 10:31 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-25 10:31 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-25 10:31 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-25 10:31 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-25 10:31 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-25 10:08 . 2009-09-25 10:50 -------- d-----w- c:\program files\trend micro
2009-09-25 10:08 . 2009-09-25 10:08 -------- d-----w- C:\rsit
2009-09-25 07:48 . 2009-09-25 08:31 -------- d-----w- c:\program files\Ad-Remover
2009-09-16 08:41 . 2009-08-13 13:40 43008 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-09-16 08:41 . 2009-08-13 13:39 340480 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-09-16 08:41 . 2009-08-13 13:39 346112 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\ca-ES
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\eu-ES
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\vi-VN
2009-09-12 20:24 . 2009-09-12 20:24 -------- d-----w- c:\windows\system32\EventProviders
2009-09-12 12:57 . 2009-09-12 12:57 -------- d-----w- c:\users\guigui\AppData\Local\Luminescence_Software
2009-09-12 12:39 . 2009-09-12 12:39 -------- d-----w- c:\program files\Luminescence
2009-09-12 12:39 . 2009-09-12 12:39 -------- d-----w- c:\program files\XiphCodecs
2009-09-12 12:38 . 2009-09-12 12:38 -------- d-----w- c:\users\guigui\AppData\Local\PackageAware
2009-09-11 08:22 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-11 08:19 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-11 08:19 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-11 08:19 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-11 08:19 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-11 08:19 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-11 08:19 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-11 08:19 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-11 08:19 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-11 08:19 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-11 08:19 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-11 08:19 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-09 08:22 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:22 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 08:22 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 08:22 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:22 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 08:22 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:22 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:22 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 08:22 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 08:22 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 08:22 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 08:21 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 08:21 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 08:21 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 08:21 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 08:21 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 08:21 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 08:21 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 08:21 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 08:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 08:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 08:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-03 04:46 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 04:45 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 09:12 . 2009-02-10 12:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-26 12:28 . 2008-09-19 09:25 -------- d-----w- c:\users\guigui\AppData\Roaming\uTorrent
2009-09-25 15:03 . 2007-09-12 18:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 08:41 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-25 08:41 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-23 19:21 . 2007-08-09 18:13 -------- d-----w- c:\program files\Java
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-12 20:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-11 14:38 . 2009-09-11 14:38 -------- d-----w- c:\program files\Free Audio Pack
2009-09-02 13:46 . 2009-07-29 10:17 409 ----a-w- c:\users\guigui\errorlog.tmp
2009-08-29 12:10 . 2008-01-06 01:03 -------- d-----w- c:\users\guigui\AppData\Roaming\Apple Computer
2009-08-27 18:41 . 2009-08-27 18:40 -------- d-----w- c:\program files\iTunes
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\program files\iPod
2009-08-27 18:40 . 2009-05-21 16:42 -------- d-----w- c:\program files\Common Files\Apple
2009-08-27 11:05 . 2009-08-27 11:05 604280 ----a-w- c:\users\guigui\AppData\Roaming\HiYo\Data\hiyo_install.exe
2009-08-17 16:10 . 2008-03-27 11:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-04-13 18:58 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-13 18:58 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-03-27 11:11 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-03-27 11:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-27 11:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-03-27 11:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 20:17 . 2007-03-14 23:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 20:17 . 2009-08-04 20:17 69632 ----a-w- c:\users\guigui\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
2009-08-04 20:14 . 2009-08-04 20:10 -------- d-----w- c:\program files\Samsung
2009-08-04 20:12 . 2009-08-04 20:12 -------- d-----w- c:\users\guigui\AppData\Roaming\Samsung
2009-08-04 20:11 . 2009-08-04 20:11 -------- d-----w- c:\program files\MarkAny
2009-08-04 20:11 . 2008-04-13 19:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-25 03:23 . 2008-12-01 18:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:01 . 2009-07-28 17:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 17:50 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 10:39 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-19 232184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2007-02-06 109304]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-18 227840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cd,e9,41,47,ea,33,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{181EA999-C529-4668-A1AB-C5EF04F1EA66}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E476EF29-65EF-4406-8EF3-67377FADBFE8}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{5E5B298F-CF97-495E-B2F7-D28C904144AD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A91D66CC-5EDE-4D07-A916-4625A43CDA1D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{BF2744D7-4231-4503-8189-DFDF8A52D1AC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{EB0A2E2E-F123-4E2F-BACC-F5620BD57EA2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C8839CE5-32B6-4C79-999E-5380643D38C3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D72B80C7-09BE-45AC-AE20-03FF4439D295}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4E1C4C17-4F5F-4D95-BDFB-D1814FE21C8B}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8A87273A-1764-4967-AC10-386D58671DB3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2628EDFF-C951-4433-A265-8077BBF28A69}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{567D1DFC-7692-4F31-AA30-574150658B4A}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3E1CA7B5-30AC-43B0-BA41-FD50AFB8E495}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C0790857-CFD4-446B-A746-53046DC0A6B1}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{25B6EDB6-D0D8-47E2-AB06-DDB74BCA9C6E}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{D33986C3-FC31-46CF-9973-C57247064224}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9A40557-18C4-4122-A840-25B80C033212}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E574F3FC-734F-42D6-B041-842A31973825}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DA3C588C-3F46-4F6E-BB96-09A2BE2D873B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02249713-0122-468E-BFE4-94938B40F584}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{77C5E500-289E-415B-8E73-A85F2BB09137}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{CCB766BF-A139-457D-9C3D-8A0DAF1F5680}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{40819A87-A0F3-4505-8077-2FA7DD1A06EB}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{13979488-69CA-4700-9C40-F2A3C9832FBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BC0D52B8-3D87-4045-BB4A-B98C32DD5584}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{49357530-9AB9-4C63-BC87-8DCD3A4525B3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E617BDB5-F700-4529-8A29-941F6C7DF05C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F29E0E00-84D6-4053-919D-10D3861B6FFA}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{0C68F566-3D36-4789-B0E2-60886A2C43D9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{F88B5A73-0B5C-48F2-AD81-01DC47DFA915}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{BA44D7CE-3E10-4678-8E10-2F6420C4F853}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{D6BD1DCC-F076-43BB-A37E-0DC7BD23BFBC}"= Disabled:UDP:135:TCP Port 135
"{3A10B8BF-2A33-4C1E-A4A9-1F8365E8D329}"= Disabled:UDP:5000:TCP Port 5000
"{4034644C-489A-4401-BEAF-31A9B268BC0E}"= Disabled:UDP:5001:TCP Port 5001
"{ADE47B5B-E943-4754-82FE-5772F31CE9FE}"= Disabled:UDP:5002:TCP Port 5002
"{C6244466-E2C3-4146-B4D6-4196DC9FE387}"= Disabled:UDP:5003:TCP Port 5003
"{8D6B5578-3B9C-4DD3-A814-52D65434604B}"= Disabled:UDP:5004:TCP Port 5004
"{8E1EA99A-E5BD-4457-A2F1-927140B9920E}"= Disabled:UDP:5005:TCP Port 5005
"{DE3ADC54-87DC-4E63-9898-12765FDEABF9}"= Disabled:UDP:5006:TCP Port 5006
"{29A070E2-77FD-42F0-A714-660E10775CE5}"= Disabled:UDP:5007:TCP Port 5007
"{E4340CE8-373D-4805-A41F-417B03EF6BF5}"= Disabled:UDP:5008:TCP Port 5008
"{4A1C0E96-57BE-452E-AF7F-091F90C57261}"= Disabled:UDP:5009:TCP Port 5009
"{100F41F8-F585-4646-A68B-6B8127D8BD2F}"= Disabled:UDP:5010:TCP Port 5010
"{00E7A0BB-596B-425F-AB1F-C81CC5B74D03}"= Disabled:UDP:5011:TCP Port 5011
"{D3027FAD-9E73-4AF6-BB9A-059FB12C1112}"= Disabled:UDP:5012:TCP Port 5012
"{F2038167-0D45-4B2A-81A7-D3BE00E148DC}"= Disabled:UDP:5013:TCP Port 5013
"{F9CB8C45-4364-4EAF-8649-06241A39232B}"= Disabled:UDP:5014:TCP Port 5014
"{3CC0A28C-F7D6-4BEB-998E-7B16B0362E01}"= Disabled:UDP:5015:TCP Port 5015
"{9ECD3593-5888-4DCC-A8F6-9DE8963F99C7}"= Disabled:UDP:5016:TCP Port 5016
"{8DD8D689-BE3B-4888-B67A-19ADF3377BA4}"= Disabled:UDP:5017:TCP Port 5017
"{90EA12F9-5E9D-4784-A2CD-728DD06DE54D}"= Disabled:UDP:5018:TCP Port 5018
"{B3B8BCAF-A16E-4B1A-B7DA-5942E52DCD11}"= Disabled:UDP:5019:TCP Port 5019
"{69E941F2-2A49-4FD0-BBBE-AEA6B7B326FF}"= Disabled:UDP:5020:TCP Port 5020
"{1222F712-0CA7-48D8-88F1-F3AD8844AA7B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{750B7EF7-BF46-4CE5-86F8-920AFD8AC67B}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{B94464CE-7871-4874-A165-8785A87819ED}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{36A8FF00-4CBD-4E59-B326-245F543D0A2B}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{53024115-0C23-4C76-918C-4726B46DB2CC}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{AE15E6DB-1415-42B3-874E-BA87BD5F1D78}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{F6B0E638-F171-4508-9D14-57957ECF9FED}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{2C8249CC-8D1A-4831-BA5B-3280C074C188}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E53613DE-8780-4B41-BA83-6439193FF899}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3FA74C07-D50D-492F-8B89-8D8150376E9C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CB2CA692-FAB9-40C6-B920-89E7A487DD64}c:\\users\\guigui\\desktop\\utorrent.exe"= UDP:c:\users\guigui\desktop\utorrent.exe:utorrent.exe
"UDP Query User{EA8F2C27-9B8E-457E-8617-01B0D4843854}c:\\users\\guigui\\desktop\\utorrent.exe"= TCP:c:\users\guigui\desktop\utorrent.exe:utorrent.exe
"TCP Query User{A75A3C34-6220-4A48-84DF-0DB65D20F1F8}c:\\program files\\soulseekns\\slsk.exe"= UDP:c:\program files\soulseekns\slsk.exe:SoulSeek
"UDP Query User{EE99BB11-6368-4547-BFF6-900E1FB1376F}c:\\program files\\soulseekns\\slsk.exe"= TCP:c:\program files\soulseekns\slsk.exe:SoulSeek
"{FC308FEC-8BAB-4DE0-8218-A76EE51F6858}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{08096C94-269F-4E32-88E1-0F14F7B3B012}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{7BF74C50-0B40-4098-B5A8-2ADBFE0A8F5A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{67024800-3936-4FF6-8FB9-51EB77D0DE59}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B201CE0A-09BD-4F2F-A255-A76D7FBF2D5C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{5185DAFD-FC81-45E0-AF8B-93718CF2BB00}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{44E6D9A9-0972-4A3D-A177-A933DEDA8232}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{41B92CC8-E053-4BCF-9C8E-470064FE7FCC}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{844C0EDD-8C21-47A5-BF91-5E97851C6C4C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6928E88A-7962-4030-BC18-94229A95C2C8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9F252313-1D26-4A71-8604-3A365E43E8DE}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{AA9F3BCB-4E00-4ADF-82A5-2A8AECA2AD9D}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5FFA7191-36BF-4019-87F9-7C3E0BA847E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{C246B0F9-13B8-4515-B832-626DB70BD96C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{BE7A3817-CAFF-40DD-87D2-320A21A7BBC8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBF61608-07F8-4E3C-A136-FFB4437EA519}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AE06B445-70D5-40BD-A33A-54F7744FDC9F}"= Disabled:UDP:c:\users\guigui\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
"{934558DA-5BE7-4370-8000-6EF802CA2594}"= Disabled:TCP:c:\users\guigui\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [13/04/2008 20:58 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [13/04/2008 20:58 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/03/2008 13:11 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/08/2009 22:13 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25/09/2009 17:03 1153368]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/08/2009 22:13 36608]
S2 gupdate1c9c4eaeea26020;Service Google Update (gupdate1c9c4eaeea26020);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 16:42 133104]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [14/02/2009 14:14 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [14/02/2009 14:14 67760]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/08/2009 22:13 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/08/2009 22:13 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/08/2009 22:13 121856]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 14:42]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 14:42]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: &Windows Live Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
Trusted Zone: chat-land.org
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mystart.hiyo.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
HKCU-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 11:12
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(816)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [408]
c:\windows\system32\csrss.exe [508]
c:\windows\system32\wininit.exe [560]
c:\windows\system32\csrss.exe [572]
c:\windows\system32\services.exe [608]
c:\windows\system32\lsass.exe [624]
c:\windows\system32\lsm.exe [632]
c:\windows\system32\winlogon.exe [708]
c:\windows\system32\svchost.exe [828]
c:\windows\system32\svchost.exe [928]
c:\windows\System32\svchost.exe [988]
c:\windows\System32\svchost.exe [1056]
c:\windows\System32\svchost.exe [1128]
c:\windows\system32\svchost.exe [1148]
c:\windows\system32\SLsvc.exe [1264]
c:\windows\system32\svchost.exe [1304]
c:\windows\system32\svchost.exe [1484]
c:\program files\Alwil Software\Avast4\aswUpdSv.exe [1584]
c:\program files\Alwil Software\Avast4\ashServ.exe [1600]
c:\windows\system32\Dwm.exe [1732]
c:\windows\System32\spoolsv.exe [1952]
c:\windows\system32\taskeng.exe [1972]
c:\windows\system32\svchost.exe [1992]
c:\windows\system32\taskeng.exe [600]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1624]
c:\program files\Bonjour\mDNSResponder.exe [1568]
c:\windows\system32\FsUsbExService.Exe [580]
c:\windows\system32\svchost.exe [2180]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2312]
c:\windows\system32\svchost.exe [2424]
c:\windows\System32\svchost.exe [2468]
c:\windows\system32\SearchIndexer.exe [2504]
c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2600]
c:\windows\system32\WUDFHost.exe [2872]
c:\program files\Alwil Software\Avast4\ashMaiSv.exe [2956]
c:\program files\Alwil Software\Avast4\ashWebSv.exe [3008]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [3464]
c:\windows\system32\CF14214.exe [4032]
c:\windows\System32\mobsync.exe [3896]
c:\program files\Windows Media Player\wmpnetwk.exe [4092]
c:\windows\system32\wbem\wmiprvse.exe [4060]
c:\windows\Explorer.exe [816]
c:\windows\servicing\TrustedInstaller.exe [3424]
c:\combofix\catchme.cfxxe [2236]
.
**************************************************************************
.
Heure de fin: 2009-09-27 11:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-27 09:17

Avant-CF: 207 140 061 184 octets libres
Après-CF: 207 278 075 904 octets libres

407 --- E O F --- 2009-09-25 13:53

Par contre sur la barre des taches ont été supprimé le logo avast qui tourne, et pas mal de choses aussi ?? comment les remettre ?

Merci

Réponse 35 / 48

Utilisateur anonyme

C'est bon pour ma barre des taches tout restauré

merci

Réponse 36 / 48

Ced_King Messages postés 3519 Date d'inscription Statut Contributeur Dernière intervention 572

Salut,

Termine avec Nathandre puisque tel est son désir

Réponse 37 / 48

Utilisateur anonyme

@ ced_king ; je ne t'ai jamais dis que je voulais terminer avec telle ou telle personne ! je veux me débarrasser de cette merde c'est tout ! d'ailleurs j'ai suivi tes instructions non ?

Réponse 38 / 48

Utilisateur anonyme

D'ailleurs j'ai mis en ligne le rapport COMBOFIX, que revoilà :

ComboFix 09-09-25.01 - guigui 27/09/2009 11:03.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.959.346 [GMT 2:00]
Lancé depuis: c:\users\guigui\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081126-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081126-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2390729158-2659823099-3483317427-500
c:\$recycle.bin\S-1-5-21-892459890-3911459558-1732268608-500
c:\recycler\S-1-5-21-1634630699-3612818655-1983656346-1113
c:\windows\Installer\21bb0.msi
c:\windows\system32\Microsoft\backup.ftp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-27 au 2009-09-27 ))))))))))))))))))))))))))))))))))))
.

2009-09-26 16:04 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-09-26 14:18 . 2009-09-26 14:18 -------- d-----w- C:\_OTM
2009-09-25 12:32 . 2009-09-25 12:32 -------- d-----w- c:\users\guigui\AppData\Roaming\Malwarebytes
2009-09-25 12:32 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 12:32 . 2009-09-25 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 12:32 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 11:11 . 2009-09-25 11:12 -------- d-----w- C:\ToolBar SD
2009-09-25 10:31 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-25 10:31 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-25 10:31 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-25 10:31 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-25 10:31 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-25 10:31 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-25 10:31 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-25 10:31 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-25 10:08 . 2009-09-25 10:50 -------- d-----w- c:\program files\trend micro
2009-09-25 10:08 . 2009-09-25 10:08 -------- d-----w- C:\rsit
2009-09-25 07:48 . 2009-09-25 08:31 -------- d-----w- c:\program files\Ad-Remover
2009-09-16 08:41 . 2009-08-13 13:40 43008 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-09-16 08:41 . 2009-08-13 13:39 340480 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-09-16 08:41 . 2009-08-13 13:39 346112 ----a-w- c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\ca-ES
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\eu-ES
2009-09-12 20:42 . 2009-09-12 20:43 -------- d-----w- c:\windows\system32\vi-VN
2009-09-12 20:24 . 2009-09-12 20:24 -------- d-----w- c:\windows\system32\EventProviders
2009-09-12 12:57 . 2009-09-12 12:57 -------- d-----w- c:\users\guigui\AppData\Local\Luminescence_Software
2009-09-12 12:39 . 2009-09-12 12:39 -------- d-----w- c:\program files\Luminescence
2009-09-12 12:39 . 2009-09-12 12:39 -------- d-----w- c:\program files\XiphCodecs
2009-09-12 12:38 . 2009-09-12 12:38 -------- d-----w- c:\users\guigui\AppData\Local\PackageAware
2009-09-11 08:22 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-11 08:19 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-11 08:19 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-11 08:19 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-11 08:19 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-11 08:19 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-11 08:19 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-11 08:19 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-11 08:19 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-11 08:19 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-11 08:19 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-11 08:19 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-09 08:22 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 08:22 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 08:22 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 08:22 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 08:22 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 08:22 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 08:22 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 08:22 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 08:22 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 08:22 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 08:22 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 08:21 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 08:21 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 08:21 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 08:21 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 08:21 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 08:21 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 08:21 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 08:21 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 08:21 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 08:21 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 08:21 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-03 04:46 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 04:45 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 09:12 . 2009-02-10 12:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-26 12:28 . 2008-09-19 09:25 -------- d-----w- c:\users\guigui\AppData\Roaming\uTorrent
2009-09-25 15:03 . 2007-09-12 18:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 08:41 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-25 08:41 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-23 19:21 . 2007-08-09 18:13 -------- d-----w- c:\program files\Java
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-12 20:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-12 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-11 14:38 . 2009-09-11 14:38 -------- d-----w- c:\program files\Free Audio Pack
2009-09-02 13:46 . 2009-07-29 10:17 409 ----a-w- c:\users\guigui\errorlog.tmp
2009-08-29 12:10 . 2008-01-06 01:03 -------- d-----w- c:\users\guigui\AppData\Roaming\Apple Computer
2009-08-27 18:41 . 2009-08-27 18:40 -------- d-----w- c:\program files\iTunes
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\program files\iPod
2009-08-27 18:40 . 2009-05-21 16:42 -------- d-----w- c:\program files\Common Files\Apple
2009-08-27 11:05 . 2009-08-27 11:05 604280 ----a-w- c:\users\guigui\AppData\Roaming\HiYo\Data\hiyo_install.exe
2009-08-17 16:10 . 2008-03-27 11:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2008-04-13 18:58 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-13 18:58 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2008-03-27 11:11 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2008-03-27 11:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-27 11:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2008-03-27 11:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-04 20:17 . 2007-03-14 23:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 20:17 . 2009-08-04 20:17 69632 ----a-w- c:\users\guigui\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
2009-08-04 20:14 . 2009-08-04 20:10 -------- d-----w- c:\program files\Samsung
2009-08-04 20:12 . 2009-08-04 20:12 -------- d-----w- c:\users\guigui\AppData\Roaming\Samsung
2009-08-04 20:11 . 2009-08-04 20:11 -------- d-----w- c:\program files\MarkAny
2009-08-04 20:11 . 2008-04-13 19:08 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-25 03:23 . 2008-12-01 18:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 16:01 . 2009-07-28 17:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-07-28 17:50 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-12 10:39 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-19 232184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2007-02-06 109304]
"MSConfig"="c:\windows\system32\msconfig.exe" [2008-01-18 227840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cd,e9,41,47,ea,33,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{181EA999-C529-4668-A1AB-C5EF04F1EA66}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E476EF29-65EF-4406-8EF3-67377FADBFE8}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{5E5B298F-CF97-495E-B2F7-D28C904144AD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A91D66CC-5EDE-4D07-A916-4625A43CDA1D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{BF2744D7-4231-4503-8189-DFDF8A52D1AC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{EB0A2E2E-F123-4E2F-BACC-F5620BD57EA2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C8839CE5-32B6-4C79-999E-5380643D38C3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D72B80C7-09BE-45AC-AE20-03FF4439D295}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{4E1C4C17-4F5F-4D95-BDFB-D1814FE21C8B}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{8A87273A-1764-4967-AC10-386D58671DB3}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2628EDFF-C951-4433-A265-8077BBF28A69}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{567D1DFC-7692-4F31-AA30-574150658B4A}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3E1CA7B5-30AC-43B0-BA41-FD50AFB8E495}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C0790857-CFD4-446B-A746-53046DC0A6B1}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{25B6EDB6-D0D8-47E2-AB06-DDB74BCA9C6E}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{D33986C3-FC31-46CF-9973-C57247064224}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{D9A40557-18C4-4122-A840-25B80C033212}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E574F3FC-734F-42D6-B041-842A31973825}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DA3C588C-3F46-4F6E-BB96-09A2BE2D873B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02249713-0122-468E-BFE4-94938B40F584}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{77C5E500-289E-415B-8E73-A85F2BB09137}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{CCB766BF-A139-457D-9C3D-8A0DAF1F5680}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{40819A87-A0F3-4505-8077-2FA7DD1A06EB}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{13979488-69CA-4700-9C40-F2A3C9832FBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BC0D52B8-3D87-4045-BB4A-B98C32DD5584}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{49357530-9AB9-4C63-BC87-8DCD3A4525B3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E617BDB5-F700-4529-8A29-941F6C7DF05C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F29E0E00-84D6-4053-919D-10D3861B6FFA}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{0C68F566-3D36-4789-B0E2-60886A2C43D9}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{F88B5A73-0B5C-48F2-AD81-01DC47DFA915}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{BA44D7CE-3E10-4678-8E10-2F6420C4F853}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{D6BD1DCC-F076-43BB-A37E-0DC7BD23BFBC}"= Disabled:UDP:135:TCP Port 135
"{3A10B8BF-2A33-4C1E-A4A9-1F8365E8D329}"= Disabled:UDP:5000:TCP Port 5000
"{4034644C-489A-4401-BEAF-31A9B268BC0E}"= Disabled:UDP:5001:TCP Port 5001
"{ADE47B5B-E943-4754-82FE-5772F31CE9FE}"= Disabled:UDP:5002:TCP Port 5002
"{C6244466-E2C3-4146-B4D6-4196DC9FE387}"= Disabled:UDP:5003:TCP Port 5003
"{8D6B5578-3B9C-4DD3-A814-52D65434604B}"= Disabled:UDP:5004:TCP Port 5004
"{8E1EA99A-E5BD-4457-A2F1-927140B9920E}"= Disabled:UDP:5005:TCP Port 5005
"{DE3ADC54-87DC-4E63-9898-12765FDEABF9}"= Disabled:UDP:5006:TCP Port 5006
"{29A070E2-77FD-42F0-A714-660E10775CE5}"= Disabled:UDP:5007:TCP Port 5007
"{E4340CE8-373D-4805-A41F-417B03EF6BF5}"= Disabled:UDP:5008:TCP Port 5008
"{4A1C0E96-57BE-452E-AF7F-091F90C57261}"= Disabled:UDP:5009:TCP Port 5009
"{100F41F8-F585-4646-A68B-6B8127D8BD2F}"= Disabled:UDP:5010:TCP Port 5010
"{00E7A0BB-596B-425F-AB1F-C81CC5B74D03}"= Disabled:UDP:5011:TCP Port 5011
"{D3027FAD-9E73-4AF6-BB9A-059FB12C1112}"= Disabled:UDP:5012:TCP Port 5012
"{F2038167-0D45-4B2A-81A7-D3BE00E148DC}"= Disabled:UDP:5013:TCP Port 5013
"{F9CB8C45-4364-4EAF-8649-06241A39232B}"= Disabled:UDP:5014:TCP Port 5014
"{3CC0A28C-F7D6-4BEB-998E-7B16B0362E01}"= Disabled:UDP:5015:TCP Port 5015
"{9ECD3593-5888-4DCC-A8F6-9DE8963F99C7}"= Disabled:UDP:5016:TCP Port 5016
"{8DD8D689-BE3B-4888-B67A-19ADF3377BA4}"= Disabled:UDP:5017:TCP Port 5017
"{90EA12F9-5E9D-4784-A2CD-728DD06DE54D}"= Disabled:UDP:5018:TCP Port 5018
"{B3B8BCAF-A16E-4B1A-B7DA-5942E52DCD11}"= Disabled:UDP:5019:TCP Port 5019
"{69E941F2-2A49-4FD0-BBBE-AEA6B7B326FF}"= Disabled:UDP:5020:TCP Port 5020
"{1222F712-0CA7-48D8-88F1-F3AD8844AA7B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{750B7EF7-BF46-4CE5-86F8-920AFD8AC67B}"= UDP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{B94464CE-7871-4874-A165-8785A87819ED}"= TCP:c:\windows\System32\lxcrcoms.exe:Lexmark Communications System
"{36A8FF00-4CBD-4E59-B326-245F543D0A2B}"= UDP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{53024115-0C23-4C76-918C-4726B46DB2CC}"= TCP:c:\program files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
"{AE15E6DB-1415-42B3-874E-BA87BD5F1D78}"= UDP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{F6B0E638-F171-4508-9D14-57957ECF9FED}"= TCP:c:\program files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
"{2C8249CC-8D1A-4831-BA5B-3280C074C188}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E53613DE-8780-4B41-BA83-6439193FF899}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3FA74C07-D50D-492F-8B89-8D8150376E9C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CB2CA692-FAB9-40C6-B920-89E7A487DD64}c:\\users\\guigui\\desktop\\utorrent.exe"= UDP:c:\users\guigui\desktop\utorrent.exe:utorrent.exe
"UDP Query User{EA8F2C27-9B8E-457E-8617-01B0D4843854}c:\\users\\guigui\\desktop\\utorrent.exe"= TCP:c:\users\guigui\desktop\utorrent.exe:utorrent.exe
"TCP Query User{A75A3C34-6220-4A48-84DF-0DB65D20F1F8}c:\\program files\\soulseekns\\slsk.exe"= UDP:c:\program files\soulseekns\slsk.exe:SoulSeek
"UDP Query User{EE99BB11-6368-4547-BFF6-900E1FB1376F}c:\\program files\\soulseekns\\slsk.exe"= TCP:c:\program files\soulseekns\slsk.exe:SoulSeek
"{FC308FEC-8BAB-4DE0-8218-A76EE51F6858}"= UDP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{08096C94-269F-4E32-88E1-0F14F7B3B012}"= TCP:c:\program files\Sony\Media Manager for WALKMAN\MediaManager.exe:Media Manager for WALKMAN 1.2
"{7BF74C50-0B40-4098-B5A8-2ADBFE0A8F5A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{67024800-3936-4FF6-8FB9-51EB77D0DE59}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B201CE0A-09BD-4F2F-A255-A76D7FBF2D5C}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{5185DAFD-FC81-45E0-AF8B-93718CF2BB00}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{44E6D9A9-0972-4A3D-A177-A933DEDA8232}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{41B92CC8-E053-4BCF-9C8E-470064FE7FCC}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{844C0EDD-8C21-47A5-BF91-5E97851C6C4C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6928E88A-7962-4030-BC18-94229A95C2C8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9F252313-1D26-4A71-8604-3A365E43E8DE}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{AA9F3BCB-4E00-4ADF-82A5-2A8AECA2AD9D}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5FFA7191-36BF-4019-87F9-7C3E0BA847E9}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{C246B0F9-13B8-4515-B832-626DB70BD96C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{BE7A3817-CAFF-40DD-87D2-320A21A7BBC8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CBF61608-07F8-4E3C-A136-FFB4437EA519}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AE06B445-70D5-40BD-A33A-54F7744FDC9F}"= Disabled:UDP:c:\users\guigui\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
"{934558DA-5BE7-4370-8000-6EF802CA2594}"= Disabled:TCP:c:\users\guigui\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [13/04/2008 20:58 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [13/04/2008 20:58 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/03/2008 13:11 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/08/2009 22:13 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25/09/2009 17:03 1153368]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/08/2009 22:13 36608]
S2 gupdate1c9c4eaeea26020;Service Google Update (gupdate1c9c4eaeea26020);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 16:42 133104]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [14/02/2009 14:14 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [14/02/2009 14:14 67760]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/08/2009 22:13 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/08/2009 22:13 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/08/2009 22:13 121856]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 14:42]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 14:42]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: &Windows Live Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
Trusted Zone: chat-land.org
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\guigui\AppData\Roaming\Mozilla\Firefox\Profiles\9mj1l21n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mystart.hiyo.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
HKCU-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 11:12
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(816)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [408]
c:\windows\system32\csrss.exe [508]
c:\windows\system32\wininit.exe [560]
c:\windows\system32\csrss.exe [572]
c:\windows\system32\services.exe [608]
c:\windows\system32\lsass.exe [624]
c:\windows\system32\lsm.exe [632]
c:\windows\system32\winlogon.exe [708]
c:\windows\system32\svchost.exe [828]
c:\windows\system32\svchost.exe [928]
c:\windows\System32\svchost.exe [988]
c:\windows\System32\svchost.exe [1056]
c:\windows\System32\svchost.exe [1128]
c:\windows\system32\svchost.exe [1148]
c:\windows\system32\SLsvc.exe [1264]
c:\windows\system32\svchost.exe [1304]
c:\windows\system32\svchost.exe [1484]
c:\program files\Alwil Software\Avast4\aswUpdSv.exe [1584]
c:\program files\Alwil Software\Avast4\ashServ.exe [1600]
c:\windows\system32\Dwm.exe [1732]
c:\windows\System32\spoolsv.exe [1952]
c:\windows\system32\taskeng.exe [1972]
c:\windows\system32\svchost.exe [1992]
c:\windows\system32\taskeng.exe [600]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1624]
c:\program files\Bonjour\mDNSResponder.exe [1568]
c:\windows\system32\FsUsbExService.Exe [580]
c:\windows\system32\svchost.exe [2180]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2312]
c:\windows\system32\svchost.exe [2424]
c:\windows\System32\svchost.exe [2468]
c:\windows\system32\SearchIndexer.exe [2504]
c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2600]
c:\windows\system32\WUDFHost.exe [2872]
c:\program files\Alwil Software\Avast4\ashMaiSv.exe [2956]
c:\program files\Alwil Software\Avast4\ashWebSv.exe [3008]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [3464]
c:\windows\system32\CF14214.exe [4032]
c:\windows\System32\mobsync.exe [3896]
c:\program files\Windows Media Player\wmpnetwk.exe [4092]
c:\windows\system32\wbem\wmiprvse.exe [4060]
c:\windows\Explorer.exe [816]
c:\windows\servicing\TrustedInstaller.exe [3424]
c:\combofix\catchme.cfxxe [2236]
.
**************************************************************************
.
Heure de fin: 2009-09-27 11:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-27 09:17

Avant-CF: 207 140 061 184 octets libres
Après-CF: 207 278 075 904 octets libres

407 --- E O F --- 2009-09-25 13:53

J'attends la suite de tes instructions

Réponse 39 / 48

Utilisateur anonyme

Ne me laisse pas tomber stp

Réponse 40 / 48

Utilisateur anonyme

HELP HELP

SOS

Utilisateur anonyme

salut
je pensais que Ced_King allait finir
as tu encore des problèmes ?

Help ; MyWay.MyWebsearch

48 réponses

Votre réponse

Newsletters