Nombre impressionnant de virus
Résolu
Luspha
-
Luspha Messages postés 12 Statut Membre -
Luspha Messages postés 12 Statut Membre -
Bonjour,
Je me suis retrouvé avec 27virus ce soir, et impossible de les supprimer, seul un programe "security tool" peut les supprimer mais il est payant. CErtains sont très flippant du genre: "peut récupérer vos n° de carte de credit"
Jai fait une réinitialisation du système, mais maintenant il me dit que j'ai encore plus de virus. Je ne sais plus quoi faire :/
merci
Je me suis retrouvé avec 27virus ce soir, et impossible de les supprimer, seul un programe "security tool" peut les supprimer mais il est payant. CErtains sont très flippant du genre: "peut récupérer vos n° de carte de credit"
Jai fait une réinitialisation du système, mais maintenant il me dit que j'ai encore plus de virus. Je ne sais plus quoi faire :/
merci
A voir également:
- Nombre impressionnant de virus
- Nombre de jours entre deux dates excel - Guide
- Virus mcafee - Accueil - Piratage
- Nombre facile - Télécharger - Outils professionnels
- Nombre de page - Guide
- Gto nombre episode - Forum Cinéma / Télé
45 réponses
Voila:
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 15/01/2010 00:14:24
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-00-14-24.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
(Néant)
Valeur du Registre :
(Néant)
Elément de données du Registre :
O20 - AppInit_DLLs: C:\Windows\system32\0023.DLL => Donnée supprimée avec succès
Dossier :
C:\Program Files\AskBarDis => Fichier supprimé au reboot
C:\Program Files\Dealio Toolbar => Dossier absent
Fichier :
c:\program files\daemon tools toolbar\dttoolbar.dll => Fichier absent
c:\windows\system32\0023.dll => Fichier absent
Logiciel :
O42 - Logiciel: DAEMON Tools Toolbar => Logiciel absent
O42 - Logiciel: Dealio Toolbar v4.0.1 => Logiciel supprimé avec succès
O42 - Logiciel: Search Settings 1.2.2 => Logiciel supprimé avec succès
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 1
Dossier : 2
Fichier : 2
Logiciel : 3
Autre : 0
End of the scan
ZHPFix v1.12.26 by Nicolas Coolman - Rapport de suppression du 15/01/2010 00:14:24
Fichier d'export Registre : C:\ZHPExportRegistry-15-01-2010-00-14-24.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Processus mémoire :
(Néant)
Module mémoire :
(Néant)
Clé du Registre :
(Néant)
Valeur du Registre :
(Néant)
Elément de données du Registre :
O20 - AppInit_DLLs: C:\Windows\system32\0023.DLL => Donnée supprimée avec succès
Dossier :
C:\Program Files\AskBarDis => Fichier supprimé au reboot
C:\Program Files\Dealio Toolbar => Dossier absent
Fichier :
c:\program files\daemon tools toolbar\dttoolbar.dll => Fichier absent
c:\windows\system32\0023.dll => Fichier absent
Logiciel :
O42 - Logiciel: DAEMON Tools Toolbar => Logiciel absent
O42 - Logiciel: Dealio Toolbar v4.0.1 => Logiciel supprimé avec succès
O42 - Logiciel: Search Settings 1.2.2 => Logiciel supprimé avec succès
Script Registre :
(Néant)
Autre :
(Néant)
Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 0
Elément de données du Registre : 1
Dossier : 2
Fichier : 2
Logiciel : 3
Autre : 0
End of the scan
euh jai posté le rapport et j'ai eu confirmation du site comment ça marche, mais apparament il veut pas se poster
Le rapport est maintenant visible ;)
Fais redémarrer ton ordinateur, puis poste un nouveau rapport ZHPDiag stp
Fais redémarrer ton ordinateur, puis poste un nouveau rapport ZHPDiag stp
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pourtant je vois bien ton dernier message.
Peux-tu réessayer stp ? Si ça ne fonctionne pas, inscris toi au site et envoie moi le rapport par message privé, j'essayerai de le poster moi-même et on continuera ;)
Peux-tu réessayer stp ? Si ça ne fonctionne pas, inscris toi au site et envoie moi le rapport par message privé, j'essayerai de le poster moi-même et on continuera ;)
XD c'est exactement ce que je viens de faire ^^
Euh par contre, ya pas de problème avec les mots de passes rentrés, le backdoor etc...? Je veux dire par la, ca va pas envoyer ces informations à une personne tierce ?
Euh par contre, ya pas de problème avec les mots de passes rentrés, le backdoor etc...? Je veux dire par la, ca va pas envoyer ces informations à une personne tierce ?
Je n'ai toujours pas de rapport ^^
D'après ce que j'ai pu voir, aucune des infections qu'il y avait sur ton ordinateur n'est connue pour récupérer des mots de passe... Mais par précaution, tu peux changer les plus importants (ceux de ta banque, de sites de paiement en ligne etc...)
D'après ce que j'ai pu voir, aucune des infections qu'il y avait sur ton ordinateur n'est connue pour récupérer des mots de passe... Mais par précaution, tu peux changer les plus importants (ceux de ta banque, de sites de paiement en ligne etc...)
Bonjour,
Hier j'ai essayer de te PM mais il me disait toujours "message déjà envoyer"
Voila le ZHPdiag
Merci ^^
http://www.cijoint.fr/cjlink.php?file=cj201001/cij8qcFqSI.txt
Hier j'ai essayer de te PM mais il me disait toujours "message déjà envoyer"
Voila le ZHPdiag
Merci ^^
http://www.cijoint.fr/cjlink.php?file=cj201001/cij8qcFqSI.txt
Certains éléments de la barre d'outil Ask résistent, on va faire un script pour s'en débarrasser :
/!\ Attention /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Télécharge ce dossier luspha.zip sur ton Bureau également
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
/!\ Attention /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Télécharge ce dossier luspha.zip sur ton Bureau également
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
Voila
ComboFix 10-01-15.01 - Luspha 15/01/2010 21:15:32.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2014 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- Mode FONCTIONNALITES REDUITES -
FILE ::
"c:\program files\AskBarDis"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-15 au 2010-01-15 ))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:07 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2010-01-15 17:07 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2010-01-15 17:07 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2010-01-15 17:07 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2010-01-15 17:07 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 21:05 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-14 18:20 . 2010-01-14 18:20 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\naveng.sys
2010-01-14 18:20 . 2010-01-14 18:20 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\eeCtrl.sys
2010-01-14 18:20 . 2010-01-14 18:20 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\cceraser.dll
2010-01-14 18:20 . 2010-01-14 18:20 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\ecmsvr32.dll
2010-01-14 18:20 . 2010-01-14 18:20 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\naveng32.dll
2010-01-14 18:20 . 2010-01-14 18:20 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\navex32a.dll
2010-01-14 18:20 . 2010-01-14 18:20 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\navex15.sys
2010-01-14 18:20 . 2010-01-14 18:20 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\eraser.sys
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:51 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-14 16:51 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-14 16:51 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-14 16:51 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-14 16:51 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:49 . 2010-01-11 16:32 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-14 00:49 . 2010-01-11 16:33 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2010-01-14 21:05 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:52 . 2010-01-13 22:52 57856 ---h--w- c:\users\Luspha\dsjtbqb.exe
2010-01-13 22:52 . 2010-01-13 22:52 57856 ----a-w- c:\windows\system32\cmylya.exe
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 15:42 . 2010-01-13 15:42 1164624 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\cache\2010-01-13\wlsetup-custom (deleted 4b4de9da-11c550-157005e280d).exe
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 21:14 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-15 20:27 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-15 20:27 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 17:30 . 2009-07-28 02:02 -------- d-----w- c:\program files\AskBarDis
2010-01-14 02:17 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 20:48 . 2008-11-13 05:52 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-30 20:48 . 2008-11-13 05:52 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-12-30 20:48 . 2008-11-13 05:52 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-12-30 20:48 . 2008-11-13 05:52 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-12-30 20:48 . 2008-11-13 05:52 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EPSON Stylus SX400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luspha\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-9 26805255]
Logitech . Enregistrement du produit.lnk - c:\program files\Common Files\Logishrd\eReg\Common\eReg.exe [2009-4-8 517384]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 18:07 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [28/07/2009 03:02 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [28/07/2009 03:02 234888]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [26/07/2009 17:26 110576]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 22:13
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9aa322
\Driver\ACPI -> acpi.sys @ 0x805b6d4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4516)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-01-15 22:18:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-15 21:18
Avant-CF: 270 671 798 272 octets libres
Après-CF: 270 518 214 656 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A1C8B1DCAF3877B15971E92912D81512
ComboFix 10-01-15.01 - Luspha 15/01/2010 21:15:32.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2014 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- Mode FONCTIONNALITES REDUITES -
FILE ::
"c:\program files\AskBarDis"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-15 au 2010-01-15 ))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:07 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2010-01-15 17:07 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2010-01-15 17:07 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2010-01-15 17:07 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2010-01-15 17:07 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 21:05 . 2009-08-26 00:09 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-14 18:20 . 2010-01-14 18:20 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\naveng.sys
2010-01-14 18:20 . 2010-01-14 18:20 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\eeCtrl.sys
2010-01-14 18:20 . 2010-01-14 18:20 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\cceraser.dll
2010-01-14 18:20 . 2010-01-14 18:20 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\ecmsvr32.dll
2010-01-14 18:20 . 2010-01-14 18:20 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\naveng32.dll
2010-01-14 18:20 . 2010-01-14 18:20 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\navex32a.dll
2010-01-14 18:20 . 2010-01-14 18:20 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\navex15.sys
2010-01-14 18:20 . 2010-01-14 18:20 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\eraser.sys
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:51 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-14 16:51 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-14 16:51 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-14 16:51 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-14 16:51 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:49 . 2010-01-11 16:32 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-14 00:49 . 2010-01-11 16:33 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2010-01-14 21:05 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:52 . 2010-01-13 22:52 57856 ---h--w- c:\users\Luspha\dsjtbqb.exe
2010-01-13 22:52 . 2010-01-13 22:52 57856 ----a-w- c:\windows\system32\cmylya.exe
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 15:42 . 2010-01-13 15:42 1164624 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\cache\2010-01-13\wlsetup-custom (deleted 4b4de9da-11c550-157005e280d).exe
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 21:14 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-15 20:27 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-15 20:27 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 17:30 . 2009-07-28 02:02 -------- d-----w- c:\program files\AskBarDis
2010-01-14 02:17 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 20:48 . 2008-11-13 05:52 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-30 20:48 . 2008-11-13 05:52 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-12-30 20:48 . 2008-11-13 05:52 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-12-30 20:48 . 2008-11-13 05:52 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-12-30 20:48 . 2008-11-13 05:52 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"EPSON Stylus SX400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE" [2007-12-17 188928]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luspha\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-10-9 26805255]
Logitech . Enregistrement du produit.lnk - c:\program files\Common Files\Logishrd\eReg\Common\eReg.exe [2009-4-8 517384]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 18:07 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [28/07/2009 03:02 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [28/07/2009 03:02 234888]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [26/07/2009 17:26 110576]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 22:13
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9aa322
\Driver\ACPI -> acpi.sys @ 0x805b6d4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4516)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-01-15 22:18:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-15 21:18
Avant-CF: 270 671 798 272 octets libres
Après-CF: 270 518 214 656 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A1C8B1DCAF3877B15971E92912D81512
J'ai fait une petite erreur dans le script, j'ai utilisé une commande pour supprimer un fichier alors qu'il s'agit d'un dossier...
Refais la même manipulation avec ce script stp
Refais la même manipulation avec ce script stp
ComboFix 10-01-15.01 - Luspha 16/01/2010 17:48:16.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2180 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-16 au 2010-01-16 ))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:53 . 2010-01-16 16:55 -------- d-----w- c:\users\Luspha\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:52 . 2010-01-13 22:52 57856 ---h--w- c:\users\Luspha\dsjtbqb.exe
2010-01-13 22:52 . 2010-01-13 22:52 57856 ----a-w- c:\windows\system32\cmylya.exe
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:32 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-16 11:57 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-16 11:57 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-16 11:52 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-16 03:01 . 2009-07-28 19:20 -------- d-----w- c:\program files\Warcraft III
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 21:05 . 2010-01-14 00:09 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 18:20 . 2010-01-16 12:02 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG.SYS
2010-01-14 18:20 . 2010-01-16 12:02 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\EECTRL.SYS
2010-01-14 18:20 . 2010-01-16 12:02 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\CCERASER.DLL
2010-01-14 18:20 . 2010-01-16 12:02 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ECMSVR32.DLL
2010-01-14 18:20 . 2010-01-16 12:02 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG32.DLL
2010-01-14 18:20 . 2010-01-16 12:02 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX32A.DLL
2010-01-14 18:20 . 2010-01-16 12:02 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX15.SYS
2010-01-14 18:20 . 2010-01-16 12:02 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ERASER.SYS
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:55 . 2009-10-18 16:50 -------- d-----w- c:\users\Luspha\AppData\Roaming\Winamp
2010-01-13 23:55 . 2009-08-13 22:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\Ventrilo
2010-01-13 23:55 . 2009-08-31 21:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\fretsonfire
2010-01-13 23:55 . 2009-08-16 19:00 -------- d-----w- c:\users\Luspha\AppData\Roaming\Audacity
2010-01-13 23:55 . 2009-08-04 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\Hamachi
2010-01-13 23:55 . 2009-08-02 01:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\dvdcss
2010-01-13 23:55 . 2009-07-28 02:03 -------- d-----w- c:\users\Luspha\AppData\Roaming\Azureus
2010-01-13 23:55 . 2009-08-31 18:16 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 23:55 . 2009-08-03 01:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 23:55 . 2009-07-27 17:30 -------- d-----w- c:\program files\Garena
2010-01-13 23:55 . 2009-03-16 12:59 -------- d-----w- c:\program files\Google
2010-01-13 23:55 . 2009-10-24 21:46 -------- d-----w- c:\program files\Common Files\Real
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-11 16:33 . 2010-01-14 00:49 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-01-14 00:49 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 18:07 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [26/07/2009 17:26 110576]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.search.selectedEngine - Recherche de vidéos YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 17:56
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7a5322
\Driver\ACPI -> acpi.sys @ 0x805afd4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-01-16 18:01:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-16 17:01
ComboFix2.txt 2010-01-15 21:18
Avant-CF: 270 298 701 824 octets libres
Après-CF: 270 034 706 432 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 134AAD5C3AA09283F403E35D6114C1A0
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2180 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-16 au 2010-01-16 ))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:53 . 2010-01-16 16:55 -------- d-----w- c:\users\Luspha\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-16 16:53 . 2010-01-16 16:53 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 22:52 . 2010-01-13 22:52 57856 ---h--w- c:\users\Luspha\dsjtbqb.exe
2010-01-13 22:52 . 2010-01-13 22:52 57856 ----a-w- c:\windows\system32\cmylya.exe
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:32 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-16 11:57 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-16 11:57 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-16 11:52 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-16 03:01 . 2009-07-28 19:20 -------- d-----w- c:\program files\Warcraft III
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 21:05 . 2010-01-14 00:09 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 18:20 . 2010-01-16 12:02 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG.SYS
2010-01-14 18:20 . 2010-01-16 12:02 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\EECTRL.SYS
2010-01-14 18:20 . 2010-01-16 12:02 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\CCERASER.DLL
2010-01-14 18:20 . 2010-01-16 12:02 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ECMSVR32.DLL
2010-01-14 18:20 . 2010-01-16 12:02 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG32.DLL
2010-01-14 18:20 . 2010-01-16 12:02 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX32A.DLL
2010-01-14 18:20 . 2010-01-16 12:02 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX15.SYS
2010-01-14 18:20 . 2010-01-16 12:02 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ERASER.SYS
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:55 . 2009-10-18 16:50 -------- d-----w- c:\users\Luspha\AppData\Roaming\Winamp
2010-01-13 23:55 . 2009-08-13 22:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\Ventrilo
2010-01-13 23:55 . 2009-08-31 21:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\fretsonfire
2010-01-13 23:55 . 2009-08-16 19:00 -------- d-----w- c:\users\Luspha\AppData\Roaming\Audacity
2010-01-13 23:55 . 2009-08-04 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\Hamachi
2010-01-13 23:55 . 2009-08-02 01:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\dvdcss
2010-01-13 23:55 . 2009-07-28 02:03 -------- d-----w- c:\users\Luspha\AppData\Roaming\Azureus
2010-01-13 23:55 . 2009-08-31 18:16 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 23:55 . 2009-08-03 01:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 23:55 . 2009-07-27 17:30 -------- d-----w- c:\program files\Garena
2010-01-13 23:55 . 2009-03-16 12:59 -------- d-----w- c:\program files\Google
2010-01-13 23:55 . 2009-10-24 21:46 -------- d-----w- c:\program files\Common Files\Real
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-11 16:33 . 2010-01-14 00:49 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-01-14 00:49 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 18:07 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 7168]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [26/07/2009 17:26 110576]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.search.selectedEngine - Recherche de vidéos YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 17:56
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7a5322
\Driver\ACPI -> acpi.sys @ 0x805afd4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-01-16 18:01:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-16 17:01
ComboFix2.txt 2010-01-15 21:18
Avant-CF: 270 298 701 824 octets libres
Après-CF: 270 034 706 432 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 134AAD5C3AA09283F403E35D6114C1A0
Euh j'ai lancé comboFX sans problème et j'ai eu le rapport, mais impossible de relancer internet (mozilla firefox) il me dit que le registre est en cours de suppression :/
Jviens de redémarrer et c'est bon, voila le rapport combo FX:
ComboFix 10-01-16.04 - Luspha 17/01/2010 21:13:34.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2086 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Luspha\dsjtbqb.exe"
"c:\windows\system32\cmylya.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Partner
c:\programdata\Partner\partner.dll
c:\programdata\Partner\partner.exe
c:\users\Luspha\dsjtbqb.exe
c:\windows\system32\cmylya.exe
----- BITS: Il y a peut-être des sites infectés -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Partner Service
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))
.
2010-01-17 20:21 . 2010-01-17 20:23 -------- d-----w- c:\users\Luspha\AppData\Local\temp
2010-01-17 20:21 . 2010-01-17 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-17 20:21 . 2010-01-17 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 20:16 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-17 20:16 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-17 10:51 . 2009-07-28 02:03 -------- d-----w- c:\users\Luspha\AppData\Roaming\Azureus
2010-01-17 05:27 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-17 02:45 . 2009-07-28 19:20 -------- d-----w- c:\program files\Warcraft III
2010-01-16 11:52 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 21:05 . 2010-01-14 00:09 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 18:20 . 2010-01-17 01:53 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVENG.SYS
2010-01-14 18:20 . 2010-01-17 01:53 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\EECTRL.SYS
2010-01-14 18:20 . 2010-01-17 01:53 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\CCERASER.DLL
2010-01-14 18:20 . 2010-01-17 01:53 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\ECMSVR32.DLL
2010-01-14 18:20 . 2010-01-17 01:53 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVENG32.DLL
2010-01-14 18:20 . 2010-01-17 01:53 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVEX32A.DLL
2010-01-14 18:20 . 2010-01-17 01:53 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVEX15.SYS
2010-01-14 18:20 . 2010-01-17 01:53 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\ERASER.SYS
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:55 . 2009-10-18 16:50 -------- d-----w- c:\users\Luspha\AppData\Roaming\Winamp
2010-01-13 23:55 . 2009-08-13 22:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\Ventrilo
2010-01-13 23:55 . 2009-08-31 21:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\fretsonfire
2010-01-13 23:55 . 2009-08-16 19:00 -------- d-----w- c:\users\Luspha\AppData\Roaming\Audacity
2010-01-13 23:55 . 2009-08-04 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\Hamachi
2010-01-13 23:55 . 2009-08-02 01:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\dvdcss
2010-01-13 23:55 . 2009-08-31 18:16 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 23:55 . 2009-08-03 01:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 23:55 . 2009-07-27 17:30 -------- d-----w- c:\program files\Garena
2010-01-13 23:55 . 2009-03-16 12:59 -------- d-----w- c:\program files\Google
2010-01-13 23:55 . 2009-10-24 21:46 -------- d-----w- c:\program files\Common Files\Real
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-11 16:33 . 2010-01-14 00:49 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-01-14 00:49 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys [17/01/2010 02:53 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 21:23
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7b0322
\Driver\ACPI -> acpi.sys @ 0x805aed4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5696)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-01-17 21:29:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-17 20:29
ComboFix2.txt 2010-01-16 17:01
ComboFix3.txt 2010-01-15 21:18
Avant-CF: 262 610 685 952 octets libres
Après-CF: 262 501 924 864 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C349DD64BD9D39A90CA9CABF81111B51
ComboFix 10-01-16.04 - Luspha 17/01/2010 21:13:34.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3071.2086 [GMT 1:00]
Lancé depuis: c:\users\Luspha\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Luspha\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Luspha\dsjtbqb.exe"
"c:\windows\system32\cmylya.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Partner
c:\programdata\Partner\partner.dll
c:\programdata\Partner\partner.exe
c:\users\Luspha\dsjtbqb.exe
c:\windows\system32\cmylya.exe
----- BITS: Il y a peut-être des sites infectés -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Partner Service
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-17 au 2010-01-17 ))))))))))))))))))))))))))))))))))))
.
2010-01-17 20:21 . 2010-01-17 20:23 -------- d-----w- c:\users\Luspha\AppData\Local\temp
2010-01-17 20:21 . 2010-01-17 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-17 20:21 . 2010-01-17 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 00:54 . 2010-01-15 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\GlarySoft
2010-01-14 22:44 . 2010-01-14 22:45 -------- d-----w- c:\program files\Glary Utilities
2010-01-14 17:30 . 2010-01-14 17:32 -------- d-----w- C:\ToolBar SD
2010-01-14 16:35 . 2010-01-14 17:05 -------- d-----w- C:\UsbFix
2010-01-14 12:41 . 2010-01-14 12:41 -------- d-----w- C:\Temp
2010-01-14 03:33 . 2010-01-14 03:33 -------- d-----w- C:\found.001
2010-01-14 01:25 . 2010-01-14 15:49 -------- d-----w- c:\program files\Spyware Doctor
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\Malwarebytes
2010-01-14 01:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 01:16 . 2010-01-14 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 01:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:56 . 2010-01-14 23:12 -------- d-----w- c:\program files\ZHPDiag
2010-01-14 00:51 . 2010-01-14 20:46 -------- d-----w- c:\users\Luspha\AppData\Roaming\QuickScan
2010-01-14 00:32 . 2010-01-14 00:32 -------- d-----w- C:\rsit
2010-01-14 00:28 . 2010-01-14 00:28 -------- d-----w- c:\program files\Trend Micro
2010-01-14 00:10 . 2010-01-14 00:10 -------- d-----w- c:\users\Luspha\AppData\Local\Symantec
2010-01-14 00:09 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-14 00:09 . 2010-01-14 21:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-14 00:09 . 2010-01-14 21:06 -------- d-----w- c:\program files\Symantec
2010-01-14 00:09 . 2010-01-14 00:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 19:49 . 2010-01-13 19:49 -------- d-----w- c:\program files\Panel-stunt
2010-01-13 14:23 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:23 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Logitech
2010-01-04 11:19 . 2010-01-04 11:19 -------- d-----w- c:\users\Luspha\AppData\Roaming\Leadertech
2010-01-04 11:16 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-04 11:16 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-04 11:16 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-04 11:16 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-04 11:16 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\programdata\Logitech
2010-01-04 11:16 . 2010-01-04 11:19 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-04 11:16 . 2010-01-04 11:16 -------- d-----w- c:\program files\Logitech
2010-01-04 11:15 . 2010-01-04 11:15 -------- d-----w- c:\programdata\LogiShrd
2010-01-02 01:18 . 2010-01-02 01:18 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 20:16 . 2008-01-21 08:40 684170 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-17 20:16 . 2008-01-21 08:40 128226 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-17 10:51 . 2009-07-28 02:03 -------- d-----w- c:\users\Luspha\AppData\Roaming\Azureus
2010-01-17 05:27 . 2009-07-26 22:06 -------- d-----w- c:\users\Luspha\AppData\Roaming\vlc
2010-01-17 02:45 . 2009-07-28 19:20 -------- d-----w- c:\program files\Warcraft III
2010-01-16 11:52 . 2009-11-08 15:29 -------- d-----w- c:\users\Luspha\AppData\Roaming\Dropbox
2010-01-15 01:55 . 2009-08-16 13:22 -------- d-----w- c:\program files\Lavalys
2010-01-14 21:06 . 2010-01-14 00:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-14 21:06 . 2010-01-14 00:09 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-14 21:05 . 2010-01-14 00:09 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-14 18:36 . 2009-11-02 21:56 -------- d-----w- c:\users\Luspha\AppData\Roaming\uTorrent
2010-01-14 18:20 . 2010-01-17 01:53 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVENG.SYS
2010-01-14 18:20 . 2010-01-17 01:53 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\EECTRL.SYS
2010-01-14 18:20 . 2010-01-17 01:53 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\CCERASER.DLL
2010-01-14 18:20 . 2010-01-17 01:53 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\ECMSVR32.DLL
2010-01-14 18:20 . 2010-01-17 01:53 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVENG32.DLL
2010-01-14 18:20 . 2010-01-17 01:53 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVEX32A.DLL
2010-01-14 18:20 . 2010-01-17 01:53 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\NAVEX15.SYS
2010-01-14 18:20 . 2010-01-17 01:53 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\ERASER.SYS
2010-01-14 00:10 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Symantec
2010-01-14 00:09 . 2008-11-13 05:52 -------- d-----w- c:\programdata\Norton
2010-01-13 23:55 . 2009-10-18 16:50 -------- d-----w- c:\users\Luspha\AppData\Roaming\Winamp
2010-01-13 23:55 . 2009-08-13 22:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\Ventrilo
2010-01-13 23:55 . 2009-08-31 21:16 -------- d-----w- c:\users\Luspha\AppData\Roaming\fretsonfire
2010-01-13 23:55 . 2009-08-16 19:00 -------- d-----w- c:\users\Luspha\AppData\Roaming\Audacity
2010-01-13 23:55 . 2009-08-04 00:54 -------- d-----w- c:\users\Luspha\AppData\Roaming\Hamachi
2010-01-13 23:55 . 2009-08-02 01:38 -------- d-----w- c:\users\Luspha\AppData\Roaming\dvdcss
2010-01-13 23:55 . 2009-08-31 18:16 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 23:55 . 2009-08-03 01:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 23:55 . 2009-07-27 17:30 -------- d-----w- c:\program files\Garena
2010-01-13 23:55 . 2009-03-16 12:59 -------- d-----w- c:\program files\Google
2010-01-13 23:55 . 2009-10-24 21:46 -------- d-----w- c:\program files\Common Files\Real
2010-01-13 23:09 . 2009-08-03 18:12 -------- d-----w- c:\program files\Steam
2010-01-11 16:33 . 2010-01-14 00:49 789320 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-01-14 00:49 698184 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-04 12:02 . 2009-09-22 16:51 -------- d-----w- c:\program files\Diablo II
2010-01-04 11:19 . 2010-01-04 11:19 53248 ----a-r- c:\users\Luspha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-04 11:17 . 2010-01-04 11:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-04 11:16 . 2008-11-13 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 00:11 . 2009-12-25 00:11 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 01:23 . 2009-07-28 02:02 -------- d-----w- c:\program files\Vuze
2009-12-10 21:32 . 2009-07-27 17:18 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 14:19 . 2009-07-26 16:32 73936 ----a-w- c:\users\Luspha\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 14:15 . 2008-11-13 05:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-10 02:01 . 2008-11-13 05:33 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 14:49 . 2009-12-08 14:49 -------- d-----w- c:\program files\Fiddler2
2009-12-04 18:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\users\Luspha\AppData\Roaming\Microsoft Game Studios
2009-11-23 23:00 . 2009-07-27 21:46 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Microsoft
2009-11-21 06:40 . 2009-12-09 21:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 10:48 . 2009-12-01 01:27 872960 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-12-01 01:27 43008 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-12-01 01:27 340480 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-12-01 01:27 346624 ----a-w- c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-09 13:22 . 2009-12-12 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 02:00 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:29 . 2009-11-08 15:29 89962 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\Uninstall.exe
2009-11-03 19:53 . 2009-11-03 19:53 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-02 19:42 . 2009-10-03 12:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 02:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 21:46 . 2009-10-24 21:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 12:56 . 2009-10-24 12:56 680960 ----a-w- c:\windows\is-369J6.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-10-24 21:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-10-24 21:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-10-24 21:18 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\ES\~WRL0005.tmp
2008-09-19 09:30 . 2008-11-13 13:32 332800 --sha-w- c:\windows\System32\oobe\INFO\Lang\S0\~WRL0005.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-12-14 102712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13584928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160]
c:\users\Luspha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-4 805392]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-26 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [26/07/2009 22:40 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [14/01/2010 22:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [14/01/2010 22:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [14/01/2010 22:05 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSvix86.sys [17/01/2010 02:53 343088]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 18:18 108289]
R2 ETService;Empowering Technology Service;c:\program files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe [16/03/2009 14:00 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [14/01/2010 22:05 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [26/07/2009 22:40 180224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2010 17:51 102448]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [26/07/2009 22:40 288768]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [14/01/2010 22:06 48688]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 22:09 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-14 11:09]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 21:09]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Luspha\AppData\Roaming\Mozilla\Firefox\Profiles\r4keplu2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 21:23
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8552A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a7b0322
\Driver\ACPI -> acpi.sys @ 0x805aed4c
\Driver\atapi -> 0x855291f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5696)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Luspha\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-01-17 21:29:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-17 20:29
ComboFix2.txt 2010-01-16 17:01
ComboFix3.txt 2010-01-15 21:18
Avant-CF: 262 610 685 952 octets libres
Après-CF: 262 501 924 864 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - C349DD64BD9D39A90CA9CABF81111B51
Voila:
Rapport de ZHPDiag v1.24.44 par Nicolas Coolman
Run by Luspha at 18/01/2010 18:05:39
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v8.0.6001.18865
MFIE: Mozilla Firefox (3.5.7)
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (59% free)
System drive C: has 243 GB (41%) free of 583 GB
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 243 Go of 583 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - C:\Program Files\Windows Defender\MSASCui.exe
[MD5.CB2B9EB1447D8A264E46948DF46C1212] - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
[MD5.3103FE27C967675B019E880AA6DA3D6D] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.29BE51557A3E686B297BE273EB17CA67] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[MD5.BF08674925F151BD4537B89A493E3E0C] - C:\Windows\ehome\ehTray.exe
[MD5.98787ADB268351E0CBBD517D114CE9D1] - C:\Program Files\Glary Utilities\memdefrag.exe
[MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.35937EAD711207544E219C2A19A78A7D] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[MD5.3794B461C45882E06856F282EEF025AF] - C:\Windows\system32\svchost.exe
[MD5.9015BC03F62940527EC92D45EE89E46F] - C:\Program Files\Avira\AntiVir Desktop\sched.exe
[MD5.B8720A787C1223492E6F319465E996CE] - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[MD5.23112102BC2A8FE44B8AC44A05BDF4C3] - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
[MD5.626A24ED1228580B9518C01930936DF9] - C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.40D7D0A208EE863BCA8D89E299216F15] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[MD5.EE215321E83BE72AB77B6627FD149EAE] - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
[MD5.7BEF9FB934C452D532283D470E8B37CC] - C:\Windows\system32\nvvsvc.exe
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - C:\Windows\system32\IoctlSvc.exe
[MD5.A911ECAC81F94ADEAFBE8E3F7873EDB0] - C:\Windows\system32\lsass.exe
[MD5.42660BBED859AC22DFD12AE598A8FFAA] - C:\Windows\System32\WinService.exe
[MD5.0BA91E1358AD25236863039BB2609A2E] - C:\Windows\system32\SLsvc.exe
[MD5.846CDF9A3CF4DA9B306ADFB7D55EE4C2] - C:\Windows\System32\spoolsv.exe
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKCU\..\policies\Explorer: [NoLogoff] Data=0
O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKCU\..\policies\Explorer: [NoDrives] Data=0
O4 - Global Startup: Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\IE_Toolbar.ico"
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File - C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File - C:\Windows\system32\winrnr.dll
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Empowering Technology Service (ETService) - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (Norton Internet Security) - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll" /prefetch:1
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SCM_Service (SCM_Service) - C:\Windows\System32\WinService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Macromed\Director\SwDir.dll
O40 - ASIC: Adobe Shockwave Director 10.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.8 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Ancilliary Function Driver for Winsock (AFD) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Symantec Heuristics Driver (BHDrvx86) - C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys
O41 - Driver: Symantec Hash Provider (ccHP) - C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys
O41 - Driver: Pilote de CD-ROM (cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: @%systemroot%\system32\drivers\dfsc.sys,-101 (DfsC) - C:\WINDOWS\System32\Drivers\dfsc.sys
O41 - Driver: Symantec Eraser Control driver (eeCtrl) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: IDSVix86 (IDSVix86) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvix86.sys
O41 - Driver: Pilote de la classe Clavier (kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NETBT (netbt) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: NSI proxy service (nsiproxy) - C:\WINDOWS\system32\drivers\nsiproxy.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Redirected Buffering Sub Sysytem (rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: RDPCDD (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: RDP Encoder Mirror Driver (RDPENCDD) - C:\WINDOWS\system32\drivers\rdpencdd.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: Symantec Real Time Storage Protection (PEL) (SRTSPX) - C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Symantec Network Security Intermediate Filter Driver (SymIM) - C:\WINDOWS\system32\DRIVERS\SymIMv.sys
O41 - Driver: Symantec Network Dispatch Driver (SYMTDI) - C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - C:\WINDOWS\system32\DRIVERS\tdx.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (no object) (VgaSave) - C:\Windows\System32\drivers\vga.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: AC3Filter 1.63b
O42 - Logiciel: Adobe Common File Installer
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Photoshop Elements 6.0
O42 - Logiciel: Adobe Premiere Elements 4.0
O42 - Logiciel: Adobe Premiere Elements 4.0 Templates
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Adobe Shockwave Player
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Audiosurf Demo
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: CCleaner
O42 - Logiciel: CDDRV_Installer
O42 - Logiciel: Condition Zero
O42 - Logiciel: Counter-Strike
O42 - Logiciel: Counter-Strike 1.6
O42 - Logiciel: DFX for Winamp
O42 - Logiciel: DFX for Windows Media Player
O42 - Logiciel: Day of Defeat: Source
O42 - Logiciel: Dictionnaire Freelang (liste de mots)
O42 - Logiciel: Dictionnaire Freelang 3.74 beta
O42 - Logiciel: DivX Codec
O42 - Logiciel: DivX Converter
O42 - Logiciel: DivX Player
O42 - Logiciel: DivX Plus DirectShow Filters
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Désinstaller l'imprimante EPSON Stylus SX400 Series
O42 - Logiciel: EVEREST Corporate Edition v5.02
O42 - Logiciel: EVEREST Home Edition v2.20
O42 - Logiciel: Fiddler2 (remove only)
O42 - Logiciel: Free Mp3 Wma Converter V 1.81
O42 - Logiciel: Frets On Fire
O42 - Logiciel: GTA San Andreas
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Garena
O42 - Logiciel: Glary Utilities 2.18.0.786
O42 - Logiciel: Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Google Update Helper
O42 - Logiciel: Google Earth
O42 - Logiciel: Guitar Pro 5.0
Rapport de ZHPDiag v1.24.44 par Nicolas Coolman
Run by Luspha at 18/01/2010 18:05:39
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v8.0.6001.18865
MFIE: Mozilla Firefox (3.5.7)
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (59% free)
System drive C: has 243 GB (41%) free of 583 GB
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 243 Go of 583 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
---\\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - C:\Program Files\Windows Defender\MSASCui.exe
[MD5.CB2B9EB1447D8A264E46948DF46C1212] - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
[MD5.3103FE27C967675B019E880AA6DA3D6D] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.29BE51557A3E686B297BE273EB17CA67] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[MD5.29680A793F690EEF4AAA68479D2A6DF8] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[MD5.896A1DB9A972AD2339C2E8569EC926D1] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[MD5.BF08674925F151BD4537B89A493E3E0C] - C:\Windows\ehome\ehTray.exe
[MD5.98787ADB268351E0CBBD517D114CE9D1] - C:\Program Files\Glary Utilities\memdefrag.exe
[MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.35937EAD711207544E219C2A19A78A7D] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[MD5.3794B461C45882E06856F282EEF025AF] - C:\Windows\system32\svchost.exe
[MD5.9015BC03F62940527EC92D45EE89E46F] - C:\Program Files\Avira\AntiVir Desktop\sched.exe
[MD5.B8720A787C1223492E6F319465E996CE] - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[MD5.23112102BC2A8FE44B8AC44A05BDF4C3] - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
[MD5.626A24ED1228580B9518C01930936DF9] - C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.40D7D0A208EE863BCA8D89E299216F15] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[MD5.EE215321E83BE72AB77B6627FD149EAE] - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
[MD5.7BEF9FB934C452D532283D470E8B37CC] - C:\Windows\system32\nvvsvc.exe
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - C:\Windows\system32\IoctlSvc.exe
[MD5.A911ECAC81F94ADEAFBE8E3F7873EDB0] - C:\Windows\system32\lsass.exe
[MD5.42660BBED859AC22DFD12AE598A8FFAA] - C:\Windows\System32\WinService.exe
[MD5.0BA91E1358AD25236863039BB2609A2E] - C:\Windows\system32\SLsvc.exe
[MD5.846CDF9A3CF4DA9B306ADFB7D55EE4C2] - C:\Windows\System32\spoolsv.exe
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKCU\..\policies\Explorer: [NoLogoff] Data=0
O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKCU\..\policies\Explorer: [NoDrives] Data=0
O4 - Global Startup: Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\IE_Toolbar.ico"
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File - C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File - C:\Windows\system32\winrnr.dll
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Empowering Technology Service (ETService) - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (Norton Internet Security) - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll" /prefetch:1
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SCM_Service (SCM_Service) - C:\Windows\System32\WinService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Adobe Shockwave Director 10.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\System32\Macromed\Director\SwDir.dll
O40 - ASIC: Adobe Shockwave Director 10.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.8 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Ancilliary Function Driver for Winsock (AFD) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
O41 - Driver: Symantec Heuristics Driver (BHDrvx86) - C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys
O41 - Driver: Symantec Hash Provider (ccHP) - C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys
O41 - Driver: Pilote de CD-ROM (cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: @%systemroot%\system32\drivers\dfsc.sys,-101 (DfsC) - C:\WINDOWS\System32\Drivers\dfsc.sys
O41 - Driver: Symantec Eraser Control driver (eeCtrl) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: IDSVix86 (IDSVix86) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100116.002\IDSvix86.sys
O41 - Driver: Pilote de la classe Clavier (kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Pilote de la classe Souris (mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NETBT (netbt) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: NSI proxy service (nsiproxy) - C:\WINDOWS\system32\drivers\nsiproxy.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Redirected Buffering Sub Sysytem (rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: RDPCDD (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: RDP Encoder Mirror Driver (RDPENCDD) - C:\WINDOWS\system32\drivers\rdpencdd.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: Symantec Real Time Storage Protection (PEL) (SRTSPX) - C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS
O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
O41 - Driver: Symantec Network Security Intermediate Filter Driver (SymIM) - C:\WINDOWS\system32\DRIVERS\SymIMv.sys
O41 - Driver: Symantec Network Dispatch Driver (SYMTDI) - C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - C:\WINDOWS\system32\DRIVERS\tdx.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (no object) (VgaSave) - C:\Windows\System32\drivers\vga.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: AC3Filter 1.63b
O42 - Logiciel: Adobe Common File Installer
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Photoshop Elements 6.0
O42 - Logiciel: Adobe Premiere Elements 4.0
O42 - Logiciel: Adobe Premiere Elements 4.0 Templates
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Adobe Shockwave Player
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Audiosurf Demo
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: CCleaner
O42 - Logiciel: CDDRV_Installer
O42 - Logiciel: Condition Zero
O42 - Logiciel: Counter-Strike
O42 - Logiciel: Counter-Strike 1.6
O42 - Logiciel: DFX for Winamp
O42 - Logiciel: DFX for Windows Media Player
O42 - Logiciel: Day of Defeat: Source
O42 - Logiciel: Dictionnaire Freelang (liste de mots)
O42 - Logiciel: Dictionnaire Freelang 3.74 beta
O42 - Logiciel: DivX Codec
O42 - Logiciel: DivX Converter
O42 - Logiciel: DivX Player
O42 - Logiciel: DivX Plus DirectShow Filters
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Désinstaller l'imprimante EPSON Stylus SX400 Series
O42 - Logiciel: EVEREST Corporate Edition v5.02
O42 - Logiciel: EVEREST Home Edition v2.20
O42 - Logiciel: Fiddler2 (remove only)
O42 - Logiciel: Free Mp3 Wma Converter V 1.81
O42 - Logiciel: Frets On Fire
O42 - Logiciel: GTA San Andreas
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Garena
O42 - Logiciel: Glary Utilities 2.18.0.786
O42 - Logiciel: Google Chrome
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Google Update Helper
O42 - Logiciel: Google Earth
O42 - Logiciel: Guitar Pro 5.0
Le rapport est incomplet (il était trop long et a été coupé), mais ce n'est pas grave, j'ai la partie qui m'intéresse.
Pour pouvoir te donner les conseils de finition, j'ai besoin d'un dernier rapport :
• Télécharge hijackthis.
• Installe le, lance le et clique sur "Do a system scan and save a logfile".
• Fais un copier-coller du rapport entier sur le forum
Pour pouvoir te donner les conseils de finition, j'ai besoin d'un dernier rapport :
• Télécharge hijackthis.
• Installe le, lance le et clique sur "Do a system scan and save a logfile".
• Fais un copier-coller du rapport entier sur le forum
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:54, on 20/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DivX\DivX Codec\divxsm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = Luspha\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Scan saved at 00:16:54, on 20/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Glary Utilities\memdefrag.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DivX\DivX Codec\divxsm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = Luspha\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
