Test pour moi ;-)... A qui veut

noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Logfile of random's system information tool 1.06 (written by random/random)
Run by vaudelle at 2010-02-04 21:29:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 41 GB (18%) free of 235 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:09, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\svchoost32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vaudelle\Mes documents\Téléchargements\RSIT(2).exe
C:\Program Files\trend micro\vaudelle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html?ptnrS=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSWER - Unknown owner - C:\WINDOWS\svchoost32.exe
O23 - Service: MSWORD64 - Unknown owner - C:\WINDOWS\winlogoun.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8061 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for vaudelle.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9C182D49-E0E8-42B2-B09D-E5137B39D69E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"AliceSAV"=C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [2005-12-16 81408]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
--
L'humour est la clé de voûte de la conscience.
Trait du temps...il n'y en a encore....
Configuration: En image, piloté par un système unique.

16 réponses

  1. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by vaudelle at 2010-02-04 22:35:45
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 41 GB (18%) free of 235 GB
    Total RAM: 1023 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35:53, on 04/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\svchoost32.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\vaudelle\Mes documents\Téléchargements\RSIT.exe
    C:\Program Files\trend micro\vaudelle.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MSWER - Unknown owner - C:\WINDOWS\svchoost32.exe
    O23 - Service: MSWORD64 - Unknown owner - C:\WINDOWS\winlogoun.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    1
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    ● Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

    ● Double-clique sur le programme AD-R situé sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
    ● Au menu principal, choisis l'option L.
    ● Poste le rapport généré (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool.
    0
  3. Utilisateur anonyme
     
    ça c pas mal , connaissait pas : S2 MSWORD64;MSWORD64; C:\WINDOWS\winlogoun.exe []
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Moi non plus.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Noct est D humeur rogolote ou koi ?

    Pourquoi ce post ?
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est peut-être pour un ami.
    0
  8. Utilisateur anonyme
     
    C beau l amitiamour ...

    :)
    0
  9. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    C'est pour un ami... Et quoi, il pas beau mon post !!

    Pas bonjour, sauf l'automatique. pas de question, pas de merci.... enfin quoi...ça sert d'avoir des potes ;-)

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 03.02.2010 à 19:46
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 0:25:02, 05/02/2010 | Mode Normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: LOCAL-E6F3EB900 | Utilisateur actuel: ******
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .

    C:\DOCUME~1\****\APPLIC~1\Mozilla\FireFox\Profiles\ahj5y972.default\searchplugins\mywebsearch.xml
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Program Files\AskSearch
    C:\Program Files\Windows Live\Messenger\Riched20.dll
    .
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.6 [fr] *
    .
    Nom du profil: ahj5y972.default (*****)
    .****, prefs.js) Browser.search.selectedEngine, MyWebSearch
    (******, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
    (******, prefs.js) Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRman000&fl=0&ptb=FfJjTrJOlnLy1ti9UzNhUg&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7a30&searchfor=
    .
    (*******, prefs.js) TROUVE - Browser.search.selectedEngine, MyWebSearch
    (*****, prefs.js) TROUVE - Extensions.mywebsearch.openSearchURL, hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg&n=77ce7a30
    (, prefs.js) TROUVE - Extensions.mywebsearch.prevKwdEnabled, true
    (, prefs.js) TROUVE - Extensions.mywebsearch.prevKwdURL, chrome://browser-region/locale/region.properties
    (, prefs.js) TROUVE - Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRman000&fl=0&ptb=FfJjTrJOlnLy1ti9UzNhUg&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7a30&searchfor=
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Show_ToolBar: yes
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Enable Browser Extensions: yes
    Start Page Redirect Cache_TIMESTAMP: 60c9e6175c91ca01
    Start Page Restore: hxxp://thepiratebay.toolbarhome.com?hp=df
    Start Page: hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    3158 Octet(s) - C:\Ad-Report-SCAN[1].log
    .
    5 Fichier(s) - C:\DOCUME~1\****\LOCALS~1\Temp
    7 Fichier(s) - C:\WINDOWS\Temp
    129 Fichier(s) - C:\WINDOWS\Prefetch
    .
    1 Fichier(s) - C:\Ad-Remover\BACKUP
    0 Fichier(s) - C:\Ad-Remover\QUARANTINE
    .
    Fin à: 0:27:06 | 05/02/2010 - SCAN[1]
    .
    ============== E.O.F ==============
    .
    0
    1. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046
       
      Bonsoir,
      Pas bonjour, sauf l'automatique. pas de question, pas de merci.... enfin quoi...ça sert d'avoir des potes ;-) 

      Ohlala le chouchoutage !

      Deux fois le RSIT en plus ! :D
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu as fait l'option S, tu peux faire l'option L.
    0
  11. Utilisateur anonyme
     
    Avé Francky ...

    & surtout santé , que la binouse a flot !!
    0
  12. Utilisateur anonyme
     
    Aux prochaine éléctions presidentielle je voterai Kronebourg !!
    0
  13. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 03.02.2010 à 19:46
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 0:37:17, 05/02/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: LOCAL-E6F3EB900 | Utilisateur actuel: vaudelle
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    C:\DOCUME~1\vaudelle\APPLIC~1\Mozilla\FireFox\Profiles\ahj5y972.default\searchplugins\mywebsearch.xml
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Program Files\AskSearch
    C:\Program Files\Windows Live\Messenger\Riched20.dll

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.6 [fr] *
    .
    Nom du profil: ahj5y972.default (vaudelle)
    .
    (vaudelle, prefs.js) Browser.search.selectedEngine, MyWebSearch
    (vaudelle, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
    (vaudelle, prefs.js) Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRman000&fl=0&ptb=FfJjTrJOlnLy1ti9UzNhUg&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7a30&searchfor=
    .
    (vaudelle, prefs.js) EFFACE - Browser.search.selectedEngine, MyWebSearch
    (vaudelle, prefs.js) EFFACE - Extensions.mywebsearch.openSearchURL, hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg&n=77ce7a30
    (vaudelle, prefs.js) EFFACE - Extensions.mywebsearch.prevKwdEnabled, true
    (vaudelle, prefs.js) EFFACE - Extensions.mywebsearch.prevKwdURL, chrome://browser-region/locale/region.properties
    (vaudelle, prefs.js) EFFACE - Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRman000&fl=0&ptb=FfJjTrJOlnLy1ti9UzNhUg&url=hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7a30&searchfor=
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Show_ToolBar: yes
    Enable Browser Extensions: yes
    Start Page Redirect Cache_TIMESTAMP: 60c9e6175c91ca01
    Start Page: hxxp://fr.msn.com/
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\WINDOWS\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    3305 Octet(s) - C:\Ad-Report-CLEAN[1].log
    3495 Octet(s) - C:\Ad-Report-SCAN[1].log
    .
    5 Fichier(s) - C:\DOCUME~1\vaudelle\LOCALS~1\Temp
    11 Fichier(s) - C:\WINDOWS\Temp
    0 Fichier(s) - C:\WINDOWS\Prefetch
    .
    18 Fichier(s) - C:\Ad-Remover\BACKUP
    3 Fichier(s) - C:\Ad-Remover\QUARANTINE
    .
    Fin à: 0:39:39 | 05/02/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .

    Alors des nouvelles de cette ligne inconnue? ;-)
    0
  14. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Ah!! Oui, j'ai déjà passé combofix

    ComboFix 10-02-04.01 - vaudelle 04/02/2010 22:23:32.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.398 [GMT 1:00]
    Lancé depuis: c:\documents and settings\vaudelle\Mes documents\Téléchargements\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\AskSearch\bin\DefaultSearch.dll
    c:\recycler\S-1-5-21-1110443203-2613963654-428514169-1003
    c:\windows\MSNIN.dll
    c:\windows\system32\uninstall.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-04 au 2010-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2010-02-04 20:29 . 2010-02-04 20:30 -------- d-----w- c:\program files\trend micro
    2010-02-04 20:29 . 2010-02-04 20:30 -------- d-----w- C:\rsit
    2010-02-03 12:03 . 2010-02-03 12:03 -------- d-----w- c:\windows\system32\recover
    2010-01-30 00:14 . 2010-01-30 00:14 230432 ----a-w- C:\PA7302.DAT
    2010-01-27 08:08 . 2010-01-27 08:08 -------- d-----w- c:\documents and settings\vaudelle\Local Settings\Application Data\PCHealth
    2010-01-24 15:37 . 2007-03-12 22:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-01-24 15:37 . 2007-03-12 22:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-01-24 15:37 . 2007-03-12 22:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-01-24 15:37 . 2010-01-25 07:29 -------- d-----w- c:\documents and settings\vaudelle\Application Data\OfferBox
    2010-01-13 22:31 . 2010-01-25 09:16 -------- d-----w- c:\program files\Counter-Strike 1.6
    2010-01-13 22:12 . 2010-01-16 16:41 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-01-13 21:06 . 2010-01-13 21:06 -------- d-----w- c:\program files\BlackIsle
    2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\documents and settings\vaudelle\Application Data\Island
    2010-01-13 20:30 . 2010-01-13 20:34 -------- d-----w- c:\documents and settings\vaudelle\Application Data\FairyTale
    2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
    2010-01-13 17:46 . 2010-01-13 17:46 -------- d-----w- c:\documents and settings\vaudelle\Application Data\MA
    2010-01-13 17:16 . 2010-01-13 17:16 -------- d-sh--w- c:\windows\ftpcache
    2010-01-13 17:11 . 2010-01-13 17:11 -------- d-----w- c:\program files\id Software
    2010-01-13 02:04 . 2010-01-13 02:04 -------- d-----w- c:\windows\A5B5A16D277A476B8F621029A2F23072.TMP
    2010-01-13 01:34 . 2010-01-13 01:34 -------- d-----w- c:\documents and settings\vaudelle\Application Data\PriceGong
    2010-01-11 21:33 . 2010-01-11 21:33 -------- d-----w- c:\windows\Logs
    2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-01-11 18:48 . 2010-01-26 09:06 -------- d-----w- c:\documents and settings\vaudelle\Application Data\Hidden Island Data
    2010-01-11 18:47 . 2010-01-11 18:47 -------- d-----w- c:\program files\Hidden Island
    2010-01-11 13:36 . 2010-01-11 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2010-01-10 22:02 . 2010-01-10 22:02 -------- d-----w- C:\ACROREAD
    2010-01-10 16:41 . 2010-01-10 16:49 -------- d-----w- c:\program files\Zuma's Revenge!
    2010-01-10 16:41 . 2010-01-10 16:41 -------- d-----w- c:\windows\Zuma's Revenge!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-04 21:26 . 2009-08-25 09:40 -------- d-----w- c:\documents and settings\vaudelle\Application Data\uTorrent
    2010-02-04 21:22 . 2009-10-14 18:51 -------- d-----w- c:\documents and settings\vaudelle\Application Data\vlc
    2010-02-04 05:30 . 2009-08-27 08:18 -------- d-----w- c:\documents and settings\vaudelle\Application Data\dvdcss
    2010-02-03 09:19 . 2009-09-05 09:56 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-02-02 11:44 . 2009-12-15 09:02 -------- d-----w- c:\program files\Media Player Utilities 4.25
    2010-02-02 09:37 . 2009-08-24 17:34 -------- d-----w- c:\program files\eMule
    2010-02-01 08:09 . 2009-08-25 09:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-01-25 07:28 . 2009-10-01 21:52 -------- d-----w- c:\program files\Google
    2010-01-21 06:13 . 2009-09-05 09:58 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-13 17:33 . 2009-08-24 15:41 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-13 17:17 . 2004-08-05 19:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
    2010-01-13 01:56 . 2009-08-24 15:48 18216 ----a-w- c:\documents and settings\vaudelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-12 11:03 . 2009-12-22 16:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-12 11:03 . 2009-12-22 16:55 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-12 11:03 . 2009-08-24 23:57 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-01-12 11:03 . 2009-08-24 23:57 4104192 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-12 11:03 . 2009-08-24 23:57 182888 ----a-w- c:\windows\system32\nvcodins.dll
    2010-01-12 11:03 . 2009-08-24 23:57 1081344 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 11:03 . 2009-08-24 23:57 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-01-12 11:03 . 2009-08-24 23:57 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-01-12 11:03 . 2009-08-16 22:57 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-12 11:03 . 2009-08-16 22:57 2283526 ----a-w- c:\windows\system32\nvdata.bin
    2010-01-12 11:03 . 2009-08-16 22:57 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-11 21:36 . 2010-01-11 21:36 -------- d--h--r- c:\documents and settings\vaudelle\Application Data\SecuROM
    2010-01-11 00:08 . 2009-10-27 14:40 -------- d-----w- c:\program files\Sierra On-Line
    2010-01-10 22:01 . 2010-01-10 22:01 103 ----a-w- c:\windows\~ACROBAT.TMP
    2010-01-08 20:23 . 2009-10-25 18:56 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-01-08 16:00 . 2009-12-14 22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-08 16:00 . 2009-12-31 16:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-07 15:07 . 2009-12-14 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2009-12-14 22:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 17:31 . 2010-01-05 17:09 -------- d-----w- c:\program files\Fichiers communs\PAC7302
    2010-01-04 10:38 . 2010-01-04 10:37 523776 ----a-w- c:\windows\ConfigUser.dll
    2010-01-03 23:09 . 2010-01-04 10:34 1440768 ----a-w- c:\windows\svchoost32.exe
    2010-01-03 12:45 . 2009-09-03 13:37 -------- d-----w- c:\program files\RocketDock
    2009-12-31 15:59 . 2009-08-25 19:40 -------- d-----w- c:\program files\Windows Live
    2009-12-31 15:59 . 2009-12-31 15:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-25 14:46 . 2009-11-02 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
    2009-12-22 19:04 . 2009-12-22 17:59 -------- d-----w- c:\documents and settings\vaudelle\Application Data\Touchstone
    2009-12-22 17:58 . 2009-12-22 17:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-12-22 17:28 . 2009-12-22 17:28 -------- d-----w- c:\program files\AGEIA Technologies
    2009-12-22 17:28 . 2009-12-22 17:28 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-12-22 16:56 . 2009-08-24 16:46 -------- d-----w- c:\program files\NVIDIA Corporation
    2009-12-21 19:07 . 2004-08-05 19:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-21 12:16 . 2009-10-25 14:49 7 ----a-w- c:\windows\sbacknt.bin
    2009-12-21 10:26 . 2009-10-25 14:48 152904 ----a-w- c:\windows\system32\vghd.scr
    2009-12-21 10:15 . 2009-10-25 14:48 -------- d-----w- c:\documents and settings\vaudelle\Application Data\vghd
    2009-12-20 22:05 . 2009-12-20 22:05 -------- d-----w- c:\documents and settings\vaudelle\Application Data\Divo Games
    2009-12-15 09:03 . 2009-12-15 09:03 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
    2009-12-14 22:24 . 2009-12-14 22:24 -------- d-----w- c:\documents and settings\vaudelle\Application Data\Malwarebytes
    2009-12-14 22:23 . 2009-12-14 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-10 07:06 . 2004-08-05 19:00 93408 ----a-w- c:\windows\system32\perfc00C.dat
    2009-12-10 07:06 . 2004-08-05 19:00 532828 ----a-w- c:\windows\system32\perfh00C.dat
    2009-11-24 23:54 . 2009-08-24 15:57 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2009-11-24 23:51 . 2009-08-24 15:57 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-11-24 23:49 . 2009-08-24 15:57 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-24 23:48 . 2009-08-24 15:57 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-24 23:47 . 2009-08-24 15:57 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-11-24 23:47 . 2009-08-24 15:57 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-11-21 15:58 . 2004-08-05 19:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-21 02:34 . 2009-08-24 23:57 182888 ----a-w- c:\windows\system32\nvcod.dll
    2009-11-21 02:34 . 2009-08-24 15:00 592488 ----a-w- c:\windows\system32\nvudisp.exe
    2009-11-19 20:42 . 2009-08-24 15:00 592488 ----a-w- c:\windows\system32\nvuninst.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2008-03-03 16:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\svchoost32.exe"=

    R?2 MSWER;MSWER;c:\windows\svchoost32.exe [04/01/2010 11:34 1440768]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/08/2009 16:57 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/08/2009 16:57 20560]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/12/2009 23:24 236368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/12/2009 23:23 19160]
    S2 MSWORD64;MSWORD64;c:\windows\winlogoun.exe --> c:\windows\winlogoun.exe [?]
    S3 DIGIRPS;Pilote PortServer Digi;c:\windows\system32\drivers\digirlpt.sys [25/08/2009 09:45 42656]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-03 c:\windows\Tasks\Malwarebytes' Scheduled Update for vaudelle.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-14 15:07]

    2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{9C182D49-E0E8-42B2-B09D-E5137B39D69E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZRman000&ptb=FfJjTrJOlnLy1ti9UzNhUg
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.79\MediaManager\grab.html
    FF - ProfilePath - c:\documents and settings\vaudelle\Application Data\Mozilla\Firefox\Profiles\ahj5y972.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRman000&fl=0&ptb=FfJjTrJOlnLy1ti9UzNhUg&url=https://hp.mywebsearch.com/mywebsearch/index.html
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - c:\program files\AskSearch\bin\DefaultSearch.dll
    BHO-{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - (no file)
    HKLM-Run-nwiz - nwiz.exe
    HKU-Default-RunOnce-NeroHomeFirstStart - c:\program files\Fichiers communs\Ahead\Lib\NMFirstStart.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-04 22:29
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1056324540-3994450867-3746994984-1007\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1056324540-3994450867-3746994984-1007\Software\SecuROM\License information*]
    "datasecu"=hex:ae,39,39,56,c0,b7,51,56,ab,e5,c8,44,45,9e,19,9b,cc,01,0c,56,30,
    e4,43,7a,03,48,60,cc,3b,62,32,3e,4c,33,8f,42,e4,38,6f,b6,41,8c,86,d9,8a,15,\
    "rkeysecu"=hex:f1,cb,c1,be,d3,62,80,37,89,21,e1,72,fd,95,54,f2
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(668)
    c:\program files\RocketDock\RocketDock.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-02-04 22:31:29 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-02-04 21:31

    Avant-CF: 43 274 846 208 octets libres
    Après-CF: 43 264 380 928 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - 581BFCE9E9BC0728B8E5A7E6E2EDDF4E

    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    /!\ Seul noctambule28 peut suivre cette procédure. /!\

    1/

    ---> Ouvre le Bloc-notes.

    ---> Copie le texte ci-dessous par sélection puis Ctrl+C :

    KillAll::

    Driver::
    MSWER
    MSWORD64

    File::
    c:\windows\svchoost32.exe
    c:\windows\winlogoun.exe

    Folder::
    c:\documents and settings\vaudelle\Application Data\PriceGong

    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\svchoost32.exe"=-

    --> Colle la sélection dans le Bloc-notes.

    --> Enregistre ce fichier sur le Bureau (Impératif).

    --> Nom du fichier : CFScript
    --> Type du fichier : tous les fichiers
    --> Clique sur Enregistrer.
    --> Quitte le Bloc-notes.

    2/

    --> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
    http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    --> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    --> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    --> Une fois le scan achevé, un rapport va s'afficher : poste-le.

    --> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
    0
  16. noctambule28 Messages postés 25275 Date d'inscription   Statut Membre Dernière intervention   2 875
     
    Je n'ai pas eu de nouveau rapport....

    Je dois zappé, je reprend ça à l'occaz.

    Merci à tous ;-)
    0
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu peux poster un nouveau rapport log de RSIT à la place.

    ;)
    0