Google infecté

Résolu
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   -  
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Depuis quelques jours, mes recherches sur google me redirigent vers d'autres sites, souvent les memes, pour antivirus par ex
La raison etant que j'ai telecharger un lien d'un ami sur facebook et depuis c'est l'horreur
J'ai un deuxieme probleme qui s'est cree suite à cela c'est que la navigation sur internet explorer est devenu assez lente

Apres de nombreuses recherches sur le forum je n'ai pas reussi à reparer le probleme tout seul. Je ne suis pas un génie de l'informatique mais je connais quelques termes
Je vous remercie par avance pour votre aide

A voir également:

46 réponses

Précédent
Réponse 21 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8b9fc39082f9cf4898617a43aa89a265
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-07 12:12:16
# local_time=2010-05-07 02:12:16 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 86620 86620 0 0
# compatibility_mode=769 16775165 100 98 231 209441531 2671161 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=2049 16777214 0 5 18468273 18468273 0 0
# compatibility_mode=5892 16776574 100 100 9066787 110696705 0 0
# compatibility_mode=8192 67108863 100 0 8819 8819 0 0
# scanned=175192
# found=3
# cleaned=3
# scan_time=27158
0
Réponse 22 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8b9fc39082f9cf4898617a43aa89a265
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-08 02:55:41
# local_time=2010-05-08 04:55:41 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 199280 199280 0 0
# compatibility_mode=769 16775165 100 98 112547 209554191 1948621 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=2049 16777214 0 5 18580933 18580933 0 0
# compatibility_mode=5892 16776574 100 100 9179447 110809365 0 0
# compatibility_mode=8192 67108863 100 0 121479 121479 0 0
# scanned=175307
# found=0
# cleaned=0
# scan_time=29869
0
Réponse 23 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Effectivement le dernier rapport est propre, as-tu d'autre souci?


@++ :)
0
Réponse 24 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
Bonjour, j'ai une lenteur extreme de mon ordi. Les pages internet mettent bcp de temps pour s'afficher et mes logiciels aussi. Meme pour naviguer dans mon disque dur

J'ai defragmenté, liberer de l'espace sur le disque dur, utiliser cccleaner, si tu as une idée c'est avec plaisir :)

Autrement merci encore une fois pour l'aide que tu m'as apporté, je n'ai plus de probleme de redirection, c'est génial !!!!!!!!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n'est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++ :)
0
Réponse 26 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
bonjour dédétraqué voici le rappport ;)
merci

ComboFix 10-05-10.04 - yohan 11/05/2010 17:05:42.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2061 [GMT 2:00]
Lancé depuis: c:\users\yohan\Documents\Downloads\Programs\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\yohan\Documents\BackupRegistry(20100503).reg
c:\windows\system32\AbaleZip.dll
c:\windows\system32\logs

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-11 au 2010-05-11 ))))))))))))))))))))))))))))))))))))
.

2010-05-11 15:14 . 2010-05-11 15:15 -------- d-----w- c:\users\yohan\AppData\Local\temp
2010-05-11 15:14 . 2010-05-11 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-06 14:12 . 2010-05-06 14:12 -------- d-----w- c:\program files\ESET
2010-05-06 14:10 . 2010-05-06 14:17 -------- d-----w- c:\programdata\Google Updater
2010-05-06 00:53 . 2010-05-06 00:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-05 15:01 . 2010-05-05 15:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-04 12:59 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-04 12:59 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-04 12:59 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-04 12:59 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-04 12:59 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-04 12:59 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-04 12:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-04 12:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-04 12:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-04 12:52 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-04 12:52 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-03 12:14 . 2010-05-03 12:14 214448 ----a-w- c:\users\yohan\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-03 12:10 . 2010-05-10 21:27 -------- d-----w- c:\users\yohan\AppData\Roaming\DMCache
2010-05-03 12:10 . 2010-05-03 14:00 -------- d-----w- c:\users\yohan\AppData\Roaming\IDM
2010-05-03 12:09 . 2010-05-03 12:09 -------- d-----w- c:\program files\Internet Download Manager
2010-05-03 12:04 . 2010-05-03 12:04 -------- d-----w- c:\users\yohan\AppData\Roaming\Luxand
2010-05-03 12:03 . 2010-02-09 23:06 431416 ----a-w- c:\windows\system32\LuxandCredentialProvider.dll
2010-05-03 12:03 . 2010-02-09 23:06 94008 ----a-w- c:\windows\system32\LuxandBlinkLib12.dll
2010-05-03 12:03 . 2010-02-09 23:07 4705080 ----a-w- c:\windows\system32\LuxandBlinkLib11.dll
2010-05-03 12:02 . 2010-05-03 12:02 -------- d-----w- c:\program files\Luxand
2010-05-03 12:02 . 2010-02-09 23:07 4705080 ----a-w- c:\windows\system32\LuxandBlinkLib1.dll
2010-05-03 12:02 . 2010-02-09 23:06 628536 ----a-w- c:\windows\system32\LuxandBlink.dll
2010-04-29 14:22 . 2009-09-09 08:43 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-04-26 16:55 . 2010-04-26 16:55 -------- d-----w- c:\programdata\Astar Games
2010-04-21 12:50 . 2010-04-21 12:50 -------- d-----w- c:\users\yohan\AppData\Roaming\Malwarebytes
2010-04-21 12:49 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 12:49 . 2010-04-21 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 12:49 . 2010-04-21 12:49 -------- d-----w- c:\programdata\Malwarebytes
2010-04-21 12:49 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 12:28 . 2010-04-21 12:28 159267 -c--a-w- C:\UsbFix_Upload_Me_PC-de-yohan.zip
2010-04-21 00:13 . 2010-04-21 12:28 -------- dc----w- C:\UsbFix
2010-04-19 18:25 . 2010-04-19 18:25 -------- dc----w- C:\rsit
2010-04-18 23:10 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-18 13:46 . 2010-04-18 13:51 -------- d-----w- c:\program files\Power IE
2010-04-12 00:40 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-12 00:39 . 2010-04-12 00:39 -------- dc-h--w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-04-12 00:39 . 2010-02-05 09:04 2954656 -c--a-w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-04-12 00:38 . 2010-04-12 00:40 -------- d-----w- c:\programdata\Lavasoft
2010-04-12 00:38 . 2010-04-12 00:39 -------- d-----w- c:\program files\Lavasoft
2010-04-12 00:30 . 2010-04-12 00:30 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 14:54 . 2009-01-06 17:29 -------- d-----w- c:\users\yohan\AppData\Roaming\DNA
2010-05-10 21:29 . 2008-07-28 19:57 716298 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-10 21:29 . 2008-07-28 19:57 144420 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-10 21:26 . 2009-01-06 17:29 -------- d-----w- c:\program files\DNA
2010-05-06 14:12 . 2008-07-28 10:51 -------- d-----w- c:\program files\Google
2010-05-05 16:35 . 2010-01-25 01:06 -------- d-----w- c:\program files\Trend Micro
2010-05-05 15:00 . 2009-05-18 19:09 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-05-05 14:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-04 20:17 . 2008-07-28 11:00 -------- d-----w- c:\programdata\Microsoft Help
2010-05-03 12:36 . 2009-01-06 20:33 -------- d-----w- c:\users\yohan\AppData\Roaming\BitTorrent
2010-04-25 14:35 . 2009-01-18 22:12 -------- d-----w- c:\users\yohan\AppData\Roaming\Samsung
2010-04-25 14:27 . 2008-07-28 10:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-11 18:21 . 2010-03-15 12:41 -------- d-----w- c:\program files\Steam
2010-04-11 18:15 . 2010-02-05 22:23 -------- d-----w- c:\programdata\HP Product Assistant
2010-04-11 18:15 . 2008-07-28 10:46 -------- d-----w- c:\program files\Microsoft Works
2010-04-11 14:53 . 2010-04-11 14:53 -------- d-----w- c:\program files\AxBx
2010-04-09 17:29 . 2009-01-06 16:33 103896 ----a-w- c:\users\yohan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-09 17:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-04-09 17:15 . 2009-03-08 18:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-09 16:53 . 2008-07-28 10:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-30 21:47 . 2010-03-30 21:46 -------- d-----w- c:\users\yohan\AppData\Roaming\Magic Academy
2010-03-28 18:03 . 2010-03-28 18:03 -------- d-----w- c:\program files\Lavalys
2010-03-23 00:25 . 2009-01-09 11:07 -------- d-----w- c:\program files\BetClic Poker
2010-03-19 17:54 . 2009-01-08 04:02 -------- d-----w- c:\users\yohan\AppData\Roaming\LimeWire
2010-03-19 01:47 . 2010-03-19 01:47 -------- d-----w- c:\program files\Risk
2010-03-15 12:41 . 2010-03-15 12:41 -------- d-----w- c:\program files\Common Files\Steam
2010-03-15 12:41 . 2009-01-09 16:38 -------- d-----w- c:\program files\Sports Interactive
2010-03-14 16:33 . 2010-03-14 16:33 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2010-03-14 16:33 . 2010-03-14 16:33 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2010-03-14 16:32 . 2010-03-14 16:32 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-14 16:31 . 2010-03-14 16:31 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-14 16:31 . 2010-03-14 16:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-14 16:31 . 2010-03-14 16:31 -------- d-----w- c:\program files\Microsoft.NET
2010-03-14 16:20 . 2010-03-14 16:20 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-03 17:12 . 2010-02-05 22:11 166674 ----a-w- c:\windows\hpoins21.dat
2010-02-23 06:39 . 2010-03-31 02:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 02:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 02:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 02:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-09 23:04 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-09 23:04 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-09 23:04 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-04-03 01:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2008-07-28 20:00 . 2008-07-28 20:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 17:54 564624 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-03-03 323392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1041704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-24 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"Luxand Blink!"="c:\program files\Luxand\Blink!\LuxandBlinkTray.exe" [2010-02-09 6844728]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-05-06 126976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-7-9 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):31,60,76,c3,6d,2c,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2881880658-3555428079-2209020445-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000005

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-24 691696]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-24 30192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-10-29 7680]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
R3 usbanyka;USB Web Camera;c:\windows\system32\DRIVERS\UsbAnyka.sys [2007-11-13 17536]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-10-13 110080]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-10-15 104960]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-06 1285864]
S2 ServiceSFRABCD;Service SFR Gestionnaire Connexion;c:\program files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [2009-09-01 657024]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Tâches planifiées'

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 00:48]

2010-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 14:10]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:35]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:35]

2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{49B6D35B-DB48-4A59-BDD5-455EE97F972C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: betclic.fr\www
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
0
Réponse 27 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 17:15
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,ea,73,67,bf,83,9f,41,a8,fa,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,ea,73,67,bf,83,9f,41,a8,fa,f6,\

[HKEY_USERS\S-1-5-21-2881880658-3555428079-2209020445-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,37,f5,99,51,aa,ef,0b,25,59,a1,d1,7a,71,d9,86,41,cf,68,9f,47,80,75,
5a,29,d3,0f,e0,ca,5f,81,03,e4,ea,2d,16,44,98,f4,8f,a9,31,5e,94,8f,6c,7c,0e,\
"??"=hex:04,35,44,e7,7f,61,2a,34,d3,f0,20,a9,b2,d9,12,0d

[HKEY_USERS\S-1-5-21-2881880658-3555428079-2209020445-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:58,4a,f2,18,36,5c,c1,ce,33,00,35,97,f7,17,99,ef,00,96,3e,cc,e8,
be,ed,dd,ca,26,1b,dc,64,d4,85,43,5d,88,ec,54,d8,ee,f9,7d,0d,04,f2,c3,6b,67,\
"rkeysecu"=hex:51,ba,a5,5f,f1,6e,0d,dd,91,7a,5f,be,a6,52,d6,a3

[HKEY_USERS\S-1-5-21-2881880658-3555428079-2209020445-1000_Classes\CLSID\{3caa67b9-aa67-4c61-bb45-4ac0ac5f65ab}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000081
"Therad"=dword:00000008

[HKEY_USERS\S-1-5-21-2881880658-3555428079-2209020445-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5e,a0,40,d4,63,37,5b,c6,f6,91,86,88,c3,57,e4,6e,53,e8,41,17,fc,
1b,b8,e2,0d,08,40,c5,cd,e6,ce,19,4d,20,2f,86,c0,36,16,fc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-05-11 17:20:37
ComboFix-quarantined-files.txt 2010-05-11 15:20

Avant-CF: 27 887 693 824 octets libres
Après-CF: 28 018 249 728 octets libres

- - End Of File - - 91D81194489F3032CA37A609754580BF
0
Réponse 28 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Comment va le PC maintenant...


@++ :)
0
Réponse 29 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
Re dédétraqué

il va bcp mieux, c'est génial je vois pas comment je pourrai te rendre l'appareil mais je te suis vraiment tres reconnaissant

Tu va aider plein de gens avec ton savoir

Merci encore
0
Réponse 30 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Bien de rien, pour des raisons de sécurité et surtout pour garder ton PC propre, on va désactiver la restauration système sur tous les lecteurs :

Tutoriel Vista : https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista


-----


On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

http://pc-system.fr/


- Faire un clic droit sur ToolsCleaner2.exe sur le bureau et choisi "Exécuter en tant qu'administrateur".
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


-----


Important de mettre à jour Windows et tes logiciels :
Mettre Windows(catégories critique, Services Pack et Services Release) à jour : http://www.windowsupdate.com/windowsupdate/v6/default.aspx

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/

Faire un ménage des fichiers inutiles et de la base de registre :
https://www.malekal.com/tutoriel-ccleaner/

Dis moi quand cela est fais où si tu as des soucis et on passe à la résolution du sujet par la suite.


@++ :)
0
Réponse 31 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
Bonjour dédétraqué, voici le rapport de ToolsCleaner, j'ai egalement effectué toutes les operations que tu m'as indiqué

merci :)

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\UsbFix\UsbFix.txt: trouvé !
C:\Users\yohan\Desktop\Rsit.exe: trouvé !
C:\Users\yohan\Documents\Downloads\Programs\ComboFix.exe: trouvé !
C:\Windows\msnfix.txt: trouvé !
C:\Windows\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Users\yohan\Documents\Downloads\Programs\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\UsbFix\UsbFix.txt: supprimé !
C:\Users\yohan\Desktop\Rsit.exe: supprimé !
C:\Windows\msnfix.txt: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
0
Réponse 32 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Bien de rien, je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/windowsupdate/v6/default.aspx (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré, je te conseil ZoneAlarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- pas de téléchargement illégal, qui est le principal facteur d'infection (µTorrent, BitTorrent, eMule, Limewire, etc..) https://forum.malekal.com/viewtopic.php?t=893&start=
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware, je conseil MalwareByte's Anti-Malware :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour :
https://www.java.com/en/download/uninstalltool.jsp
- faire régulièrement un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/


De bonne lecture si tu veux en savoir plus sur la sécurité et le fonctionnement de Windows :
http://www.malekal.com/menu_windows_general.php
http://www.malekal.com/menu_windows_securite.php

Si tu considères ton problème comme résolu, tu pourras mettre en résolu :
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

Bonne journée/soirée et bon surf


@++ :)
0
Réponse 33 / 46
yohanaldo Messages postés 52 Date d'inscription   Statut Membre Dernière intervention   3
 
Salut dédétraqué je vais poster le probleme comme résolu, je conserve ton dernier post en favori pour le consulter de temps en temps, et surtout


un grand MERCIIIIIIIIIIIIIIIIIIIIIIIIIIII !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
Réponse 34 / 46
dédétraqué Messages postés 4384 Date d'inscription   Statut Contributeur sécurité Dernière intervention   286
 
Salut yohanaldo


Bien de rien, bon Week end


@++ :)
0
Réponse 35 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
coucou,
je vois qu'il y a moyen de trouver une solution avec des pro comme vous!
alors j'ai identiquement le même problème. Google me redirectionne vers d'autres sites etc etc ensuite pub pour un anti virus! attention votre pc est infecté etc etc.
donc voici mon rapport usbfix:

############################## | UsbFix 7.019 | [Recherche]

Utilisateur: Christophe (Administrateur) # PC-DE-COACH [PACKARD BELL BV EasyNote MH45]
Mis à jour le 03/08/10 par El Desaparecido / C_XX
Lancé à 22:16:10 | 09/08/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
CPU 2: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18882

Pare-feu Windows: Activé
RAM -> 3000 Mo
C:\ (%systemdrive%) -> Disque fixe # 453 Go (183 Go libre(s) - 40%) [OS] # NTFS
D:\ -> CD-ROM

################## | Éléments infectieux |


################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{afdf8d3d-ba1a-11de-a056-00238b86c625}
Shell\AutoRun\Command = E:\setup_vmc_lite.exe /checkApplicationPresence

HKCU\.\.\.\.\Explorer\MountPoints2\{bbddb0d8-20ea-11df-a313-00238b86c625}
Shell\AutoRun\Command = E:\Setup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{cffa498c-1114-11df-ac82-00238b86c625}
Shell\AutoRun\Command = E:\DPFMate.exe


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0
Réponse 36 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
Et voici après la suppression...

############################## | UsbFix 7.019 | [Suppression]

Utilisateur: Christophe (Administrateur) # PC-DE-COACH [PACKARD BELL BV EasyNote MH45]
Mis à jour le 03/08/10 par El Desaparecido / C_XX
Lancé à 22:33:45 | 09/08/2010
Site Web: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
CPU 2: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18882

Pare-feu Windows: Activé
RAM -> 3000 Mo
C:\ (%systemdrive%) -> Disque fixe # 453 Go (207 Go libre(s) - 46%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> Disque fixe # 466 Go (257 Go libre(s) - 55%) [Intenso] # FAT32

################## | Éléments infectieux |


################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{afdf8d3d-ba1a-11de-a056-00238b86c625}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{bbddb0d8-20ea-11df-a313-00238b86c625}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{cffa498c-1114-11df-ac82-00238b86c625}

################## | Listing |

[09/08/2010 - 22:36:11 | SHD ] C:\$Recycle.Bin
[29/05/2009 - 21:21:40 | HD ] C:\ACER
[01/06/2009 - 22:36:00 | A | 61762560] C:\audio0.ac3
[01/06/2009 - 22:37:02 | A | 370575404] C:\audio0.wav
[18/09/2006 - 23:43:36 | A | 24] C:\autoexec.bat
[05/12/2009 - 10:04:11 | SHD ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[10/01/2009 - 22:13:08 | RAS | 8192] C:\BOOTSECT.BAK
[31/08/2009 - 07:53:11 | D ] C:\c53dc37fd9ef829eb2650e4e3a55
[18/09/2006 - 23:43:37 | A | 10] C:\config.sys
[02/11/2006 - 14:59:44 | SHD ] C:\Documents and Settings
[01/06/2009 - 22:30:48 | A | 347] C:\finfos.txt
[10/01/2009 - 14:26:47 | D ] C:\Intel
[01/06/2009 - 11:16:11 | RASH | 0] C:\IO.SYS
[01/06/2009 - 11:16:11 | RASH | 0] C:\MSDOS.SYS
[27/06/2009 - 16:45:04 | RHD ] C:\MSOCache
[01/06/2009 - 12:29:16 | D ] C:\MWASPI
[29/02/2004 - 17:44:34 | A | 52576] C:\orange.bmp
[02/08/2010 - 06:35:02 | ASH | 3460280320] C:\pagefile.sys
[21/01/2008 - 04:43:50 | D ] C:\PerfLogs
[11/06/2009 - 16:46:13 | D ] C:\platodvdripper
[04/08/2010 - 17:08:30 | D ] C:\Program Files
[22/04/2010 - 21:35:35 | HD ] C:\ProgramData
[01/06/2009 - 18:44:49 | D ] C:\Ri4m_TMP
[22/03/2010 - 22:30:42 | A | 333] C:\rollback.ini
[09/08/2010 - 15:49:02 | SHD ] C:\System Volume Information
[09/08/2010 - 22:36:11 | D ] C:\UsbFix
[09/08/2010 - 22:33:55 | A | 2524] C:\UsbFix.txt
[29/05/2009 - 16:23:12 | RD ] C:\Users
[01/06/2009 - 20:43:14 | A | 140090] C:\VTS_01_1.d2v
[09/08/2010 - 21:45:56 | D ] C:\Windows
[02/06/2009 - 01:22:09 | A | 771944] C:\zumba test 3.avi.A.index
[02/06/2009 - 01:22:09 | A | 772144] C:\zumba test 3.avi.index

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | E.O.F |
0
Réponse 37 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
Impossible de faire la suite, télécharger malwarebytes

Petit problème... Internet Explorer n'est pas parvenu à trouver la page www.malwarebytes.org.
Suggestions :
*Rechercher sur Google :

vais essayer de trouver ailleur...
0
Réponse 38 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
voilà ai réussi à trouver malwarebytes, voici le résultat:
32 fichiers infectés, j'ai supprimé ces fichiers.

Ci-dessous le rapport:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4411

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

10/08/2010 9:46:59
mbam-log-2010-08-10 (09-46-59).txt

Type d'examen: Examen complet (C:\|E:\|)
Elément(s) analysé(s): 326381
Temps écoulé: 1 heure(s), 16 minute(s), 17 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 76

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Windows\System32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpqoko6 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryDoktor_is1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apto6ko (Worm.KoobFace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\tapisrvs (Worm.KoobFace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\15636021 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\smartshopper\Bin\2.5.0 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Windows\System32\erokosvc.dll (Worm.KoobFace) -> Delete on reboot.
C:\Program Files\RegistryDoktor 4.1\Cl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Users\Christophe\AppData\Local\rdr_1268943333.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\AppData\Local\rdr_1269383642.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\AppData\Local\Temp\_2B17.tmp (Trojan.Lukicsel) -> Quarantined and deleted successfully.
C:\Users\Christophe\Desktop\o.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Christophe\Documents\programme\WinRAR.3.30-fr\WinRAR.3.30.FR\patch-WinRAR 3.30\WinRAR 3.30.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Windows\bill104.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\imapioko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\EngineAP.dll (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\FolderPaths.txt (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\ScheduleAP.txt (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\Task.dat (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\task.xml (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\unins000.dat (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\unins000.exe (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200812.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200901.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200902.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200903.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200904.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\200905.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090601.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090602.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090603.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090706.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090714.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090721.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090729.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090805.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090819.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090901.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20090921.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091006.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091023.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091104.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091114.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091130.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091218.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20091231.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100118.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100130.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100212.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100302.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100323.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100416.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100506.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100527.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100621.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoktor 4.1\definitions\20100630.cab (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryDoktor 4.1\Désinstaller Registry Doktor 4.1.lnk (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryDoktor 4.1\Registry Doktor 4.1.lnk (Rogue.RegistryDoktor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Windows\System32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\cryptnet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1268930579.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1268930584.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1268943333.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1268943638.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1268943642.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269274834.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269287305.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269287311.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269287315.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269287319.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269287323.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Christophe\Local Settings\Application Data\rdr_1269383642.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\ligh (Koobface.Trace) -> Quarantined and deleted successfully.
0
Réponse 39 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
voici maintenant le rapport Log txt de Hijack this:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Christophe at 2010-08-10 10:02:44
Microsoft® Windows Vista(TM) Édition Familiale Basique Service Pack 2
System drive C: has 216 GB (47%) free of 464 GB
Total RAM: 3000 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:17, on 10/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Fighters\VIRUSfighter\vfproTray.exe
C:\Program Files\Fighters\SPAMfighter\sfagent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Christophe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G342BN0G\RSIT[1].exe
C:\Program Files\trend micro\Christophe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [VFPROguard] C:\Program Files\Fighters\VIRUSfighter\VFPROTray.exe
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [RegDokFRScheduler] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe SCHEDULER
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
0
Réponse 40 / 46
coachkpn1 Messages postés 12 Date d'inscription   Statut Membre Dernière intervention  
 
part II


O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
0