pc infecter ! besoin d'aide ! Résolu/Fermé

Question

Bonjour, voilà  mon problème . un copain m'a preter son pc qui etais infecter mais j'avoue que je rame . il y avais de nombreux fichiers infecter qu'à trouvé mbam ainsi que avast et les ont nettoyer . mais toujours pareils .en mode sans èchec tout marche bien mais  en mode "normal" rien ne s'ouvre 
je joint un rapport hijack et gmer  merci pour votre  aaide 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:14, on 23/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
G:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=040c&m=el1352&r=17361010z416pe4g5x115r45n1s235
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Searchgo Toolbar - {338c5d66-6b92-40a7-a216-9830d2e54103} - C:\Program Files (x86)\Searchgo\prxtbSear.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll
O2 - BHO: Searchgo - {338c5d66-6b92-40a7-a216-9830d2e54103} - C:\Program Files (x86)\Searchgo\prxtbSear.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Searchgo Toolbar - {338c5d66-6b92-40a7-a216-9830d2e54103} - C:\Program Files (x86)\Searchgo\prxtbSear.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Epson Stylus SX420W(Réseau)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S9E0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32
etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32
etman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32
etprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32
lasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32
sisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32
vvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Accelerer PC\PCSUService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32asauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32asmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32	apisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32	bssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32	ermsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32	hemeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32	rkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

g3n-h@ckm@n · Answer

salut

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

clique sur suppression et poste son rapport.

===========

poste ton dernier rapport de malwarebytes

mack.bolan · Answer

bonjour  ou re bonjour !
je vais essayer adw mais je ne peux pas demarer le pc qu'en mode sans echec !!
est ce que je peux charger sur une clef et installer depuis la clef ?
pour le rapport de mbam , je le charge et vous poste ça !!

mack.bolan · Answer

voila le rapprot adw , par contre je n'ai plus le rapport de mbam :)

 AdwCleaner v1.604 - Rapport créé le 23/04/2012 à 17:24:21
# Mis à jour le 23/04/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : cyril - CYRIL-PC
# Exécuté depuis : G:\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Registre - GUID] *****


***** [Navigateurs] *****

-\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\ Mozilla Firefox v [Impossible d'obtenir la version]

-\ Google Chrome v18.0.1025.162

Fichier : C:\Users\cyril\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Users\Tiphanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [29358 octets] - [23/04/2012 17:22:11]
AdwCleaner[R1].txt - [1012 octets] - [23/04/2012 17:24:21]

########## EOF - C:\AdwCleaner[R1].txt - [1140 octets] ##########

g3n-h@ckm@n · Answer

pour le rapport de MBAM , il se trouve dans l(onglet rapport/log du logiciel

oui pour la clé usb

mack.bolan · Answer

pour le rapport je sais ou il se trouve normalement mais la ! le seul rapport me dit qu'il n'y plus rien

mack.bolan · Answer

--
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7622

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

22/04/2012 22:28:51
mbam-log-2012-04-22 (22-28-51).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 319773
Temps écoulé: 26 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)merci de mettre le sujet en résolu si c'est le cas par la suite ! :)

g3n-h@ckm@n · Answer

c'est ce rapport qu il aurait fallu poster 

AdwCleaner[S1].txt - [29358 octets] - [23/04/2012 17:22:11]

mack.bolan · Answer

harggggggggg ! merdum !
j'ai que celui la !

g3n-h@ckm@n · Answer

ben non il est dans ton disque C:\ ^^

mack.bolan · Answer

pardon j'ai laisser mon cerveau au garage . voila le rapport S1

g3n-h@ckm@n · Answer

ah oui il est joli ^^

=======

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

ou cette version renommée winlogon.exe :

http://forums-fec.be/gen-hackman/winlogon.exe

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider

mack.bolan · Answer

ca va un peu mieux mais il est toujours aussi lent !
la barre de chargement ( verte en haut ) se charge par a coup et tout met un temps fou a s'ouvrir !

mack.bolan · Answer

ok j'y vais

mack.bolan · Answer

au lancement  une fenêtres s'ouvre et me dit
line 16357
error! the resqueted action with this objet has failled ( G/pre scan )

g3n-h@ckm@n · Answer

?? 

le message exact c est quoi ? 

tu as combien de RAM ? 3.5...
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

mack.bolan · Answer

le  message  c'est ça et 4 giga d'origine

mack.bolan · Answer

quoique je fasse j'ai toujours la même fenêtres

g3n-h@ckm@n · Answer

mets-le sur le bureau

mack.bolan · Answer

pareil

g3n-h@ckm@n · Answer

t'as pas fait envoyer vers , tu l'as copié ?

mack.bolan · Answer

la fenêtres d'erreur s'ouvre lors du points de restauration

mack.bolan · Answer

copier coller sur le bureau

mack.bolan · Answer

j'ai bien le bureau qui devient noir mais une fenetre de creation de point de restauration s'ouvre et apparaît la fenêtres d'erreur puis plus rien

g3n-h@ckm@n · Answer

à tous les coups c est avast qui nous bloque....

desinstalle Avast tu le remettras après la desinfection

surtout qu'on en est à la version 7 ^^

mack.bolan · Answer

avast n'ai pas dans programme et fonctionalitè
comment le déinstaller?

g3n-h@ckm@n · Answer

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\ __________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur Telecharge ici : Combofix Avant d'utiliser ComboFix : Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système. La simple désactivation du résident n'est pas suffisante. Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover Choisis la version adéquate (32 ou 64 bits)/!\ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement : ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau ▶ Lance le Une fenêtre apparait : clique sur "Disable" ▶ Fais redémarrer l'ordinateur si l'outil te le demande Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable" _________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." sur combofix renommé ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤ ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

mack.bolan · Answer

ok c'est parti

mack.bolan · Answer

ComboFix 12-04-23.02 - cyril 23/04/2012  22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics


(((((((((((((((((((((((((((((   Fichiers créés du 2012-03-23 au 2012-04-23  ))))))))))))))))))))))))))))))))))))


2012-04-23 20:35:03 . 2012-04-23 20:35:03	--------	d-----w-	C:\Users\Tiphanie\AppData\Local	emp
2012-04-22 19:17:18 . 2012-04-22 19:17:18	--------	d-----w-	C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01	--------	d-----w-	C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44	--------	dc----w-	C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31	--------	d-----w-	C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50	25416	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32	--------	d-----w-	C:\Windows\system32\wbemepository
2012-04-12 14:57:34 . 2012-03-06 06:53:37	5559152	----a-w-	C:\Windows\system32
toskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47	3968368	----a-w-	C:\Windows\SysWow64
tkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41	3913072	----a-w-	C:\Windows\SysWow64
toskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16	23408	----a-w-	C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50	81408	----a-w-	C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27	220672	----a-w-	C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47	5120	----a-w-	C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38	--------	d-----w-	C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06	--------	d-----w-	C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22	--------	d-----w-	C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39	--------	d-----w-	C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45	--------	d-----w-	C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45	--------	d-----w-	C:\Users\cyril\cle usb
.


((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42	279656	----a-w-	C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46	1031680	----a-w-	C:\Windows\system32dpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46	826880	----a-w-	C:\Windows\SysWow64dpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46	210944	----a-w-	C:\Windows\system32\driversdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45	23552	----a-w-	C:\Windows\system32\drivers	dtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29	1544192	----a-w-	C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40	1070352	----a-w-	C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31	3145728	----a-w-	C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48	77312	----a-w-	C:\Windows\system32dpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48	149504	----a-w-	C:\Windows\system32dpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48	9216	----a-w-	C:\Windows\system32drmemptylst.exe


(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38	176936	----a-w-	C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers	susbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

g3n-h@ckm@n · Answer

je peux l avoir entier ?

mack.bolan · Answer

--
ComboFix 12-04-23.02 - cyril 23/04/2012  22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics


(((((((((((((((((((((((((((((   Fichiers créés du 2012-03-23 au 2012-04-23  ))))))))))))))))))))))))))))))))))))


2012-04-23 20:35:03 . 2012-04-23 20:35:03	--------	d-----w-	C:\Users\Tiphanie\AppData\Local	emp
2012-04-22 19:17:18 . 2012-04-22 19:17:18	--------	d-----w-	C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01	--------	d-----w-	C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44	--------	dc----w-	C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31	--------	d-----w-	C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50	25416	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32	--------	d-----w-	C:\Windows\system32\wbemepository
2012-04-12 14:57:34 . 2012-03-06 06:53:37	5559152	----a-w-	C:\Windows\system32
toskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47	3968368	----a-w-	C:\Windows\SysWow64
tkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41	3913072	----a-w-	C:\Windows\SysWow64
toskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16	23408	----a-w-	C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50	81408	----a-w-	C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27	220672	----a-w-	C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47	5120	----a-w-	C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38	--------	d-----w-	C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06	--------	d-----w-	C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22	--------	d-----w-	C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39	--------	d-----w-	C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45	--------	d-----w-	C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45	--------	d-----w-	C:\Users\cyril\cle usb
.


((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42	279656	----a-w-	C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46	1031680	----a-w-	C:\Windows\system32dpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46	826880	----a-w-	C:\Windows\SysWow64dpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46	210944	----a-w-	C:\Windows\system32\driversdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45	23552	----a-w-	C:\Windows\system32\drivers	dtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29	1544192	----a-w-	C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40	1070352	----a-w-	C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31	3145728	----a-w-	C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48	77312	----a-w-	C:\Windows\system32dpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48	149504	----a-w-	C:\Windows\system32dpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48	9216	----a-w-	C:\Windows\system32drmemptylst.exe


(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38	176936	----a-w-	C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers	susbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe



--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2206202759-2939906336-3311746702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

merci de mettre le sujet en résolu si c'est le cas par la suite ! :)

mack.bolan · Answer

ca marche !!!!!!!!!!!!!!
ha ben merci ! maintenant faut encore nettoyer ou juste supprimer les programme comme pre scan et combo

g3n-h@ckm@n · Answer

GRRRR !!! héberge le rapport.........

mack.bolan · Answer

lequel ?

g3n-h@ckm@n · Answer

ben le rapport de combofix

mack.bolan · Answer

--
ComboFix 12-04-23.02 - cyril 23/04/2012  22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics


(((((((((((((((((((((((((((((   Fichiers créés du 2012-03-23 au 2012-04-23  ))))))))))))))))))))))))))))))))))))


2012-04-23 20:35:03 . 2012-04-23 20:35:03	--------	d-----w-	C:\Users\Tiphanie\AppData\Local	emp
2012-04-22 19:17:18 . 2012-04-22 19:17:18	--------	d-----w-	C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01	--------	d-----w-	C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44	--------	dc----w-	C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31	--------	d-----w-	C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50	25416	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32	--------	d-----w-	C:\Windows\system32\wbemepository
2012-04-12 14:57:34 . 2012-03-06 06:53:37	5559152	----a-w-	C:\Windows\system32
toskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47	3968368	----a-w-	C:\Windows\SysWow64
tkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41	3913072	----a-w-	C:\Windows\SysWow64
toskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16	23408	----a-w-	C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50	81408	----a-w-	C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27	220672	----a-w-	C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47	5120	----a-w-	C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38	--------	d-----w-	C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06	--------	d-----w-	C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22	--------	d-----w-	C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39	--------	d-----w-	C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45	--------	d-----w-	C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45	--------	d-----w-	C:\Users\cyril\cle usb
.


((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59	8669240	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42	279656	----a-w-	C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46	1031680	----a-w-	C:\Windows\system32dpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46	826880	----a-w-	C:\Windows\SysWow64dpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46	210944	----a-w-	C:\Windows\system32\driversdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45	23552	----a-w-	C:\Windows\system32\drivers	dtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29	1544192	----a-w-	C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40	1070352	----a-w-	C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31	3145728	----a-w-	C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48	77312	----a-w-	C:\Windows\system32dpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48	149504	----a-w-	C:\Windows\system32dpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48	9216	----a-w-	C:\Windows\system32drmemptylst.exe


(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38	176936	----a-w-	C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers	susbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe



--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2206202759-2939906336-3311746702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

merci de mettre le sujet en résolu si c'est le cas par la suite ! :)

g3n-h@ckm@n · Answer

fais le menage 

https://gen-hackman.kanak.fr/

====

bye

mack.bolan · Answer

ok je nettoie 
MERCI SUPER BEAUCOUP !
je mettrais le poste en resolu des que 
merci!

Pc infecter ! besoin d'aide !

37 réponses