Aller au contenu

jelo66

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    62

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jelo66

  1. jelo66
    je ne sais pas si c est ca cela c est mis sur mon bureau Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  2. jelo66
    bonjour le voici Logfile of random's system information tool 1.06 (written by random/random) Run by jelo66 at 2010-02-23 15:43:16 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 System drive C: has 365 GB (78%) free of 465 GB Total RAM: 3070 MB (55% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:43:18, on 23/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Windows\V0220Mon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\jelo66\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTFE2SER\RSIT[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\jelo66\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2DM6XZ8\RSIT[1].exe C:\Program Files\trend micro\jelo66.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: MSN Pictures Displayer.lnk = J:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Google Update (gupdate1c9d871684f15e2) (gupdate1c9d871684f15e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7273 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{D2664CD5-270A-4CCE-9BA5-188ABF8442CF}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-22 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] Locked {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-22 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-17 13535776] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-17 92704] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008] "DPService"=C:\Program Files\HP\DVDPlay\DPService.exe [2008-06-11 90112] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] "HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-06-09 24576] "V0220Mon.exe"=C:\Windows\V0220Mon.exe [2006-05-16 28672] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-16 39408] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\jelo66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MSN Pictures Displayer.lnk - J:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2009-02-01 49152] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableLockWorkstation"=0 "DisableChangePassword"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "HideFastUserSwitching"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoLogoff"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-02-23 15:36:58 ----D---- C:\rsit 2010-02-22 23:02:52 ----A---- C:\TCleaner.txt 2010-02-22 22:06:13 ----A---- C:\Windows\system32\javaws.exe 2010-02-22 22:06:13 ----A---- C:\Windows\system32\javaw.exe 2010-02-22 22:06:13 ----A---- C:\Windows\system32\java.exe 2010-02-22 22:00:51 ----D---- C:\ProgramData\Sun 2010-02-22 21:48:46 ----D---- C:\ProgramData\McAfee Security Scan 2010-02-22 21:48:46 ----D---- C:\ProgramData\McAfee 2010-02-22 21:48:45 ----D---- C:\Program Files\McAfee Security Scan 2010-02-22 21:45:57 ----D---- C:\ProgramData\Adobe 2010-02-22 21:45:26 ----D---- C:\Program Files\Common Files\Adobe 2010-02-22 21:45:26 ----D---- C:\Program Files\Adobe 2010-02-22 21:32:15 ----SHD---- C:\Config.Msi 2010-02-22 20:36:30 ----D---- C:\Program Files\Trend Micro 2010-02-22 10:53:24 ----D---- C:\Users\jelo66\AppData\Roaming\Malwarebytes 2010-02-22 10:53:19 ----D---- C:\ProgramData\Malwarebytes 2010-02-22 10:53:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-21 13:45:07 ----SHD---- C:\$RECYCLE.BIN 2010-02-21 13:45:05 ----D---- C:\Windows\temp 2010-02-21 13:36:14 ----A---- C:\Windows\SWXCACLS.exe 2010-02-21 13:28:02 ----D---- C:\Windows\Sun 2010-02-21 13:11:21 ----A---- C:\Windows\zip.exe 2010-02-21 13:11:21 ----A---- C:\Windows\SWSC.exe 2010-02-21 13:11:21 ----A---- C:\Windows\SWREG.exe 2010-02-21 13:11:21 ----A---- C:\Windows\sed.exe 2010-02-21 13:11:21 ----A---- C:\Windows\PEV.exe 2010-02-21 13:11:21 ----A---- C:\Windows\NIRCMD.exe 2010-02-21 13:11:21 ----A---- C:\Windows\grep.exe 2010-02-21 13:11:06 ----D---- C:\Windows\ERDNT 2010-02-10 18:10:14 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 18:10:14 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 18:10:10 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 18:10:10 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 18:10:09 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 18:10:09 ----A---- C:\Windows\system32\avifil32.dll 2010-01-28 15:23:02 ----D---- C:\ProgramData\Zylom ======List of files/folders modified in the last 1 months====== 2010-02-23 15:22:22 ----D---- C:\Windows\System32 2010-02-23 15:22:22 ----D---- C:\Windows\inf 2010-02-23 15:22:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-23 15:21:50 ----SHD---- C:\System Volume Information 2010-02-23 15:17:51 ----D---- C:\Windows\Tasks 2010-02-22 23:02:25 ----D---- C:\Windows 2010-02-22 23:02:25 ----D---- C:\Program Files 2010-02-22 22:54:14 ----D---- C:\ProgramData 2010-02-22 22:54:13 ----SD---- C:\Windows\Downloaded Program Files 2010-02-22 22:49:46 ----D---- C:\Windows\system32\Tasks 2010-02-22 22:32:49 ----D---- C:\Windows\system32\catroot2 2010-02-22 22:06:30 ----SHD---- C:\Windows\Installer 2010-02-22 22:06:10 ----D---- C:\Program Files\Java 2010-02-22 22:00:51 ----D---- C:\Program Files\Common Files\Java 2010-02-22 21:48:56 ----D---- C:\Windows\Prefetch 2010-02-22 21:45:26 ----D---- C:\Program Files\Common Files 2010-02-22 21:39:26 ----D---- C:\ProgramData\Google 2010-02-22 21:39:12 ----D---- C:\Program Files\Google 2010-02-22 21:32:35 ----D---- C:\Windows\winsxs 2010-02-22 20:23:42 ----D---- C:\Windows\Web 2010-02-22 20:23:42 ----D---- C:\Windows\system32\drivers 2010-02-22 19:55:12 ----D---- C:\ProgramData\Google Updater 2010-02-21 13:42:52 ----A---- C:\Windows\system.ini 2010-02-21 13:41:37 ----D---- C:\Program Files\VideoLAN 2010-02-21 13:39:29 ----D---- C:\Windows\AppPatch 2010-02-17 13:33:11 ----D---- C:\Users\jelo66\AppData\Roaming\PlayFirst 2010-02-17 13:33:11 ----D---- C:\ProgramData\PlayFirst 2010-02-17 13:33:09 ----D---- C:\Users\jelo66\AppData\Roaming\Zylom 2010-02-17 13:33:09 ----D---- C:\Users\jelo66\AppData\Roaming\Identities 2010-02-17 10:29:28 ----D---- C:\ProgramData\CyberLink 2010-02-11 03:19:44 ----D---- C:\Windows\system32\catroot 2010-02-11 03:17:41 ----D---- C:\Program Files\Windows Mail 2010-02-06 19:32:32 ----D---- C:\Program Files\SFR 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-28 03:00:21 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-10-03 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-11 56816] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088] R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-05-21 1049760] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-17 7436384] R3 V0220Dev;Live! Cam Video IM; C:\Windows\system32\DRIVERS\V0220Dev.sys [2006-05-24 145472] R3 V0220Vfx;V0220VFX; C:\Windows\system32\DRIVERS\V0220Vfx.sys [2006-03-24 6272] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 catchme;catchme; \??\C:\Users\jelo66\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-06-06 133152] S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-03 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-03 185089] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-04-17 196608] S2 gupdate1c9d871684f15e2;Service Google Update (gupdate1c9d871684f15e2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-19 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 183280] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-02-23 15:37:19 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x40c /remove Creative Live! Cam Video IM Driver (1.00.07.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl Creative Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x40c /remove Creative Photo Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Play-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC} HP Demo-->MsiExec.exe /X{48BF4489-0C58-4E80-BB17-94A673CE310A} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}\setup.exe" -l0x9 -removeonly HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4} HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f} HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manuel d'utilisation de Creative Live! Cam Video IM (Français)-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM\Manuel d'utilisation de Creative Live! Cam Video IM\French\CTManual.isu" McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}\muveesetup.exe -removeonly -runfromtemp NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor for Windows\uninst.exe Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} SightSpeed-->C:\Program Files\SightSpeed\uninst.exe Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354} ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: pc-jelo66 Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001E904B63B5. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 124644 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090909203438.000000-000 Event Type: Avertissement User: Computer Name: pc-jelo66 Event Code: 1002 Message: Le bail de l'adresse IP 192.168.1.3 pour la carte réseau dont l'adresse réseau est 001E904B63B5 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé un message DHCPNACK). Record Number: 124634 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090909201352.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 1003 Message: Record Number: 124633 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090909201352.000000-000 Event Type: Avertissement User: Computer Name: pc-jelo66 Event Code: 1002 Message: Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 001E904B63B5 a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé un message DHCPNACK). Record Number: 124622 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090909195255.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 1003 Message: Record Number: 124621 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090909195255.000000-000 Event Type: Avertissement User: =====Application event log===== Computer Name: pc-jelo66 Event Code: 8194 Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {995799b7-e43b-4990-bcb5-e36ca9386144} Record Number: 564 Source Name: VSS Time Written: 20090131222847.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 8194 Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {995799b7-e43b-4990-bcb5-e36ca9386144} Record Number: 561 Source Name: VSS Time Written: 20090131222811.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 555 Source Name: Microsoft-Windows-WMI Time Written: 20090131222053.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 529 Source Name: Microsoft-Windows-WMI Time Written: 20090131221516.000000-000 Event Type: Erreur User: Computer Name: pc-jelo66 Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 387 Source Name: Microsoft-Windows-Search Time Written: 20090131205201.000000-000 Event Type: Avertissement User: =====Security event log===== Computer Name: pc-jelo66 Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1160 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090203230440.609733-000 Event Type: Succès de l'audit User: Computer Name: pc-jelo66 Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-JELO66$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x254 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 1159 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090203230440.609733-000 Event Type: Succès de l'audit User: Computer Name: pc-jelo66 Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-JELO66$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x254 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 1158 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090203230440.609733-000 Event Type: Succès de l'audit User: Computer Name: pc-jelo66 Event Code: 5032 Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau. Code d’erreur : 2 Record Number: 1157 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090203230440.422533-000 Event Type: Échec de l'audit User: Computer Name: pc-jelo66 Event Code: 5032 Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau. Code d’erreur : 2 Record Number: 1156 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090203230437.130933-000 Event Type: Échec de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\hp\bin\Python;C:\Program Files\Common Files\DivX Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0202 "NUMBER_OF_PROCESSORS"=3 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=HPD "PCBRAND"=Presario "MSWorksProductCode"={3B160861-7250-451E-B5EE-8B92BF30A710} -----------------EOF-----------------
  3. jelo66
    par contre quand antivir controle il detecte toujours le virus et la ma connexion internet rame beaucoup
  4. jelo66
    --------------------------------- --> Suppression: C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé ! C:\Users\jelo66\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Combofix.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Windows\mbr.exe: supprimé ! C:\Qoobox: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
  5. jelo66
    voici le rapport tools cleaner: [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\Qoobox: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé ! C:\Users\jelo66\Desktop\ComboFix.exe: trouvé ! C:\Windows\mbr.exe: trouvé !
  6. jelo66
    je suis en train de faire les verifications de securite merci beaucoup apollo.
  7. jelo66
    apparemment il fonctionne bien. voici le rapport Fix Navipromo version 4.0.6 commencé le 22/02/2010 21:22:37,62 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Phenom 8600 Triple-Core Processor ) BIOS : Phoenix - AwardBIOS v6.00PG USER : jelo66 ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:453 Go (Free:355 Go) D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur C:\Users\jelo66\AppData\Local\ssewy.bat supprimé ! Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\jelo66\AppData\Local\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Scan terminé 22/02/2010 21:25:32,02 ***
  8. jelo66
    bonjour; tout d abord merci pour ton aide et encore desole pour combifix. voici le rapport de mbam: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3774 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 22/02/2010 20:20:37 mbam-log-2010-02-22 (20-20-37).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 275419 Temps écoulé: 41 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89b040f0-5ca6-7b68-cb8f-31c7c57c5f19} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{89b040f0-5ca6-7b68-cb8f-31c7c57c5f19} (Adware.AdRotator) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\drivers\ocnqoa.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\Puqqgbi7-S8hNFW.dll (Adware.AdRotator) -> Quarantined and deleted successfully. et le rapport de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:08, on 22/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Windows\V0220Mon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: MSN Pictures Displayer.lnk = J:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Google Update (gupdate1c9d871684f15e2) (gupdate1c9d871684f15e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6264 bytes
  9. jelo66
    * merci je l ai depalce et desole.
  10. jelo66
    bonjour j ai un virus rootkit.gen et je n arrive pas a le supprimer. j ai besoin d aide svp.merci d avance. j ai le rapport de combofix que j ai fait avant de venir sur le site et donc je ne savais pas que c etait dangereux. le voici. ComboFix 10-02-20.04 - jelo66 21/02/2010 13:37:10.2.3 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3070.1911 [GMT 1:00] Lancé depuis: c:\users\jelo66\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\jelo66\AppData\Local\Microsoft\Windows\Temporary Internet Files\6-1PDbu . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-21 au 2010-02-21 )))))))))))))))))))))))))))))))))))) . 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\jelo66\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-10 17:10 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-10 17:09 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-10 17:09 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-01-31 11:38 . 2010-01-31 11:38 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb410.tmp.exe 2010-01-28 14:44 . 2010-02-07 18:57 -------- d-----w- c:\users\jelo66\ClubDeJeux 2010-01-28 14:23 . 2010-01-28 14:23 -------- d-----w- c:\programdata\Zylom . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 12:41 . 2009-04-20 21:22 -------- d-----w- c:\program files\VideoLAN 2010-02-21 12:39 . 2009-02-26 16:34 -------- d-----w- c:\program files\Google 2010-02-21 09:01 . 2008-11-04 00:06 669328 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-21 09:01 . 2008-11-04 00:06 123350 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-20 16:53 . 2009-04-10 15:55 -------- d-----w- c:\programdata\Google Updater 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\users\jelo66\AppData\Roaming\PlayFirst 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\programdata\PlayFirst 2010-02-17 12:33 . 2009-02-26 16:33 -------- d-----w- c:\users\jelo66\AppData\Roaming\Zylom 2010-02-17 09:29 . 2008-11-03 15:44 -------- d-----w- c:\programdata\CyberLink 2010-02-11 02:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-06 18:32 . 2009-11-29 13:58 -------- d-----w- c:\program files\SFR 2010-01-23 02:17 . 2009-04-11 18:59 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 12:51 . 2010-01-19 12:51 -------- d-----w- c:\program files\Windows Portable Devices 2010-01-19 12:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-01-19 12:51 . 2010-01-19 12:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-01-18 17:37 . 2010-01-18 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-18 17:37 . 2008-11-03 15:55 -------- d-----w- c:\program files\Java 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2010-01-18 08:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2010-01-18 08:46 . 2008-11-03 15:43 -------- d-----w- c:\programdata\NVIDIA 2010-01-14 10:12 . 2009-10-02 16:54 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 19:07 . 2010-01-06 14:29 -------- d-----w- c:\users\jelo66\AppData\Roaming\Ubisoft 2010-01-12 14:45 . 2010-01-06 14:14 -------- d-----w- c:\users\jelo66\AppData\Roaming\MysteryStudio 2010-01-04 15:40 . 2010-01-04 15:40 -------- d-----w- c:\users\jelo66\AppData\Roaming\DivoGames 2010-01-02 06:38 . 2010-01-22 07:54 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 07:54 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 07:54 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 07:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 19:43 . 2009-12-25 19:43 1167360 ----a-w- c:\windows\system32\Puqqgbi7-S8hNFW.dll 2009-12-16 12:58 . 2009-01-31 21:00 78728 ----a-w- c:\users\jelo66\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-15 13:33 . 2009-12-15 13:33 4096 ----a-w- c:\windows\d3dx.dat 2009-12-11 11:43 . 2010-02-10 17:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 17:10 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 07:38 . 2009-10-01 08:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 20:01 . 2010-02-10 17:10 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30 . 2010-02-10 17:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 17:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 17:10 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 17:10 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 17:10 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 17:10 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 17:10 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 17:10 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 17:10 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 17:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 17:10 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89b040f0-5ca6-7b68-cb8f-31c7c57c5f19}] 2009-12-25 19:43 1167360 ----a-w- c:\windows\System32\Puqqgbi7-S8hNFW.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008] "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):7d,ca,f2,95,1b,98,ca,01 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/10/2009 09:38 108289] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504] R3 V0220Dev;Live! Cam Video IM;c:\windows\System32\drivers\V0220Dev.sys [31/01/2009 23:36 145472] R3 V0220Vfx;V0220VFX;c:\windows\System32\drivers\V0220Vfx.sys [31/01/2009 23:36 6272] S2 gupdate1c9d871684f15e2;Service Google Update (gupdate1c9d871684f15e2);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2009 12:03 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/11/2009 09:37 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] --- Autres Services/Pilotes en mémoire --- *Deregistered* - ocnqoa [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contenu du dossier 'Tâches planifiées' 2010-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 15:55] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{D2664CD5-270A-4CCE-9BA5-188ABF8442CF}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 13:42 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ocnqoa] . Heure de fin: 2010-02-21 13:45:03 ComboFix-quarantined-files.txt 2010-02-21 12:45 ComboFix2.txt 2010-02-21 12:21 Avant-CF: 382 246 281 216 octets libres Après-CF: 382 348 484 608 octets libres Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 7EEBC702A5FA92F2C894233355F06476
  11. jelo66
    bonjour j ai un virus rootkit.gen et je n arrive pas a le supprimer. j ai besoin d aide svp.merci d avance. j ai le rapport de combofix. le voici. ComboFix 10-02-20.04 - jelo66 21/02/2010 13:37:10.2.3 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3070.1911 [GMT 1:00] Lancé depuis: c:\users\jelo66\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\jelo66\AppData\Local\Microsoft\Windows\Temporary Internet Files\6-1PDbu . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-21 au 2010-02-21 )))))))))))))))))))))))))))))))))))) . 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\jelo66\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-10 17:10 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-10 17:09 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-10 17:09 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-01-31 11:38 . 2010-01-31 11:38 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb410.tmp.exe 2010-01-28 14:44 . 2010-02-07 18:57 -------- d-----w- c:\users\jelo66\ClubDeJeux 2010-01-28 14:23 . 2010-01-28 14:23 -------- d-----w- c:\programdata\Zylom . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 12:41 . 2009-04-20 21:22 -------- d-----w- c:\program files\VideoLAN 2010-02-21 12:39 . 2009-02-26 16:34 -------- d-----w- c:\program files\Google 2010-02-21 09:01 . 2008-11-04 00:06 669328 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-21 09:01 . 2008-11-04 00:06 123350 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-20 16:53 . 2009-04-10 15:55 -------- d-----w- c:\programdata\Google Updater 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\users\jelo66\AppData\Roaming\PlayFirst 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\programdata\PlayFirst 2010-02-17 12:33 . 2009-02-26 16:33 -------- d-----w- c:\users\jelo66\AppData\Roaming\Zylom 2010-02-17 09:29 . 2008-11-03 15:44 -------- d-----w- c:\programdata\CyberLink 2010-02-11 02:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-06 18:32 . 2009-11-29 13:58 -------- d-----w- c:\program files\SFR 2010-01-23 02:17 . 2009-04-11 18:59 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 12:51 . 2010-01-19 12:51 -------- d-----w- c:\program files\Windows Portable Devices 2010-01-19 12:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-01-19 12:51 . 2010-01-19 12:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-01-18 17:37 . 2010-01-18 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-18 17:37 . 2008-11-03 15:55 -------- d-----w- c:\program files\Java 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2010-01-18 08:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2010-01-18 08:46 . 2008-11-03 15:43 -------- d-----w- c:\programdata\NVIDIA 2010-01-14 10:12 . 2009-10-02 16:54 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 19:07 . 2010-01-06 14:29 -------- d-----w- c:\users\jelo66\AppData\Roaming\Ubisoft 2010-01-12 14:45 . 2010-01-06 14:14 -------- d-----w- c:\users\jelo66\AppData\Roaming\MysteryStudio 2010-01-04 15:40 . 2010-01-04 15:40 -------- d-----w- c:\users\jelo66\AppData\Roaming\DivoGames 2010-01-02 06:38 . 2010-01-22 07:54 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 07:54 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 07:54 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 07:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 19:43 . 2009-12-25 19:43 1167360 ----a-w- c:\windows\system32\Puqqgbi7-S8hNFW.dll 2009-12-16 12:58 . 2009-01-31 21:00 78728 ----a-w- c:\users\jelo66\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-15 13:33 . 2009-12-15 13:33 4096 ----a-w- c:\windows\d3dx.dat 2009-12-11 11:43 . 2010-02-10 17:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 17:10 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 07:38 . 2009-10-01 08:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 20:01 . 2010-02-10 17:10 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30 . 2010-02-10 17:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 17:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 17:10 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 17:10 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 17:10 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 17:10 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 17:10 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 17:10 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 17:10 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 17:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 17:10 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89b040f0-5ca6-7b68-cb8f-31c7c57c5f19}] 2009-12-25 19:43 1167360 ----a-w- c:\windows\System32\Puqqgbi7-S8hNFW.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008] "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):7d,ca,f2,95,1b,98,ca,01 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/10/2009 09:38 108289] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504] R3 V0220Dev;Live! Cam Video IM;c:\windows\System32\drivers\V0220Dev.sys [31/01/2009 23:36 145472] R3 V0220Vfx;V0220VFX;c:\windows\System32\drivers\V0220Vfx.sys [31/01/2009 23:36 6272] S2 gupdate1c9d871684f15e2;Service Google Update (gupdate1c9d871684f15e2);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2009 12:03 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/11/2009 09:37 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] --- Autres Services/Pilotes en mémoire --- *Deregistered* - ocnqoa [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contenu du dossier 'Tâches planifiées' 2010-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 15:55] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{D2664CD5-270A-4CCE-9BA5-188ABF8442CF}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 13:42 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ocnqoa] . Heure de fin: 2010-02-21 13:45:03 ComboFix-quarantined-files.txt 2010-02-21 12:45 ComboFix2.txt 2010-02-21 12:21 Avant-CF: 382 246 281 216 octets libres Après-CF: 382 348 484 608 octets libres Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 7EEBC702A5FA92F2C894233355F06476
  12. jelo66
    bonjour j ai moi aussi ce virus sur mon ordi voici le log de combo fix ton aide me serait precieuse merci d avance. ComboFix 10-02-20.04 - jelo66 21/02/2010 13:37:10.2.3 - x86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.3070.1911 [GMT 1:00] Lancé depuis: c:\users\jelo66\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\jelo66\AppData\Local\Microsoft\Windows\Temporary Internet Files\6-1PDbu . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-21 au 2010-02-21 )))))))))))))))))))))))))))))))))))) . 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\jelo66\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-21 12:42 . 2010-02-21 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-10 17:10 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-10 17:09 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-10 17:09 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-01-31 11:38 . 2010-01-31 11:38 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb410.tmp.exe 2010-01-28 14:44 . 2010-02-07 18:57 -------- d-----w- c:\users\jelo66\ClubDeJeux 2010-01-28 14:23 . 2010-01-28 14:23 -------- d-----w- c:\programdata\Zylom . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 12:41 . 2009-04-20 21:22 -------- d-----w- c:\program files\VideoLAN 2010-02-21 12:39 . 2009-02-26 16:34 -------- d-----w- c:\program files\Google 2010-02-21 09:01 . 2008-11-04 00:06 669328 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-21 09:01 . 2008-11-04 00:06 123350 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-20 16:53 . 2009-04-10 15:55 -------- d-----w- c:\programdata\Google Updater 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\users\jelo66\AppData\Roaming\PlayFirst 2010-02-17 12:33 . 2009-02-02 18:23 -------- d-----w- c:\programdata\PlayFirst 2010-02-17 12:33 . 2009-02-26 16:33 -------- d-----w- c:\users\jelo66\AppData\Roaming\Zylom 2010-02-17 09:29 . 2008-11-03 15:44 -------- d-----w- c:\programdata\CyberLink 2010-02-11 02:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-06 18:32 . 2009-11-29 13:58 -------- d-----w- c:\program files\SFR 2010-01-23 02:17 . 2009-04-11 18:59 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 12:51 . 2010-01-19 12:51 -------- d-----w- c:\program files\Windows Portable Devices 2010-01-19 12:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-01-19 12:51 . 2010-01-19 12:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-01-18 17:37 . 2010-01-18 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-18 17:37 . 2008-11-03 15:55 -------- d-----w- c:\program files\Java 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2010-01-18 08:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2010-01-18 08:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2010-01-18 08:46 . 2008-11-03 15:43 -------- d-----w- c:\programdata\NVIDIA 2010-01-14 10:12 . 2009-10-02 16:54 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 19:07 . 2010-01-06 14:29 -------- d-----w- c:\users\jelo66\AppData\Roaming\Ubisoft 2010-01-12 14:45 . 2010-01-06 14:14 -------- d-----w- c:\users\jelo66\AppData\Roaming\MysteryStudio 2010-01-04 15:40 . 2010-01-04 15:40 -------- d-----w- c:\users\jelo66\AppData\Roaming\DivoGames 2010-01-02 06:38 . 2010-01-22 07:54 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 07:54 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 07:54 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 07:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 19:43 . 2009-12-25 19:43 1167360 ----a-w- c:\windows\system32\Puqqgbi7-S8hNFW.dll 2009-12-16 12:58 . 2009-01-31 21:00 78728 ----a-w- c:\users\jelo66\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-15 13:33 . 2009-12-15 13:33 4096 ----a-w- c:\windows\d3dx.dat 2009-12-11 11:43 . 2010-02-10 17:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 17:10 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 07:38 . 2009-10-01 08:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 20:01 . 2010-02-10 17:10 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:30 . 2010-02-10 17:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 17:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 17:10 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 17:10 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 17:10 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 17:10 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 17:10 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 17:10 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 17:10 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-04 15:56 . 2010-02-10 17:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-12-04 15:56 . 2010-02-10 17:10 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2008-11-04 00:20 . 2008-11-04 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89b040f0-5ca6-7b68-cb8f-31c7c57c5f19}] 2009-12-25 19:43 1167360 ----a-w- c:\windows\System32\Puqqgbi7-S8hNFW.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008] "DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):7d,ca,f2,95,1b,98,ca,01 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/10/2009 09:38 108289] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:33 21504] R3 V0220Dev;Live! Cam Video IM;c:\windows\System32\drivers\V0220Dev.sys [31/01/2009 23:36 145472] R3 V0220Vfx;V0220VFX;c:\windows\System32\drivers\V0220Vfx.sys [31/01/2009 23:36 6272] S2 gupdate1c9d871684f15e2;Service Google Update (gupdate1c9d871684f15e2);c:\program files\Google\Update\GoogleUpdate.exe [19/05/2009 12:03 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/11/2009 09:37 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] --- Autres Services/Pilotes en mémoire --- *Deregistered* - ocnqoa [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contenu du dossier 'Tâches planifiées' 2010-02-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 15:55] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 11:03] 2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{D2664CD5-270A-4CCE-9BA5-188ABF8442CF}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=84&bd=Presario&pf=cndt IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 13:42 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ocnqoa] . Heure de fin: 2010-02-21 13:45:03 ComboFix-quarantined-files.txt 2010-02-21 12:45 ComboFix2.txt 2010-02-21 12:21 Avant-CF: 382 246 281 216 octets libres Après-CF: 382 348 484 608 octets libres Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 7EEBC702A5FA92F2C894233355F06476 rait precieuse merci d avance
×
×
  • Créer...