Aller au contenu

Powaaa

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    21

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Powaaa

  1. Powaaa
    Ok. Merci beaucoup.
  2. Powaaa
    Voilà le rapport. http://cjoint.com/?CJwpLeLsalE
  3. Powaaa
    Très bien. Voilà tous les liens dans l'ordre: C:\AdwCleaner[R1].txt http://cjoint.com/?CJusfUoOoWS C:\AdwCleaner[s1].txt http://cjoint.com/?CJusg6TjKya Jrt.txt http://cjoint.com/?CJuswKV7d8R MBAM http://cjoint.com/?CJvs7KX90xm ZhpDiag.txt http://cjoint.com/?CJvtkEtddNV Je précise que les publicités ont cessé d'apparaitre. Merci pour l'aide.
  4. Powaaa
    Merci bien. Voici le lien. http://cjoint.com/?CJujG5kOPI8
  5. Powaaa
    Bonjour. Alors voilà mon problème. Depuis quelques jours, j'ai remarqué qu'à chaque fois que j'ouvrais une page internet sur firefox, une sorte de petite fenêtre publicitaire apparaissait en bas à droite de la page... Quelqu'un pourrait-il me conseiller afin que je puisse éradiquer ce problème? Je précise que je ne suis pas calé en informatique. Je vous remercie d'avance.
  6. Powaaa
    Et bien voilà. Bonjour à tous . Mon problème c'est que: Parfois, lorsque je suis en train de travailler sur l'ordinateur, que je sois sur internet ou non, une petite fenêtre noire s'ouvre toute seule et disparait presque aussitôt. Je n'ai parfois pas le temps de fermer cette fenêtre qu'elle a déjà eu le temps de disparaitre. Je crois que le nom de la fenêtre c'est trangex où quelque chose comme ça... Si elle réapparait je vous dirai le nom exact. Aussi, je suis sous Windows 7 et j'ai comme antivirus avast (version gratuite)... Mon antivirus ne détecte aucun virus lors des scan, mais est-ce bien fiable tout ça? Bon c'est rien de bien dérangeant pour l'instant, mais j'ai peur que mon système plante sous le coup d'une aggravation. D'autant plus que les devoirs de fin d'année approchent^^. Donc pour commencer, est ce que quelqu'un pourrait me dire comment analyser la présence potentielle de virus sur mon ordinateur (autre que par le biais d'un scan avast)???????????? Au fait, je suis nase en informatique, donc voilà. Je vous remercie d'avance.
  7. Powaaa
    Cette histoire de marabout télépathe est un vrai tissu d'âneries. Je n'arrive pas à croire qu'au 21ème siècle on prenne encore les gens pour des dindons. Tout le monde sait bien que pour qu'un ordi aille mieux, il faut badigeonner l'écran d'eau bénite tout les dimanches avant midi.
  8. Powaaa
    Merci^^. Mon problème est résolu (pour l'instant?) J'ai suivi ton conseil. J'ai désactivé le module complémentaire au nom d'éditeur non inconnu, je cite: java plug-in 1.6.0_14.
  9. Powaaa
    Bonjour!!!! Voilà ma situation. Depuis quelques jours, lorsque je clic sur l'onglet IE, la page commence à se charger normalement, puis une fenêtre "internet explorer a cessé de fonctionner" apparaît. Après, voilà dans l'ordre ce qui se passe: -Windows recherche une solution. -Windows me propose "fermer le programme". -Je clic sur fermer. -La page se recharge parce que IE a récupéré l'onglet. Et là on revient comme au début. Une fenêtre "internet explorer a cessé de fonctionner apparaît". Et c'est le même cercle vicieux qui recommence . A côté de ça, firefox et msn continuent de fonctionner normalement. Alors quel peut être le problème de mon navigateur??? Aussi, j'ai désinstallé internet explorer et installé une autre version pour voir si le problème s'arrangeait. Mais en fait non, pas du tout. Je me disais alors que j'avais peut être été infecté par un virus. Comment vérifié si c'est le cas? Et si c'est le cas, comment l'éradiquer avant qu'il n'affecte sérieusement mes autres programmes????? Merci d'avance pour votre aide .
  10. Powaaa
    Helloooooo!!!!!!!!! Je reposte ici pour rien mais bon. Juste pour te dire merci de tes efforts Falkra. Mais mon ordi de l'époque a arrêté de fonctionné (d'où ma longue absence). Au final j'ai préféré en changé car ma carte graphique ne marchait plus. Ça règle un peu les problèmes de virus du coup. Bon là j'ai un léger problème avec mon nouvel ordinateur et internet explorer. Je ne sais pas si je dois créé un nouveau sujet étant donné que la machine est différente. Je verrai. Sinon, encore merci . A +.
  11. Powaaa
    Désolé du retard. Donc j'ai fais ce que tu m'as dis, mais le scan n'a duré que quelques secondes. J'espère donc que j'ai bien suivi tes consignes. Merci de ton aide, voilà!!!: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/17 22:27 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x87F04000 Size: 815104 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x8C800000 Size: 49152 File Visible: No Signed: - Status: - Name: sprn.sys Image Path: C:\Windows\System32\Drivers\sprn.sys Address: 0x80691000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Processes ------------------- Path: SYSTEM PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1256 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x9a10d46c #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x9a10d458 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x9a10d45d #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x9a10d467 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CREATE] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CLOSE] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_POWER] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_PNP] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_CREATE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_CLOSE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_READ] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_WRITE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_SHUTDOWN] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_POWER] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_PNP] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_PNP] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CREATE] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CLOSE] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_POWER] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_PNP] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CREATE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLOSE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_READ] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_WRITE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SET_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SHUTDOWN] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLEANUP] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_PNP] Process: System Address: 0x878b91f8 Size: 121 ==EOF==
  12. Powaaa
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-07 22:58:54 Windows 6.0.6001 Service Pack 1 Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys ---- Processes - GMER 1.0.15 ---- Process (*** hidden *** ) -2112625576 Process (*** hidden *** ) -2079894008 Process (*** hidden *** ) -2079891288 Process (*** hidden *** ) -2079889912 Process (*** hidden *** ) -2079888552 Process (*** hidden *** ) -2074166216 Process (*** hidden *** ) -2074125872 Process (*** hidden *** ) -2072742408 Process (*** hidden *** ) -2072657736 Process (*** hidden *** ) -2072590968 Process (*** hidden *** ) -2072522568 Process (*** hidden *** ) -2072459312 Process (*** hidden *** ) -2072448840 Process (*** hidden *** ) -2072005472 Process (*** hidden *** ) -2071689760 Process (*** hidden *** ) -2071093760 Process (*** hidden *** ) -2071080776 Process (*** hidden *** ) -2071003648 Process (*** hidden *** ) -2071002952 Process (*** hidden *** ) -2070795536 Process (*** hidden *** ) -2070770176 Process (*** hidden *** ) -2070692352 Process (*** hidden *** ) -2070683464 Process (*** hidden *** ) -2070593352 Process (*** hidden *** ) -2070409728 Process (*** hidden *** ) -2070400840 Process (*** hidden *** ) -2070348288 Process (*** hidden *** ) -2070264112 Process (*** hidden *** ) -2070262272 Process (*** hidden *** ) -2070241792 Process (*** hidden *** ) -2070211152 Process (*** hidden *** ) -2070190640 Process (*** hidden *** ) -2070161880 Process (*** hidden *** ) -2070102528 Process (*** hidden *** ) -2070072576 Process (*** hidden *** ) -2070048584 Process (*** hidden *** ) -2070022624 Process (*** hidden *** ) -2069919048 Process (*** hidden *** ) -2067781264 Process (*** hidden *** ) -2067733760 Process (*** hidden *** ) -2067724784 Process (*** hidden *** ) -2067722752 Process (*** hidden *** ) -2067689984 Process (*** hidden *** ) -2067666240 Process (*** hidden *** ) -2067608224 Process (*** hidden *** ) -2067532296 Process (*** hidden *** ) -2067530240 Process (*** hidden *** ) -2067489592 Process (*** hidden *** ) -2067465488 Process (*** hidden *** ) -2067453928 Process (*** hidden *** ) -2067414080 Process (*** hidden *** ) -2067372504 Process (*** hidden *** ) -2067273976 Process (*** hidden *** ) -2067259208 Process (*** hidden *** ) -2067217664 Process (*** hidden *** ) -2067148080 Process (*** hidden *** ) -2035015064 Process (*** hidden *** ) -2029212840 Process (*** hidden *** ) -2028308200 Process (*** hidden *** ) -2028149376 Process (*** hidden *** ) -2028134912 Process (*** hidden *** ) -2028131472 Process (*** hidden *** ) -2028075288 Process (*** hidden *** ) -2026909512 Process (*** hidden *** ) -2026750464 Process (*** hidden *** ) -2026141032 Process (*** hidden *** ) -2025882808 Process (*** hidden *** ) -2025878712 Process (*** hidden *** ) -2025746248 Process (*** hidden *** ) -2025744664 Process (*** hidden *** ) -2025736048 Process (*** hidden *** ) -2025617112 Process (*** hidden *** ) -2025600560 Process (*** hidden *** ) -2025588536 Process (*** hidden *** ) -2025523760 Process (*** hidden *** ) -2025473944 Process (*** hidden *** ) -2025467720 Process (*** hidden *** ) -2025425136 Process (*** hidden *** ) -2025361224 Process (*** hidden *** ) -2025333576 Process (*** hidden *** ) -2025280696 Process (*** hidden *** ) -2025241384 Process (*** hidden *** ) -2025204120 Process (*** hidden *** ) -2025128448 Process (*** hidden *** ) -2025123176 Process (*** hidden *** ) -2025048088 Process (*** hidden *** ) -2025042920 Process (*** hidden *** ) -2025041736 Process (*** hidden *** ) -2024990992 Process (*** hidden *** ) -2024745152 Process (*** hidden *** ) -2024684224 Process (*** hidden *** ) -2024463288 Process (*** hidden *** ) -2024311536 Process (*** hidden *** ) -2024248880 Process (*** hidden *** ) -2024093936 Process (*** hidden *** ) -2024048992 Process (*** hidden *** ) -2023999648 Process (*** hidden *** ) -2023821128 Process (*** hidden *** ) -2023758544 Process (*** hidden *** ) -2023673496 Process (*** hidden *** ) -2023664880 Process (*** hidden *** ) -2023588352 Process (*** hidden *** ) -2023383552 Process (*** hidden *** ) -2022957568 Process (*** hidden *** ) -2022780744 Process (*** hidden *** ) -2022729320 Process (*** hidden *** ) -2022672840 Process (*** hidden *** ) -2022641480 Process (*** hidden *** ) -2022543872 Process (*** hidden *** ) -2022458240 Process (*** hidden *** ) -2022456552 Process (*** hidden *** ) -2022410400 Process (*** hidden *** ) -2022256456 Process (*** hidden *** ) -2022108768 Process (*** hidden *** ) -2022044856 Process (*** hidden *** ) -2022037368 Process (*** hidden *** ) -2022017992 Process (*** hidden *** ) -2021945160 Process (*** hidden *** ) -2021943152 Process (*** hidden *** ) -2021941760 Process (*** hidden *** ) -2021941064 Process (*** hidden *** ) -2021939056 Process (*** hidden *** ) -2021938360 Process (*** hidden *** ) -2021937664 Process (*** hidden *** ) -2021924680 Process (*** hidden *** ) -2021847896 Process (*** hidden *** ) -2021841032 Process (*** hidden *** ) -2021840056 Process (*** hidden *** ) -2021826376 Process (*** hidden *** ) -2021605192 Process (*** hidden *** ) -2021597000 Process (*** hidden *** ) -2021519176 Process (*** hidden *** ) -2021464872 Process (*** hidden *** ) -2021459824 Process (*** hidden *** ) -2021458432 Process (*** hidden *** ) -2021313552 Process (*** hidden *** ) -2021252136 Process (*** hidden *** ) -2021248040 Process (*** hidden *** ) -2021211360 Process (*** hidden *** ) -2021154632 Process (*** hidden *** ) -2021046896 Process (*** hidden *** ) -2020966912 Process (*** hidden *** ) -2020848680 Process (*** hidden *** ) -2020594176 Process (*** hidden *** ) -2020571736 Process (*** hidden *** ) -2020552296 Process (*** hidden *** ) -2020536832 Process (*** hidden *** ) -2020532840 Process (*** hidden *** ) -2020507464 Process (*** hidden *** ) -2020498408 Process (*** hidden *** ) -2020465000 Process (*** hidden *** ) -2020085576 Process (*** hidden *** ) -2019032904 Process (*** hidden *** ) -2018867672 Process (*** hidden *** ) -2018845184 Process (*** hidden *** ) -2018630496 Process (*** hidden *** ) -2018583344 Process (*** hidden *** ) -2018519120 Process (*** hidden *** ) -2018316888 Process (*** hidden *** ) -2018250568 Process (*** hidden *** ) -2018246472 Process (*** hidden *** ) -2017933432 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... ---- EOF - GMER 1.0.15 ----
  13. Powaaa
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-07 09:47:47 Windows 6.0.6001 Service Pack 1 Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys ---- Processes - GMER 1.0.15 ---- Process (*** hidden *** ) -2143474600 Process (*** hidden *** ) -2079894688 Process (*** hidden *** ) -2079889232 Process (*** hidden *** ) -2079887872 Process (*** hidden *** ) -2079843336 Process (*** hidden *** ) -2074477096 Process (*** hidden *** ) -2074465272 Process (*** hidden *** ) -2074405552 Process (*** hidden *** ) -2074378056 Process (*** hidden *** ) -2074375648 Process (*** hidden *** ) -2074364352 Process (*** hidden *** ) -2074312520 Process (*** hidden *** ) -2074204120 Process (*** hidden *** ) -2074160968 Process (*** hidden *** ) -2073890536 Process (*** hidden *** ) -2073844560 Process (*** hidden *** ) -2073632584 Process (*** hidden *** ) -2073587528 Process (*** hidden *** ) -2073380112 Process (*** hidden *** ) -2072896000 Process (*** hidden *** ) -2071926496 Process (*** hidden *** ) -2071855616 Process (*** hidden *** ) -2071812976 Process (*** hidden *** ) -2071758376 Process (*** hidden *** ) -2071704064 Process (*** hidden *** ) -2071678792 Process (*** hidden *** ) -2071617352 Process (*** hidden *** ) -2071474688 Process (*** hidden *** ) -2070888960 Process (*** hidden *** ) -2070389912 Process (*** hidden *** ) -2070208328 Process (*** hidden *** ) -2070139392 Process (*** hidden *** ) -2064815296 Process (*** hidden *** ) -2047471432 Process (*** hidden *** ) -2047456016 Process (*** hidden *** ) -2040491848 Process (*** hidden *** ) -2040490384 Process (*** hidden *** ) -2040348312 Process (*** hidden *** ) -2040345736 Process (*** hidden *** ) -2040120984 Process (*** hidden *** ) -2040115712 Process (*** hidden *** ) -2038686992 Process (*** hidden *** ) -2037934424 Process (*** hidden *** ) -2037933720 Process (*** hidden *** ) -2037923656 Process (*** hidden *** ) -2037919560 Process (*** hidden *** ) -2037910320 Process (*** hidden *** ) -2031211008 Process (*** hidden *** ) -2030088704 Process (*** hidden *** ) -2029649024 Process (*** hidden *** ) -2029648320 Process (*** hidden *** ) -2029483216 Process (*** hidden *** ) -2029057000 Process (*** hidden *** ) -2029054856 Process (*** hidden *** ) -2028662600 Process (*** hidden *** ) -2028641096 Process (*** hidden *** ) -2028640152 Process (*** hidden *** ) -2027102720 Process (*** hidden *** ) -2026982808 Process (*** hidden *** ) -2026947552 Process (*** hidden *** ) -2026926592 Process (*** hidden *** ) -2026887952 Process (*** hidden *** ) -2026850192 Process (*** hidden *** ) -2026815304 Process (*** hidden *** ) -2026486064 Process (*** hidden *** ) -2026320384 Process (*** hidden *** ) -2026309984 Process (*** hidden *** ) -2026309216 Process (*** hidden *** ) -2026304296 Process (*** hidden *** ) -2026102600 Process (*** hidden *** ) -2026053448 Process (*** hidden *** ) -2026031720 Process (*** hidden *** ) -2025996104 Process (*** hidden *** ) -2025943792 Process (*** hidden *** ) -2025919136 Process (*** hidden *** ) -2025914184 Process (*** hidden *** ) -2025867192 Process (*** hidden *** ) -2025794304 Process (*** hidden *** ) -2025744592 Process (*** hidden *** ) -2025716128 Process (*** hidden *** ) -2025693000 Process (*** hidden *** ) -2025684472 Process (*** hidden *** ) -2025628480 Process (*** hidden *** ) -2025619272 Process (*** hidden *** ) -2025614192 Process (*** hidden *** ) -2025602888 Process (*** hidden *** ) -2025598792 Process (*** hidden *** ) -2025563072 Process (*** hidden *** ) -2025543288 Process (*** hidden *** ) -2025353032 Process (*** hidden *** ) -2025342096 Process (*** hidden *** ) -2025312072 Process (*** hidden *** ) -2025310312 Process (*** hidden *** ) -2025253760 Process (*** hidden *** ) -2025247624 Process (*** hidden *** ) -2025237552 Process (*** hidden *** ) -2025182208 Process (*** hidden *** ) -2025127752 Process (*** hidden *** ) -2025115464 Process (*** hidden *** ) -2025088360 Process (*** hidden *** ) -2025010640 Process (*** hidden *** ) -2024965040 Process (*** hidden *** ) -2024788480 Process (*** hidden *** ) -2024661504 Process (*** hidden *** ) -2024630488 Process (*** hidden *** ) -2024568152 Process (*** hidden *** ) -2024561400 Process (*** hidden *** ) -2024499432 Process (*** hidden *** ) -2024406856 Process (*** hidden *** ) -2024376008 Process (*** hidden *** ) -2024302472 Process (*** hidden *** ) -2024291648 Process (*** hidden *** ) -2024279880 Process (*** hidden *** ) -2024183344 Process (*** hidden *** ) -2024096568 Process (*** hidden *** ) -2024054600 Process (*** hidden *** ) -2024048024 Process (*** hidden *** ) -2023960392 Process (*** hidden *** ) -2023941304 Process (*** hidden *** ) -2023739048 Process (*** hidden *** ) -2023737904 Process (*** hidden *** ) -2023549744 Process (*** hidden *** ) -2023489352 Process (*** hidden *** ) -2023451208 Process (*** hidden *** ) -2023440896 Process (*** hidden *** ) -2023415624 Process (*** hidden *** ) -2023148064 Process (*** hidden *** ) -2023123232 Process (*** hidden *** ) -2023005720 Process (*** hidden *** ) -2022965760 Process (*** hidden *** ) -2022951032 Process (*** hidden *** ) -2022943736 Process (*** hidden *** ) -2022902744 Process (*** hidden *** ) -2022781440 Process (*** hidden *** ) -2022779352 Process (*** hidden *** ) -2022704312 Process (*** hidden *** ) -2022694728 Process (*** hidden *** ) -2022693160 Process (*** hidden *** ) -2022669240 Process (*** hidden *** ) -2022660208 Process (*** hidden *** ) -2022490624 Process (*** hidden *** ) -2022422720 Process (*** hidden *** ) -2022410064 Process (*** hidden *** ) -2022266824 Process (*** hidden *** ) -2022265344 Process (*** hidden *** ) -2022257320 Process (*** hidden *** ) -2022222880 Process (*** hidden *** ) -2022181120 Process (*** hidden *** ) -2022140192 Process (*** hidden *** ) -2022128128 Process (*** hidden *** ) -2022052424 Process (*** hidden *** ) -2022051656 Process (*** hidden *** ) -2022012728 Process (*** hidden *** ) -2021959856 Process (*** hidden *** ) -2021939232 Process (*** hidden *** ) -2021849320 Process (*** hidden *** ) -2021718616 Process (*** hidden *** ) -2021683016 Process (*** hidden *** ) -2021678920 Process (*** hidden *** ) -2021536920 Process (*** hidden *** ) -2021510984 Process (*** hidden *** ) -2021498696 Process (*** hidden *** ) -2021427160 Process (*** hidden *** ) -2021409616 Process (*** hidden *** ) -2021373104 Process (*** hidden *** ) -2021325496 Process (*** hidden *** ) -2021271352 Process (*** hidden *** ) -2021220864 Process (*** hidden *** ) -2021159608 Process (*** hidden *** ) -2021081600 Process (*** hidden *** ) -2021075928 Process (*** hidden *** ) -2020994888 Process (*** hidden *** ) -2020992520 Process (*** hidden *** ) -2020984400 Process (*** hidden *** ) -2020975104 Process (*** hidden *** ) -2020932152 Process (*** hidden *** ) -2020877824 Process (*** hidden *** ) -2020725416 Process (*** hidden *** ) -2020723200 Process (*** hidden *** ) -2020717056 Process (*** hidden *** ) -2020553216 Process (*** hidden *** ) -2020548424 Process (*** hidden *** ) -2020535552 Process (*** hidden *** ) -2020529336 Process (*** hidden *** ) -2020527944 Process (*** hidden *** ) -2020491080 Process (*** hidden *** ) -2020489168 Process (*** hidden *** ) -2020480008 Process (*** hidden *** ) -2020354376 Process (*** hidden *** ) -2020281848 Process (*** hidden *** ) -2020255376 Process (*** hidden *** ) -2020138248 Process (*** hidden *** ) -2020075888 Process (*** hidden *** ) -2020058096 Process (*** hidden *** ) -2019824360 Process (*** hidden *** ) -2019768248 Process (*** hidden *** ) -2019757896 Process (*** hidden *** ) -2019743288 Process (*** hidden *** ) -2019721848 Process (*** hidden *** ) -2019612528 Process (*** hidden *** ) -2019597464 Process (*** hidden *** ) -2019444576 Process (*** hidden *** ) -2019436304 Process (*** hidden *** ) -2019353088 Process (*** hidden *** ) -2019336008 Process (*** hidden *** ) -2019320320 Process (*** hidden *** ) -2019281656 Process (*** hidden *** ) -2019185152 Process (*** hidden *** ) -2019169792 Process (*** hidden *** ) -2019141616 Process (*** hidden *** ) -2019127112 Process (*** hidden *** ) -2019117048 Process (*** hidden *** ) -2019086848 Process (*** hidden *** ) -2019084584 Process (*** hidden *** ) -2019082056 Process (*** hidden *** ) -2019077960 Process (*** hidden *** ) -2019035936 Process (*** hidden *** ) -2019029992 Process (*** hidden *** ) -2019017216 Process (*** hidden *** ) -2018994328 Process (*** hidden *** ) -2018973376 Process (*** hidden *** ) -2018962088 Process (*** hidden *** ) -2018946888 Process (*** hidden *** ) -2018875448 Process (*** hidden *** ) -2018840392 Process (*** hidden *** ) -2018810072 Process (*** hidden *** ) -2018766664 Process (*** hidden *** ) -2018733896 Process (*** hidden *** ) -2018656072 Process (*** hidden *** ) -2018248400 ---- EOF - GMER 1.0.15 ----
  14. Powaaa
    ComboFix 10-03-02.08 - ETIENNE 04/03/2010 13:40:35.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1300 [GMT -7:00] Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\ETIENNE\Desktop\CFscript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\bohumoye c:\programdata\bohumoye\bohumoye.dll c:\programdata\doguvuvo c:\programdata\fimohinu c:\programdata\gomuzidi c:\programdata\gukowema c:\programdata\hinuhilu c:\programdata\jopafuyi c:\programdata\mamotapi c:\programdata\nadusajo c:\programdata\nadusajo\nadusajo.dll c:\programdata\najihate c:\programdata\nihujoti c:\programdata\nihujoti\nihujoti.dll c:\programdata\nuruhola c:\programdata\pekiboba c:\programdata\pekiboba\pekiboba.dll c:\programdata\pohubeli c:\programdata\sapoviri c:\programdata\sulumetu c:\programdata\sulumetu\sulumetu.dll c:\programdata\tasurepa c:\programdata\wanisupa c:\programdata\wuvajepe c:\programdata\wuvajepe\wuvajepe.dll c:\programdata\yohilite c:\programdata\zazaliwu c:\programdata\zazaliwu\zazaliwu.dll c:\programdata\zofitemi c:\programdata\zofitemi\zofitemi.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 )))))))))))))))))))))))))))))))))))) . 2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-04 12:35 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-03 20:38 . 2010-03-04 20:55 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp 2010-03-03 20:36 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-03-03 20:36 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-28 15:02 . 2010-02-28 15:02 -------- d-----w- C:\_OTM 2010-02-27 19:43 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Malwarebytes 2010-02-27 17:12 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\programdata\Malwarebytes 2010-02-27 17:12 . 2010-02-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 17:12 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 19:51 . 2010-02-27 19:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-26 19:51 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\programdata\Avira 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\program files\Avira 2010-02-18 20:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll 2010-02-18 20:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2010-02-18 20:22 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2010-02-18 20:22 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll 2010-02-18 20:22 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-02-18 20:22 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll 2010-02-18 20:22 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2010-02-18 20:22 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll 2010-02-18 20:22 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe 2010-02-18 20:22 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe 2010-02-18 20:22 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll 2010-02-18 20:22 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll 2010-02-18 15:14 . 2010-02-18 15:14 -------- d-----w- C:\PerfLogs 2010-02-11 07:56 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-11 07:28 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-11 07:28 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-11 07:28 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-11 07:28 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-11 07:28 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-11 07:28 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-11 07:27 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-11 07:27 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-11 07:27 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-02-11 07:27 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-11 07:27 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-11 07:27 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-04 04:24 . 2006-03-12 23:37 678968 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-04 04:24 . 2006-03-12 23:37 128004 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-03 18:12 . 2008-04-05 10:01 -------- d-----w- c:\program files\Lx_cats 2010-02-27 18:06 . 2008-08-12 14:46 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\LimeWire 2010-02-24 16:16 . 2009-10-04 08:55 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-18 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-02-18 15:12 . 2006-03-12 15:25 -------- d-----w- c:\programdata\NVIDIA 2010-02-18 14:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-02-18 14:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-02-14 15:33 . 2006-03-12 15:42 -------- d-----w- c:\programdata\Microsoft Help 2010-01-23 04:44 . 2008-10-17 20:21 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-16 17:33 . 2009-08-22 16:23 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\program files\Ask Search Assistant 2010-01-16 17:24 . 2009-08-22 16:14 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-13 14:39 . 2008-08-12 14:25 -------- d-----w- c:\program files\LimeWire 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\programdata\PC Suite 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\PC Suite 2010-01-08 16:33 . 2010-01-08 16:32 -------- d-----w- c:\program files\DIFX 2010-01-08 16:32 . 2006-03-12 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-08 16:32 . 2010-01-08 16:25 -------- d-----w- c:\program files\Samsung 2010-01-08 16:31 . 2010-01-08 16:27 -------- d-----w- c:\program files\PC Connectivity Solution 2010-01-08 16:29 . 2010-01-08 16:29 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Samsung 2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\program files\MarkAny 2010-01-02 06:38 . 2010-01-25 04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-25 04:29 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-25 04:29 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-25 04:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-06 12:37 . 2010-02-06 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-03-03 15:08 . 2006-03-12 15:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2010-03-03 15:08 . 2006-03-12 15:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2010-03-03 15:08 . 2006-03-12 15:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2010-03-03 15:08 . 2006-03-12 15:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2010-03-03 15:08 . 2006-03-12 15:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-03 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192] "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\users\ETIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-29 155648] Outil de notification Live Search.lnk - c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-1 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2010 12:51 108289] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08/01/2010 09:29 233472] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/04/2007 22:21 99248] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08/01/2010 09:29 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [12/03/2006 16:33 281088] S2 gupdate1c9e867306385d0;Service Google Update (gupdate1c9e867306385d0);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 11:30 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 14:17 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/03/2006 08:36 30192] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' 2010-03-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-03-12 15:13] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002Core.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002UA.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2008-05-16 c:\windows\Tasks\HDReg.job - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14] 2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{7CCA24AB-1E15-44A7-B220-2BBF2EB9B2A5}.job - c:\windows\system32\msfeedssync.exe [2010-01-25 04:56] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\lxddcoms.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Windows Media Player\wmpnetwk.exe c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Heure de fin: 2010-03-04 14:05:27 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-04 21:05 ComboFix2.txt 2010-03-03 20:38 Avant-CF: 14 683 693 056 octets libres Après-CF: 14 548 418 560 octets libres - - End Of File - - EC17457E00A917E60E1E6805B7E40AF6
  15. Powaaa
    ComboFix 10-03-02.08 - ETIENNE 03/03/2010 13:21:25.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.873 [GMT -7:00] Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-37189480-250429832-724886619-500 c:\users\ETIENNE\heuwo.exe c:\users\ETIENNE\hiadae.exe c:\users\ETIENNE\joooc.exe c:\users\ETIENNE\koasaq.exe c:\users\ETIENNE\naauviw.exe c:\users\ETIENNE\swjoub.exe c:\users\ETIENNE\tajax.exe c:\users\ETIENNE\yeegap.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-03 au 2010-03-03 )))))))))))))))))))))))))))))))))))) . 2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp 2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-28 15:02 . 2010-02-28 15:02 -------- d-----w- C:\_OTM 2010-02-27 19:43 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Malwarebytes 2010-02-27 17:12 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\programdata\Malwarebytes 2010-02-27 17:12 . 2010-02-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 17:12 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 19:51 . 2010-02-27 19:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-26 19:51 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\programdata\Avira 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\program files\Avira 2010-02-26 19:24 . 2010-02-27 18:04 -------- d-----w- c:\programdata\gomuzidi 2010-02-26 19:24 . 2010-02-26 19:24 -------- d-----w- c:\programdata\nadusajo 2010-02-25 16:39 . 2010-02-27 12:35 -------- d-----w- c:\programdata\tasurepa 2010-02-25 16:39 . 2010-02-25 16:39 -------- d-----w- c:\programdata\pekiboba 2010-02-25 15:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\nuruhola 2010-02-25 15:34 . 2010-02-25 15:34 -------- d-----w- c:\programdata\zazaliwu 2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\sulumetu 2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\zofitemi 2010-02-23 16:10 . 2010-02-27 12:35 -------- d-----w- c:\programdata\najihate 2010-02-23 16:10 . 2010-02-23 16:10 -------- d-----w- c:\programdata\wuvajepe 2010-02-22 16:34 . 2010-03-03 14:49 -------- d-----w- c:\programdata\doguvuvo 2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\wanisupa 2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\sapoviri 2010-02-22 16:34 . 2010-02-22 16:34 -------- d-----w- c:\programdata\nihujoti 2010-02-21 18:32 . 2010-02-27 12:34 -------- d-----w- c:\programdata\fimohinu 2010-02-21 18:32 . 2010-02-22 17:39 -------- d-----w- c:\programdata\gukowema 2010-02-21 18:32 . 2010-02-27 12:35 -------- d-----w- c:\programdata\yohilite 2010-02-21 16:19 . 2010-02-27 12:35 -------- d-----w- c:\programdata\pohubeli 2010-02-21 16:19 . 2010-02-21 16:19 -------- d-----w- c:\programdata\bohumoye 2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\mamotapi 2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\jopafuyi 2010-02-21 16:13 . 2010-02-27 12:34 -------- d-----w- c:\programdata\hinuhilu 2010-02-18 20:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll 2010-02-18 20:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2010-02-18 20:22 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2010-02-18 20:22 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll 2010-02-18 20:22 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-02-18 20:22 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll 2010-02-18 20:22 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2010-02-18 20:22 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll 2010-02-18 20:22 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe 2010-02-18 20:22 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe 2010-02-18 20:22 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll 2010-02-18 20:22 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll 2010-02-18 15:14 . 2010-02-18 15:14 -------- d-----w- C:\PerfLogs 2010-02-11 07:56 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-11 07:28 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-11 07:28 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-11 07:28 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-11 07:28 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-11 07:28 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-11 07:28 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-11 07:27 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-11 07:27 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-11 07:27 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-02-11 07:27 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-11 07:27 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-11 07:27 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-03 18:12 . 2008-04-05 10:01 -------- d-----w- c:\program files\Lx_cats 2010-02-27 18:06 . 2008-08-12 14:46 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\LimeWire 2010-02-24 18:00 . 2006-03-12 23:37 678968 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-24 18:00 . 2006-03-12 23:37 128004 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-24 16:16 . 2009-10-04 08:55 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-18 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-02-18 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-02-18 15:12 . 2006-03-12 15:25 -------- d-----w- c:\programdata\NVIDIA 2010-02-18 14:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-02-18 14:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-02-14 15:33 . 2006-03-12 15:42 -------- d-----w- c:\programdata\Microsoft Help 2010-02-01 16:43 . 2010-02-01 16:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3BB.tmp.exe 2010-01-23 04:44 . 2008-10-17 20:21 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-16 17:33 . 2009-08-22 16:23 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\program files\Ask Search Assistant 2010-01-16 17:24 . 2009-08-22 16:14 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-13 14:39 . 2008-08-12 14:25 -------- d-----w- c:\program files\LimeWire 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\programdata\PC Suite 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\PC Suite 2010-01-08 16:36 . 2010-01-08 16:34 734208 ----a-w- c:\users\ETIENNE\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe 2010-01-08 16:33 . 2010-01-08 16:32 -------- d-----w- c:\program files\DIFX 2010-01-08 16:32 . 2006-03-12 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-08 16:32 . 2010-01-08 16:25 -------- d-----w- c:\program files\Samsung 2010-01-08 16:31 . 2010-01-08 16:27 -------- d-----w- c:\program files\PC Connectivity Solution 2010-01-08 16:29 . 2010-01-08 16:29 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Samsung 2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\program files\MarkAny 2010-01-02 06:38 . 2010-01-25 04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-25 04:29 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-25 04:29 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-25 04:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 13:39 . 2009-12-25 13:39 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-04 09:50 . 2009-12-04 09:50 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB41A.tmp.exe 2009-12-04 07:35 . 2009-03-05 16:10 1 ----a-w- c:\users\ETIENNE\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-06 12:37 . 2010-02-06 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-03-03 15:08 . 2006-03-12 15:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2010-03-03 15:08 . 2006-03-12 15:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2010-03-03 15:08 . 2006-03-12 15:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2010-03-03 15:08 . 2006-03-12 15:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2010-03-03 15:08 . 2006-03-12 15:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-03 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192] "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\users\ETIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-29 155648] Outil de notification Live Search.lnk - c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-1 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2010 12:51 108289] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08/01/2010 09:29 233472] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/04/2007 22:21 99248] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08/01/2010 09:29 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [12/03/2006 16:33 281088] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [06/05/2009 23:46 721904] S2 gupdate1c9e867306385d0;Service Google Update (gupdate1c9e867306385d0);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 11:30 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 14:17 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/03/2006 08:36 30192] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' 2010-03-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-03-12 15:13] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002Core.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002UA.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2008-05-16 c:\windows\Tasks\HDReg.job - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14] 2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{7CCA24AB-1E15-44A7-B220-2BBF2EB9B2A5}.job - c:\windows\system32\msfeedssync.exe [2010-01-25 04:56] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe HKCU-Run-qoocean - c:\users\ETIENNE\qoocean.exe HKLM-Run-NPSStartup - (no file) AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-HijackThis - c:\users\ETIENNE\AppData\Local\Temp\Rar$EX01.962\HijackThis.exe AddRemove-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-03 13:34 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP000000333AA29D36FE2DAEA0 524288 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . Heure de fin: 2010-03-03 13:38:10 ComboFix-quarantined-files.txt 2010-03-03 20:38 Avant-CF: 15 827 746 816 octets libres Après-CF: 16 344 387 584 octets libres - - End Of File - - CB66B6FB74B85D004E07B9C97D4A1AB1
  16. Powaaa
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-28 18:58:39 Windows 6.0.6001 Service Pack 1 Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys ---- System - GMER 1.0.15 ---- SSDT 8C3D32B4 ZwCreateThread SSDT 8C3D32A0 ZwOpenProcess SSDT 8C3D32A5 ZwOpenThread SSDT 8C3D32AF ZwTerminateProcess INT 0x51 ? 869BABF8 INT 0x52 ? 869BABF8 INT 0x62 ? 869BABF8 INT 0x72 ? 869BABF8 INT 0x82 ? 84E0ABF8 INT 0x92 ? 8447BBF8 INT 0xA2 ? 8447BBF8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D6] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A042] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A800] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0C0] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13E] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A9E9C] \SystemRoot\System32\Drivers\spam.sys IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortUchar] 838C729F IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C7270 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\awf6sfmg.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84E0C1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84E081F8 Device \Driver\usbuhci \Device\USBPDO-0 867AB1F8 Device \Driver\usbuhci \Device\USBPDO-1 867AB1F8 Device \Driver\usbehci \Device\USBPDO-2 867D61F8 Device \Driver\usbuhci \Device\USBPDO-3 867AB1F8 Device \Driver\usbuhci \Device\USBPDO-4 867AB1F8 Device \Driver\usbuhci \Device\USBPDO-5 867AB1F8 Device \Driver\PCI_PNP8099 \Device\00000049 spam.sys Device \Driver\usbehci \Device\USBPDO-6 867D61F8 Device \Driver\volmgr \Device\HarddiskVolume1 84E081F8 Device \Driver\volmgr \Device\HarddiskVolume2 84E081F8 Device \Driver\cdrom \Device\CdRom0 867DA1F8 Device \Driver\cdrom \Device\CdRom1 867DA1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E0B1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [826CA6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 84E0B1F8 Device \Driver\atapi \Device\Ide\IdePort1 84E0B1F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826CA6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\netbt \Device\NetBT_Tcpip_{DE6F740D-85A3-4347-8C7D-C7DF8B7A215E} 86F09500 Device \Driver\netbt \Device\NetBT_Tcpip_{C4856829-4845-44F3-BD5D-1EE202807801} 86F09500 Device \Driver\netbt \Device\NetBt_Wins_Export 86F09500 Device \Driver\Smb \Device\NetbiosSmb 870041F8 Device \Driver\iScsiPrt \Device\RaidPort0 867F3500 Device \Driver\usbuhci \Device\USBFDO-0 867AB1F8 Device \Driver\usbuhci \Device\USBFDO-1 867AB1F8 Device \Driver\sptd \Device\24532118 spam.sys Device \Driver\usbehci \Device\USBFDO-2 867D61F8 Device \Driver\usbuhci \Device\USBFDO-3 867AB1F8 Device \Driver\usbuhci \Device\USBFDO-4 867AB1F8 Device \Driver\usbuhci \Device\USBFDO-5 867AB1F8 Device \Driver\usbehci \Device\USBFDO-6 867D61F8 Device \Driver\awf6sfmg \Device\Scsi\awf6sfmg1Port4Path0Target0Lun0 867F61F8 Device \Driver\awf6sfmg \Device\Scsi\awf6sfmg1 867F61F8 Device \FileSystem\cdfs \Cdfs 867F21F8 ---- Processes - GMER 1.0.15 ---- Library C:\Users\ETIENNE\qoocean.exe (*** hidden *** ) @ C:\Users\ETIENNE\qoocean.exe [3544] 0x00400000 Process (*** hidden *** ) -2143474600 Process (*** hidden *** ) -2079930192 Process (*** hidden *** ) -2079928832 Process (*** hidden *** ) -2079923360 Process (*** hidden *** ) -2074374656 Process (*** hidden *** ) -2072877400 Process (*** hidden *** ) -2071414760 Process (*** hidden *** ) -2071315896 Process (*** hidden *** ) -2070696616 Process (*** hidden *** ) -2070499144 Process (*** hidden *** ) -2066693960 Process (*** hidden *** ) -2066600448 Process (*** hidden *** ) -2066556352 Process (*** hidden *** ) -2053808640 Process (*** hidden *** ) -2053575896 Process (*** hidden *** ) -2053272064 Process (*** hidden *** ) -2053266296 Process (*** hidden *** ) -2048391016 Process (*** hidden *** ) -2048262656 Process (*** hidden *** ) -2040402824 Process (*** hidden *** ) -2029582744 Process (*** hidden *** ) -2029582048 Process (*** hidden *** ) -2029291320 Process (*** hidden *** ) -2028865712 Process (*** hidden *** ) -2028491432 Process (*** hidden *** ) -2026601544 Process (*** hidden *** ) -2026073928 Process (*** hidden *** ) -2026016008 Process (*** hidden *** ) -2025934664 Process (*** hidden *** ) -2025848648 Process (*** hidden *** ) -2025817208 Process (*** hidden *** ) -2025789424 Process (*** hidden *** ) -2025788192 Process (*** hidden *** ) -2025695072 Process (*** hidden *** ) -2025594496 Process (*** hidden *** ) -2025590600 Process (*** hidden *** ) -2025533256 Process (*** hidden *** ) -2025498568 Process (*** hidden *** ) -2025395376 Process (*** hidden *** ) -2025160520 Process (*** hidden *** ) -2025056560 Process (*** hidden *** ) -2024174648 Process (*** hidden *** ) -2024161096 Process (*** hidden *** ) -2024087368 Process (*** hidden *** ) -2024083272 Process (*** hidden *** ) -2023170560 Process (*** hidden *** ) -2023117312 Process (*** hidden *** ) -2023057640 Process (*** hidden *** ) -2023049288 Process (*** hidden *** ) -2022988048 Process (*** hidden *** ) -2022947952 Process (*** hidden *** ) -2022915912 Process (*** hidden *** ) -2022717616 Process (*** hidden *** ) -2022225680 Process (*** hidden *** ) -2022035968 Process (*** hidden *** ) -2021932344 Process (*** hidden *** ) -2021905800 Process (*** hidden *** ) -2021901928 Process (*** hidden *** ) -2021805896 Process (*** hidden *** ) -2021595064 Process (*** hidden *** ) -2021594368 Process (*** hidden *** ) -2021423176 Process (*** hidden *** ) -2021417472 Process (*** hidden *** ) -2021111040 Process (*** hidden *** ) -2020998528 Process (*** hidden *** ) -2020994888 Process (*** hidden *** ) -2020700672 Process (*** hidden *** ) -2020308952 Process (*** hidden *** ) -2020265800 Process (*** hidden *** ) -2020121576 Process (*** hidden *** ) -2020024832 Process (*** hidden *** ) -2019649864 Process (*** hidden *** ) -2019619328 Process (*** hidden *** ) -2019553792 Process (*** hidden *** ) -2019535344 Process (*** hidden *** ) -2019490968 Process (*** hidden *** ) -2019406336 Process (*** hidden *** ) -2019242592 Process (*** hidden *** ) -2019217224 Process (*** hidden *** ) -2019204936 Process (*** hidden *** ) -2019017872 Process (*** hidden *** ) -2018899656 Process (*** hidden *** ) -2018848584 Process (*** hidden *** ) -2018834752 Process (*** hidden *** ) -2018811720 Process (*** hidden *** ) -2018692936 Process (*** hidden *** ) -2018570968 Process (*** hidden *** ) -1218448168 Process (*** hidden *** ) -1216612760 Process (*** hidden *** ) -1215695744 Process (*** hidden *** ) -1212286848 Process (*** hidden *** ) -1204814504 Process (*** hidden *** ) -1200489912 Process (*** hidden *** ) -1187775144 Process (*** hidden *** ) -1187644072 Process (*** hidden *** ) -1187515744 Process (*** hidden *** ) -1186596192 Process (*** hidden *** ) -1186595496 Process (*** hidden *** ) -1182139048 Process (*** hidden *** ) -1181092968 Process (*** hidden *** ) -1180960184 Process (*** hidden *** ) -1180700488 Process (*** hidden *** ) -1180304824 Process (*** hidden *** ) -1180304040 Process (*** hidden *** ) -1180044032 Process (*** hidden *** ) -1179779752 Process (*** hidden *** ) -1179648680 Process (*** hidden *** ) -1179518560 Process (*** hidden *** ) -1179387472 Process (*** hidden *** ) -1179127624 Process (*** hidden *** ) -1165889352 Process (*** hidden *** ) -1133511504 Process (*** hidden *** ) -1133250544 Process (*** hidden *** ) -1132987664 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... ---- EOF - GMER 1.0.15 ----
  17. Powaaa
    Voilà: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:25:16, on 28/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Windows\ehome\ehmsas.exe C:\Users\ETIENNE\qoocean.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Users\ETIENNE\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\ETIENNE\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [qoocean] C:\Users\ETIENNE\qoocean.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Outil de notification Live Search.lnk = C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e867306385d0) (gupdate1c9e867306385d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12404 bytes
  18. Powaaa
    Voilà!!!!!! Je t'ai envoyé le lien. J'espère que tu l'as reçu.
  19. Powaaa
    Waw... Voilà le rapport^^: ========== PROCESSES ========== ========== FILES ========== File/Folder C:\Users\ETIENNE\vauupo.exe not found. C:\Users\ETIENNE\qoocean.exe moved successfully. File/Folder c:\progra~2\gomuzidi\gomuzidi.dll not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vauupo deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qoocean deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jewelugup deleted successfully. ========== COMMANDS ========== OTM by OldTimer - Version 3.1.9.0 log created on 02282010_080249 Je fais quoi ensuite? ("Je fais quoi ensuite?" ne fait pas parti de rapport)
  20. Powaaa
    Ok. Voilà le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:21, on 27/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\ETIENNE\qoocean.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\ehome\ehmsas.exe C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\ETIENNE\Desktop\HiJackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\ETIENNE\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [vauupo] C:\Users\ETIENNE\vauupo.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [qoocean] C:\Users\ETIENNE\qoocean.exe O4 - HKCU\..\Run: [jewelugup] Rundll32.exe "c:\progra~2\gomuzidi\gomuzidi.dll",a O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Outil de notification Live Search.lnk = C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e867306385d0) (gupdate1c9e867306385d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12620 bytes
  21. Powaaa
    Merci pour tes conseils Falkra^^ . J'ai donc fais ce que tu m'a dis. J'ai fais un examen rapide. On m'a dit qu'il fallait redémarrer l'ordinateur pour supprimer certains membres de la sélection, ce que j'ai fais. Voila le rapport obtenu avant le redémarrage: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3802 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 27/02/2010 10:59:24 mbam-log-2010-02-27 (10-59-24).txt Type de recherche: Examen rapide Eléments examinés: 114337 Temps écoulé: 6 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): c:\ProgramData\gomuzidi\gomuzidi.dll (Malware.Packer) -> Delete on reboot. Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\ProgramData\gomuzidi\gomuzidi.dll (Malware.Packer) -> Delete on reboot. C:\Users\ETIENNE\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. J'ai ensuite refais un examen rapide et voilà le rapport obtenu: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3802 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 27/02/2010 11:21:47 mbam-log-2010-02-27 (11-21-46).txt Type de recherche: Examen rapide Eléments examinés: 112794 Temps écoulé: 10 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) AH oui!!!!!!! Aussi au redémarrage il y a eu un onglet "Programmes de démarrage bloqués" qui est apparu dans la barre d'outil en bas à droite (là ou il y a l'icône du volume et de l'état de la batterie . Que dois je faire à présent??? A noter aussi, les fenêtres de rapport de probleme ont arrêté de m'envahir au démarrage. Mais à chaque fois que je ferme une page d'un programme il y a un rapport d'erreur qui apparaît (par exemple quand je ferme une page internet explorer un onglet "internet explorer a cessé de fonctionner apparaît" ce qui est normal vu que je viens de fermer la page...) comment éviter ça? Bref, en tout cas merci^^. Ça a l'aire de s'arranger .
  22. Powaaa
    Mon ORDI est infecté par les virus et je ne sais pas trop comment les éradiquer. Au début je pouvais les supprimer avec avast quand je faisais un scan mais ils revenaient systématiquement à chaque démarrage... Plusieurs des mes programmes ne marchent plus (internet explorer, google, macrovision...) Dès que j'allume l'ordi, plusieurs fenêtres de rapport de problèmes ( comme par exemple: internet explorer a cessé de fonctionner: fermer le programme-rechercher une solution en ligne... enfin vous voyez le genre) apparaissent. J'ai donc suivi le tuto d'aide en utilisant antivir et hijackthis. Voici le rapport hijackthis^^. Au fait je suis une nouille en informatique, c'est pas un problème j'espère??? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:04:01, on 27/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Lexmark Fax Solutions\fm3032.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\Windows\system32\DllHost.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\ETIENNE\lsass.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\ETIENNE\qoocean.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\System32\mobsync.exe C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Users\ETIENNE\etygpjqkp.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\werfault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wermgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\WerFault.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~1\Java\jre6\bin\ssvagent.exe C:\Windows\system32\WerFault.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\WerFault.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\werfault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\werfault.exe C:\Windows\system32\WerFault.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SndVol.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\werfault.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\WerFault.exe C:\Users\ETIENNE\AppData\Local\Google\Update\Download\{909F0346-5485-4BA4-A029-9B30E07D4092}\GoogleUpdateSetup.exe C:\Windows\system32\WerFault.exe C:\Users\ETIENNE\AppData\Local\Temp\GUME927.tmp\GoogleUpdate.exe C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\WerFault.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\werfault.exe C:\Windows\system32\WerFault.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Windows\system32\WerFault.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE C:\Windows\system32\dwwin.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\WerFault.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WerFault.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\ETIENNE\AppData\Local\Temp\Rar$EX01.962\HijackThis.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\ETIENNE\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [LSA Shellu] C:\Users\ETIENNE\lsass.exe O4 - HKCU\..\Run: [vauupo] C:\Users\ETIENNE\vauupo.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [qoocean] C:\Users\ETIENNE\qoocean.exe O4 - HKCU\..\Run: [gewakeleto] Rundll32.exe "C:\ProgramData\hinuhilu\hinuhilu.dll",s O4 - HKCU\..\Run: [jewelugup] Rundll32.exe "c:\progra~2\gomuzidi\gomuzidi.dll",a O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Outil de notification Live Search.lnk = C:\Users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c9e867306385d0) (gupdate1c9e867306385d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 16912 bytes Maintenant je fais quoi? Sachant que les problèmes persistent...
×
×
  • Créer...