MauriceLechat

Ouf, ci dessous les rapports. Ca semble propre, mais malhereusement, mes navigateurs continuent de se comporter curieusement (lents, redirections des liens Google, Google Image ne montre que quelques images, ... Le seul truc qui semble encore poser problème est le MBR ? As-tu encore quelques idées ? En tous les cas, merci de ton aide... ================================================================ Le rapport Rogue Killer : RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur: Baboume [Droits d'admin] Mode: Recherche -- Date: 06/04/2012 09:16:59 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 2 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 practivate.adobe.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Volume0 +++++ --- User --- [MBR] af4a9bfc4d686c84df19f77df4a2ff98 [bSP] 80c729b8484ea9d2d0a17c18e49851a1 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8149 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16691200 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16896000 | Size: 235969 Mo User != LL1 ... KO! --- LL1 --- [MBR] 0ff2217e2c4547c090bbe9ef9256329b [bSP] 80c729b8484ea9d2d0a17c18e49851a1 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8149 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16691200 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16896000 | Size: 235969 Mo 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 500160512 | Size: 0 Mo Error reading LL2 MBR! Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ================================================================ Dans ce rapport (j'essaye d'apprendre à interpréter ...) : je ne sais pas ce que sont les deux "entrées de registre", Les renvois du Host concernant les site d'Adobe sont voulus, Mais je ne sais pas d'où viennent ceux pour 125.252.224.90 et 125.252.224.91 (akamaitechnologies.com). Et bien sûr, la partie du rapport concernant le MBR m'inquiète, mais il faut peut-être préciser que j'ai un Sony Vaio VPC Z1 avec une technologie de disque un peu "moderne" ? ================================================================ Et enfin, le rapport MBAM : Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.04.05.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Baboume :: BABOUME-VAIO [administrateur] 05/04/2012 22:12:04 mbam-log-2012-04-05 (22-12-04).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 659827 Temps écoulé: 1 heure(s), 20 minute(s), 39 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) ================================================================

Voici le rapport de ZHPFix : Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011 Fichier d'export Registre : Run by Baboume at 04/04/2012 21:47:25 Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== SUPPRIME Key*: HKUS\.DEFAULT\Software\settings SUPPRIME Key: HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} ========== Valeur(s) du Registre ========== SUPPRIME {AE5CA42B-CCFB-4A64-88F6-902A0607A6A4} SUPPRIME {CEA7EE0A-F8F1-436C-8C1A-63F62B735F46} SUPPRIME {B4806907-955E-4DE8-9374-C787263A6E46} SUPPRIME {8D11C531-7CED-4D15-AD06-DDFBA1124582} ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (None) : {8ADD79F3-F4CA-4CA1-8F31-9791B10F0352} SUPPRIME FirewallRaz (Private) : TCP Query User{4239FE2A-FF20-4B42-8CAB-C9A8D9B767D6}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe SUPPRIME FirewallRaz (Private) : UDP Query User{1C1C43B1-201F-49AC-BE44-47146B0A245D}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe SUPPRIME FirewallRaz (Private) : TCP Query User{785184AE-3F46-41E7-A055-7727E48D2518}C:\program files (x86)\participatory culture foundation\miro\miro.exe SUPPRIME FirewallRaz (Private) : UDP Query User{2E7CAB7F-20EF-4CD6-A277-5E35EEE6A254}C:\program files (x86)\participatory culture foundation\miro\miro.exe ========== Dossier(s) ========== SUPPRIME Folder: C:\ProgramData\Partner SUPPRIME Folder: C:\ProgramData\regid.1986-12.com.adobe SUPPRIME Flash Cookies: 0 SUPPRIME Temporaires Windows: : 32 ========== Fichier(s) ========== ABSENT Folder/File: d:\krk\3ds9\max9keygen.exe ABSENT Folder/File: d:\krk\adobe cs5\cs5serial\creative.suite keygen.exe ABSENT Folder/File: d:\krk\math - mathtype 5.2+keygen.zip ABSENT Folder/File: d:\krk\webtrends\webtrends log analyzer v8.1 keygen.zip SUPPRIME Flash Cookies: 0 SUPPRIME Temporaires Windows: : 188 ========== Tache planifiée ========== SUPPRIME Task: {6362CBEC-1524-4404-9944-228175133AF6} ========== Autre ========== NON TRAITE 04 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDJtime.dll (.not file.) ========== Récapitulatif ========== 2 : Clé(s) du Registre 11 : Valeur(s) du Registre 4 : Dossier(s) 6 : Fichier(s) 1 : Tache planifiée 1 : Autre End of clean in 00mn 26s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 31/03/2012 22:24:35 [5890] C:\ZHP\ZHPFix[R2].txt - 04/04/2012 21:47:25 [2591]

J'ai fait le maximum de nettoyage de mes cracks et autres, tels que vous me les avez indiqués ce matin. (Un grand merci au passage) voici mon nouveau rapport ZHPDiag après nettoyage : Lien CJoint.com BDdullH9H3G A bientôt, JB Touchard

Voici le lien qui pointe vers mon fichier ZHPDiag.txt : Lien CJoint.com BDcwITwAFvq Par avance merci... JB Touchard

Ci dessous le résultat d'une analyse Hijack. Quelqu'un peut-il m'aider à l'interpréter ? Merci d'avance Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012 Run by Baboume at 31/03/2012 23:06:01 Web site : ZHPDiag Outil de diagnostic Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601) State : Nouvelle version disponible Boot mode: Normal (Normal boot) Logged in as Administrator ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) MFIE: Mozilla Firefox 8.0.1 v8.0.1 GCIE: Google Chrome v18.0.1025.142 OBIE: Safari v5.34.52.7 ---\\ Processus lancés [MD5.BE82AE3DC56D07D4B476EF962B3C6085] - (.Lexmark - Device Monitor Application.) -- C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe [20480] [PID.3248] [MD5.E6AB949778501B036EECE0E3267478D6] - (.Pas de propriétaire - Device Monitor.) -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760] [PID.3332] [MD5.7919769F265843BF3CAAC86EE69CD351] - (.Pas de propriétaire - Device Monitor Application.) -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480] [PID.3364] [MD5.7AE2120F494195664FDFF401F2693EC9] - (.Akamai Technologies, Inc - Akamai NetSession Client.) -- C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe [3331872] [PID.3400] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.] [MD5.4CF38637FADECCCC00013C0711DB3BBA] - (.Sophos Plc - Component to show AutoUpdate's GUI elements.) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [245760] [PID.3628] [MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696] [PID.3668] [MD5.CCA9023E3DDBE290D4381344115D99B7] - (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136] [PID.3748] [MD5.F1A3C96412E37DB54C48E4678377C8F1] - (.Sony Corporation - Marketing Tools.) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624] [PID.3872] [MD5.A21E70B4F972CA396A80013D0D436350] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [620152] [PID.3932] [MD5.BE98A7F7C1C0CA899983209830E79520] - (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496] [PID.4016] [MD5.090F01749074A52290A1CC2FB5FB20B7] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [46200] [PID.4024] [MD5.D589B61F6A5BE79F3BD106176E2D4347] - (.Pas de propriétaire - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1989120] [PID.2948] [MD5.0DCAC41EB58A45049BD7FF665C32D5F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.3300] [MD5.505F022493D471025ADD399A4162208B] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296] [PID.3220] [MD5.46AE705AC463F50AC714C8084A09A2A3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [2211328] [PID.7424] [MD5.FF1B8BA19D3AA635DF699AAA858DF63B] - (.Sophos Plc - Performs virus scanning and disinfection fu.) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [98304] [PID.] [MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.] [MD5.17681266E789BA928CBED70DD58EE4B1] - (.Autodesk - System Level Service Utility.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704] [PID.] [MD5.AD1CF8471B06BADB93D87CC4D63B8483] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [268824] [PID.] [MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.] [MD5.AA0C4A2C33CE075DF2C272D678734991] - (...) -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536] [PID.] [MD5.016837DCE7C9BDACFC347AD7D9494D1D] - (...) -- C:\Program Files (x86)\MySQL\MySQL Server 5.5\bin\mysqld.exe [8184320] [PID.] [MD5.0AC6B3D3BDE58546CBA360B396DB2BD4] - (.QUALCOMM, Inc. - QDLService2k.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [330488] [PID.] [MD5.71FC5B3D9A814E7B06B7B0F3E204B1D5] - (.Sophos Plc - Sophos Administrator Service.) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [69632] [PID.] [MD5.A2FC88DC4F21C7BB8693955D5E8D3DBB] - (.Sophos Plc - Sophos AutoUpdate Service..) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [172032] [PID.] [MD5.1C46C27E9F1938B9589859C70450D275] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2358656] [PID.] [MD5.A60605FC66552B421EE1F3D4EBB9A4E0] - (.Sony Corporation - VAIO Event Service (Service Module).) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [217968] [PID.] [MD5.B2892F75963E3CB1A43D8951EA10F622] - (...) -- C:\Program Files (x86)\OneClickInternet\WTGService.exe [316880] [PID.] [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.] [MD5.1D702FFC1B8CDCF76FBCA7740CE510D8] - (.Sony Corporation - VAIO Event Service (Service Sub Module).) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe [120176] [PID.] [MD5.718BD747DD02B12487747EB7B0BBCA8F] - (.Pas de propriétaire - Lexmark Fax Solutions Software.) -- C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe [717744] [PID.] [MD5.CC839E8D766CC31A7710C9F38CF3E375] - (.Google - gusvc.) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [182768] [PID.] [MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.] [MD5.0CDD80CD238960AD62AA54E67E4B4C32] - (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240] [PID.] ~ Scan Processes Running in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Baboume\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] Google G2 - GCE: Preference [user Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé) G2 - GCE: Preference [user Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé) ~ Scan Google Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 43 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Clé orpheline O2 - BHO: ContributeBHO Class [64Bits] - {074C1DC5-9320-4A9A-947D-C042949C6216} . (.Adobe Systems, Inc. - Contribute IE Plugin.) -- C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: MathPlayer BHO [64Bits] - {32F66A28-7614-11D4-BD11-00104BD3F987} . (.Design Science, Inc. - MathPlayer Binary Helper Object.) -- C:\Program Files (x86)\Design Science\MathPlayer\MathPlayerBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\ O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [synTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PSQLLauncher] . (...) -- C:\Program Files\Protector Suite\launcher.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [lxdjamon] . (.Lexmark - Device Monitor Application.) -- C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDJtime.dll (.not file.) O4 - HKLM\..\Run: [lxddmon.exe] . (.Pas de propriétaire - Device Monitor.) -- C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe O4 - HKLM\..\Run: [lxddamon] . (.Pas de propriétaire - Device Monitor Application.) -- C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe O4 - HKLM\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (.not file.) O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc - Akamai NetSession Client.) -- C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [iSBMgr.exe] . (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Wow6432Node\Run: [MarketingTools] . (.Sony Corporation - Marketing Tools.) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe O4 - HKLM\..\Wow6432Node\Run: [samsung PanelMgr] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe O4 - HKLM\..\Wow6432Node\Run: [3180 Scan2PC] . (.Pas de propriétaire - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe O4 - HKLM\..\Wow6432Node\Run: [FaxCenterServer] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-1084582377-123507661-1335403744-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc - Akamai NetSession Client.) -- C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-1084582377-123507661-1335403744-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\Baboume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk . (.Helios Software Solutions.) -- C:\Program Files (x86)\TextPad 5\TextPad.exe O4 - Global Startup: C:\Users\Baboume\Desktop\APSR.lnk . (.DataNumen, Inc..) -- C:\Program Files (x86)\APSR\APSR.exe O4 - Global Startup: C:\Users\Baboume\Desktop\Brooklyn.lnk . (...) -- C:\inetpub\wwwroot\LxxL\Auteur\ANGLAIS_S_ES\Catoire\Brooklyn O4 - Global Startup: C:\Users\Baboume\Desktop\FreeMind.lnk . (.FreeMind team.) -- C:\Program Files (x86)\FreeMind\Freemind.exe O4 - Global Startup: C:\Users\Baboume\Desktop\HotPot Sources.lnk . (...) -- C:\Program Files (x86)\HotPotatoes6\source O4 - Global Startup: C:\Users\Baboume\Desktop\HotPotatoes 6.lnk . (.HalfBaked.) -- C:\Program Files (x86)\HotPotatoes6\HotPot.exe O4 - Global Startup: C:\Users\Baboume\Desktop\LxxL - Raccourci.lnk . (...) -- C:\inetpub\wwwroot\LxxL O4 - Global Startup: C:\Users\Baboume\Desktop\PCOSTE3 - Raccourci.lnk . (...) -- C:\Users\Baboume\Desktop\PCOSTE3 O4 - Global Startup: C:\Users\Baboume\Desktop\Quandary 2.lnk . (.HalfBaked.) -- C:\Program Files (x86)\Quandary2\quandary.exe O4 - Global Startup: C:\Users\Baboume\Desktop\Rozen - Raccourci.lnk . (...) -- C:\Users\Baboume\Desktop\Rozen O4 - Global Startup: C:\Users\Baboume\Desktop\Treilles Site.lnk . (...) -- C:\inetpub\wwwroot\Treilles O4 - Global Startup: C:\Users\Baboume\Desktop\wwwroot.lnk . (...) -- C:\inetpub\wwwroot O4 - Global Startup: C:\Users\Baboume\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk . (...) -- C:\Windows\Installer\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}\SafariIco.exe O4 - Global Startup: C:\Users\Baboume\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE O4 - Global Startup: C:\Users\Baboume\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xerte.lnk . (.The Unviersity of Nottingham.) -- C:\Program Files (x86)\Xerte\Xerte.exe ~ Scan Global Startup in 00mn 08s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir la sélection en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O8 - Extra context menu item: E&xporter vers Microsoft Excel - (.not file.) - C:\Program Files\MICROS~1\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\System32\wshbth.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000010\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{47973490-29A2-4494-B1B6-773D6F872ABA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CE145043-03E3-435E-A1F5-C59B2B060D88}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{47973490-29A2-4494-B1B6-773D6F872ABA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{CE145043-03E3-435E-A1F5-C59B2B060D88}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{47973490-29A2-4494-B1B6-773D6F872ABA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{CE145043-03E3-435E-A1F5-C59B2B060D88}: DhcpNameServer = 192.168.0.1 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/xhtml+xml [64Bits] - {32F66A26-7614-11D4-BD11-00104BD3F987} . (...) -- C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=iso-8859-1 [64Bits] - {32F66A26-7614-11D4-BD11-00104BD3F987} . (...) -- C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 [64Bits] - {32F66A26-7614-11D4-BD11-00104BD3F987} . (...) -- C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll O18 - Filter: text/xml; charset=iso-8859-1 [64Bits] - {32F66A26-7614-11D4-BD11-00104BD3F987} . (...) -- C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 [64Bits] - {32F66A26-7614-11D4-BD11-00104BD3F987} . (...) -- C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll O20 - Winlogon Notify: psfus . (...) -- C:\Program Files\Protector Suite\psqlpwd.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service (Autodesk Licensing Service) . (.Autodesk - System Level Service Utility.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CDMA Device Service (CDMA Device Service) . (.Pas de propriétaire - VIA Telecom Service.) - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) . (.Intel® Corporation - Intel® PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Management and Security Applica (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: lxddCATSCustConnectService (lxddCATSCustConnectService) . (.Lexmark International, Inc. - Lexmark Connect Service Executable.) - C:\Windows\System32\spool\drivers\x64\3\lxddserv.exe O23 - Service: lxdd_device (lxdd_device) . (.Pas de propriétaire - Printer Communication System.) - C:\Windows\system32\lxddcoms.exe O23 - Service: lxdj_device (lxdj_device) . (.Pas de propriétaire - Printer Communication System.) - C:\Windows\system32\lxdjcoms.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: MySQL55 (MySQL55) . (...) - C:\ProgramData\MySQL\MySQL Server 5.5\my.ini O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.2.) - C:\Windows\system32\nvvsvc.exe O23 - Service: Qualcomm Gobi 2000 Download Service (Son (QDLService2kSony) . (.QUALCOMM, Inc. - QDLService2k.) - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Servic (RegSrvc) . (.Intel® Corporation - Intel® PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: VAIO Care Performance Service (SampleCollector) . (...) - C:\Program Files\Sony\VAIO Care\VCPerfService.exeisk(_Total)\Disk Bytes\sec:1" "\counter=\Network Interface(*)\Bytes Total\sec:1" "\expandcounter=\Processor Information(*)\Processor O23 - Service: Samsung Network Fax Server (Samsung Network Fax Server) . (.Samsung Electronics Co., Ltd. - Samsung Network PC Fax (FaxServer).) - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe O23 - Service: Créateur de rapports d'état Sophos Anti- (SAVAdminService) . (.Sophos Plc - Sophos Administrator Service.) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) . (.Sophos Plc - Performs virus scanning and disinfection fu.) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service (Sophos AutoUpdate Service) . (.Sophos Plc - Sophos AutoUpdate Service..) - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Intel® Management & Security Applicati (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service (VAIO Event Service) . (.Sony Corporation - VAIO Event Service (Service Module).) - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management (VAIO Power Management) . (.Sony Corporation - SPM Module.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VSNService (VSNService) . (.Sony Corporation - VAIO Smart Network Service.) - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: WTGService (WTGService) . (...) - C:\Program Files (x86)\OneClickInternet\WTGService.exe ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s End of the scan (322 lines in 00mn 13s)(0)

Et voici donc le fichier ZHPDiag : Lien CJoint.com 3BhqjowO8tX J'imagine que la suite passera par ZHPFix ? Au plaisir de vous lire... JB Touchard

1000 mercis !!!

Bonjour, Depuis quelques semaines mon VAIO (Windows 7 Pro) se comporte mal. ça a commencé avec des redirections intempestives des liens affichés par Google. Et Google image n'affichant que les premières vignettes. J'ai beaucoup lu à ce sujet, passé pas mal de temps, mais ça devient de pire en pire en dépit de pas mal d'essais pour me débarasser de cette saleté. Microsoft Security Essential a trouvé (et supprimé Trojan:DOS/Alureon.E et deux jours après Trojan:JS/BlacoleRef.y) Depuis plus rien. Mais les redirections continuent et de plus en plus souvent mon PC devient très très lent... Ci dessous la copie de mon dernier HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:06:38, on 07/02/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Lexmark 1400 Series\lxdjamon.exe C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe C:\Windows\SysWOW64\RunDll32.exe C:\Users\Baboume\Desktop\HiJackThis.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MathPlayer BHO - {32F66A28-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathPlayerBHO.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Baboume\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing) O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi 2000 Download Service (Sony) (QDLService2kSony) - QUALCOMM, Inc. - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing) O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\OneClickInternet\WTGService.exe -- End of file - 12000 bytes