Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

lentement du pc et un bip bizard

dadoux

Par dadoux
dans Analyses et éradication malwares

 Partager

Messages recommandés

dadoux Member

dadoux

Posté(e)
Posté(e)

bonjour ,

voila mon pc est un peu lent c dernier temps , et j'ai un probleme quand j'ouvre certaine application (style : internet explorer) j'ai un petit "bip" je comprend pas d'ou sa viens .... os vista .Pourriez vous m'aider svp merci d'avance

voila le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:45, on 17/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hotkey Utility\tray.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Light Sensor Utility\Sensor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\mariano\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [recinfo420] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [meoii] "c:\users\mariano\appdata\local\meoii.exe" meoii

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\mariano\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 14761 bytes

 

 

 

 

bye!!!

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Avast + Norton = deux nullités dont une de trop (conflits).

 

Désactive les protections résidentes de Norton et Avast!

 

Pour Vista -->

Désactive l'UAC dans Vista comme expliqué ICI

 

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

 

  • Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique sur le raccourci de Toolbar-S&D.
    --> Sous VISTA: clic droit Exécuter en temps qu'administrateur.
    Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    Poste le rapport généré. (C:\TB.txt)

 

2) Désactive l'UAC dans Vista: http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

 

Fais un clic droit sur ce lien : Navilog1 Enregistre la cible (du lien) sous... et enregistre-le sur ton bureau.

 

Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en temps qu'administrateur" :

  • Laisse-toi guider. Au menu principal, choisis 1 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.

Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

 

Ne passe aucune autre option avant qu'on ne te le dise.

 

NB: si le scan bloque pendant son exécution, lance Navilog1 option 1 en mode sans échec

 

@++

dadoux Member

dadoux

Posté(e)
  • Auteur
Posté(e)

voila :

 

-----------\\ ToolBar S&D 1.0.8 XP/Vista

 

[ USER : mariano ] [ "C:\ToolBar SD" ] [ Selection : 1 ]

[ 17/11/2008 | 18:48:33,80 ] [ PC : PC-DE-MARIANO ]

[ MAJ : 04-08-2008 | 23:15 ]

[ UAC => 0 ]

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio

C:\Program Files\Dealio

C:\Program Files\Dealio\DealioAU.exe

C:\Program Files\Dealio\kb127

C:\Program Files\Dealio\SearchSettingsKit.exe

C:\Windows\Prefetch\SEARCHSETTINGS.EXE-4FF31194.pf

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\MSN Messenger\msimg32.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"'>http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"

"Start Page"="http://www.google.de/webhp?sourceid=navclient&hl=fr&ie=UTF-8"

"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://fr.yahoo.com"'>http://fr.yahoo.com"

"Default_Page_URL"="http://fr.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

[ UAC => 1 ]

 

-----------\\ Fin du rapport a 18:48:43,21

 

 

 

 

et voila :

 

Search Navipromo version 3.6.9 commencé le 17/11/2008 à 19:11:18,16

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "mariano"

 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

 

Microsoft Windows Vista 6.0.6000

Internet Explorer : 7.0.6000.16757

Système de fichiers : NTFS

 

Recherche executé en mode sans échec

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\Windows" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

 

 

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

 

 

*** Recherche dossiers dans "C:\ProgramData" ***

 

 

*** Recherche dossiers dans "c:\users\mariano\appdata\roaming\micros~1\windows\startm~1\programs" ***

 

 

*** Recherche dossiers dans "C:\Users\mariano\AppData\Local\virtualstore\Program Files" ***

 

 

*** Recherche dossiers dans "C:\Users\mariano\AppData\Roaming" ***

 

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\Windows\system32" *

 

* Recherche dans "C:\Users\mariano\AppData\Local\Microsoft" *

 

* Recherche dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" *

 

* Recherche dans "C:\Users\mariano\AppData\Local" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\Windows\system32" :

 

 

* Dans "C:\Users\mariano\AppData\Local\Microsoft" :

 

 

* Dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" :

 

 

* Dans "C:\Users\mariano\AppData\Local" :

 

 

3)Recherche Certificats :

 

Certificat Egroup trouvé !

Certificat Electronic-Group trouvé !

Certificat Montorgueil absent !

Certificat OOO-Favorit trouvé !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 17/11/2008 à 19:25:33,38 ***

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re :P

 

Bien, peux-tu me dire quel est l'antivirus "officiel sur ton pc stp"?

 

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

 

--> Sous VISTA: clic droit Exécuter en temps qu'administrateur.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu dans ta réponse.

 

2) Clic droit sur le raccourci Navilog1 présent sur le bureau

Exécuter en temps qu'administrateur.

  • Laisse-toi guider. Au menu principal, choisis 2 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
    Le rapport est en outre sauvegardé à la racine du disque (cleannavi.txt)

 

Si cela ne fonctionne pas en mode normal, passer en mode sans échec pour effectuer le nettoyage.

 

 

Poste également un nouveau log Hijackthis fait après ces opérations stp.

 

@+tard.

dadoux Member

dadoux

Posté(e)
  • Auteur
Posté(e)

re

bon j'utilise avast ,

excuse moi mais j'ai oublier d'enregistrer le TB.txt (j'ai regarder dans c:/TB.txt ) mais je crois que c le m vue l'heure ...

je te le met mais pas sur que ce sois sa :s

 

 

 

-----------\\ ToolBar S&D 1.0.8 XP/Vista

 

[ USER : mariano ] [ "C:\ToolBar SD" ] [ Selection : 1 ]

[ 17/11/2008 | 18:48:33,80 ] [ PC : PC-DE-MARIANO ]

[ MAJ : 04-08-2008 | 23:15 ]

[ UAC => 0 ]

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio

C:\Program Files\Dealio

C:\Program Files\Dealio\DealioAU.exe

C:\Program Files\Dealio\kb127

C:\Program Files\Dealio\SearchSettingsKit.exe

C:\Windows\Prefetch\SEARCHSETTINGS.EXE-4FF31194.pf

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\MSN Messenger\msimg32.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"'>http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"

"Start Page"="http://www.google.de/webhp?sourceid=navclient&hl=fr&ie=UTF-8"

"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://fr.yahoo.com"'>http://fr.yahoo.com"

"Default_Page_URL"="http://fr.yahoo.com"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

[ UAC => 1 ]

 

-----------\\ Fin du rapport a 18:48:43,21

 

 

 

et voila :

 

 

Clean Navipromo version 3.6.9 commencé le 17/11/2008 à 23:12:22,76

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "mariano"

 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO

 

Microsoft Windows Vista 6.0.6000

Internet Explorer : 7.0.6000.16757

Système de fichiers : NTFS

 

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

 

 

Nettoyage exécuté au redémarrage de l'ordinateur

 

 

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

 

 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

 

* Suppression dans "C:\Windows\System32" *

 

 

* Suppression dans "C:\Users\mariano\AppData\Local\Microsoft" *

 

 

* Suppression dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" *

 

 

* Suppression dans "C:\Users\mariano\AppData\Local" *

 

 

 

*** Suppression dossiers dans "C:\Windows" ***

 

 

*** Suppression dossiers dans "C:\Program Files" ***

 

 

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

 

 

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

 

 

*** Suppression dossiers dans "C:\ProgramData" ***

 

 

*** Suppression dossiers dans c:\users\mariano\appdata\roaming\micros~1\windows\startm~1\programs ***

 

 

*** Suppression dossiers dans "C:\Users\mariano\AppData\Local\virtualstore\Program Files" ***

 

 

*** Suppression dossiers dans "C:\Users\mariano\AppData\Roaming" ***

 

 

 

*** Suppression fichiers ***

 

 

*** Suppression fichiers temporaires ***

 

Nettoyage contenu C:\Windows\Temp effectué !

Nettoyage contenu C:\Users\mariano\AppData\Local\Temp effectué !

 

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

 

2)Recherche, création sauvegardes et suppression Heuristique :

 

 

* Dans "C:\Windows\system32" *

 

 

* Dans "C:\Users\mariano\AppData\Local\Microsoft" *

 

 

* Dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" *

 

 

* Dans "C:\Users\mariano\AppData\Local" *

 

 

*** Sauvegarde du Registre vers dossier Safebackup ***

 

sauvegarde du Registre réalisée avec succès !

 

*** Nettoyage Registre ***

 

Nettoyage Registre Ok

 

 

*** Certificats ***

 

Certificat Egroup supprimé !

Certificat Electronic-Group supprimé !

Certificat Montorgueil absent !

Certificat OOO-Favorit supprimé !

Certificat Sunny-Day-Design-Ltdt absent !

 

 

*** Nettoyage terminé le 17/11/2008 à 23:18:54,21 ***

 

et le rapport hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:31:37, on 17/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hotkey Utility\tray.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Light Sensor Utility\Sensor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\mariano\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [recinfo420] c:\RecInfo\RecInfo.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [meoii] "c:\users\mariano\appdata\local\meoii.exe" meoii

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 13988 bytes

 

A++

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Qu'indique l'horloge de ton pc là maintenant?

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Tu es dans un autre fuseau horaire que celui de Paris et Bruxelles?

 

Sinon elle doit être réglée hein; ça pourrait créer quelques soucis avec les outils de mises à jour.

 

Les tools utilisés semblent avoir fait chou blanc, tu es sûr d'avoir appliqué les consignes?

 

Si tu dois désinstaller les restes de Norton qui peuvent causer problèmes, utilise ceci:

 

 

Remover Norton

 

Avast n'est plus très indiqué mais je suppose que tu as dû le lire un peu partout ici.

 

 

Si tu es d'accord pour changer d'antivirus, voici Antivir; il est en anglais mais le tuto est très bien expliqué pour faire la configuration du logiciel.

http://www.libellules.ch/tuto_antivir.php

 

http://www.vista-xp.fr/forum/topic227.html

 

Procédure:

 

Télécharger l'exécutable d'Antivir. http://www.free-av.de/en/download/1/avira_..._antivirus.html

 

Déconnecter physiquement le pc du net, c'est à dire en retirant le câble de la tour.

 

Désinstaller Avast par Ajouter/Supprimer des programmes.

 

En cas de problème de désinstallation: http://www.avast.com/fre/avast-uninstall-utility.html

 

Installer Antivir et le configurer comme expliqué dans le tutoriel. (Ne pas oublier de cocher la case de recherche de Rootkits -> très important).

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et choisis Configure Antivir

Dans la fenêtre, coche la case Expert Mode

Juste en dessous, clique sur le menu Scanner

Sur le panneau de droite, coche la case Search for Rootkits before scan

 

img-2009312kgle.gif

 

 

Rebrancher le pc au net; effectuer la mise à jour des bases antivirales d'Antivir.

 

Lancer une analyse complète de l'ordinateur. (pas de suite stp)

 

Poster le rapport ici svp.

 

*** Pour ce qui suit, tu vas devoir désactiver le résident Avast! par son icône dans la barre des tâches afin qu'il ne gêne pas l'outil suivant.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

@++

 

 

@++

dadoux Member

dadoux

Posté(e)
  • Auteur
Posté(e)

re je suis reunionnais (d'ou le decalage horaire)..

ben oui j'ai applique les consignes ....

voila le rapport :

ComboFix 08-11-16.05 - mariano 2008-11-18 0:40:11.1 - NTFSx86

Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1813 [GMT 4:00]

Lancé depuis: c:\users\mariano\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-17 au 2008-11-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-17 18:51 . 2008-11-17 23:18 <REP> d-------- c:\program files\Navilog1

2008-11-14 17:51 . 2008-11-14 17:51 <REP> d-------- c:\program files\OpenPlsInWMP

2008-11-13 11:40 . 2008-11-14 00:42 <REP> d-------- c:\program files\World of Warcraft

2008-11-12 23:17 . 2008-11-17 19:54 <REP> d-------- c:\program files\HLSW

2008-11-12 22:20 . 2008-09-10 07:25 1,341,440 --a------ c:\windows\System32\msxml6.dll

2008-11-12 22:20 . 2008-09-05 08:48 1,194,496 --a------ c:\windows\System32\msxml3.dll

2008-11-12 22:20 . 2008-09-10 07:21 2,048 --a------ c:\windows\System32\msxml6r.dll

2008-11-12 22:20 . 2008-09-05 08:45 2,048 --a------ c:\windows\System32\msxml3r.dll

2008-11-12 22:04 . 2008-08-26 05:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-11 07:25 . 2008-11-11 07:25 <REP> d-------- c:\users\mariano\WoW-BurningCrusade-frFR-Slim-Installer

2008-11-10 18:37 . 2008-11-13 11:44 <REP> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-11-07 01:26 . 2008-11-10 22:49 <REP> d-------- c:\users\Public\Games

2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\users\All Users\ma-config.com

2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\programdata\ma-config.com

2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\program files\ma-config.com

2008-11-05 19:44 . 2008-11-05 19:44 <REP> d-------- c:\program files\eMule

2008-11-04 17:42 . 2008-11-04 17:42 <REP> d-------- c:\users\mariano\AppData\Roaming\Apple Computer

2008-11-04 17:41 . 2008-11-04 17:41 <REP> d----c--- c:\windows\System32\DRVSTORE

2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\program files\iTunes

2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\program files\iPod

2008-11-04 17:41 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2008-11-04 17:41 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2008-11-04 17:38 . 2008-11-04 17:41 <REP> d-------- c:\users\All Users\Apple Computer

2008-11-04 17:38 . 2008-11-04 17:41 <REP> d-------- c:\programdata\Apple Computer

2008-11-04 17:38 . 2008-11-04 17:38 <REP> d-------- c:\program files\Apple Software Update

2008-11-04 17:36 . 2008-11-04 17:36 <REP> d-------- c:\users\All Users\Apple

2008-11-04 17:36 . 2008-11-04 17:36 <REP> d-------- c:\programdata\Apple

2008-11-04 17:36 . 2008-11-04 17:39 <REP> d-------- c:\program files\Common Files\Apple

2008-11-04 02:00 . 2008-11-17 19:52 <REP> d-------- c:\users\mariano\AppData\Roaming\Todae

2008-11-03 17:09 . 2008-11-03 17:12 <REP> d-------- c:\program files\CS

2008-11-03 16:19 . 2008-11-03 16:19 <REP> d-------- c:\users\mariano\AppData\Roaming\Desktopicon

2008-11-03 16:19 . 2008-11-03 16:49 <REP> d-------- c:\program files\Unlocker

2008-11-03 08:09 . 2008-11-03 17:12 <REP> d-------- c:\program files\sXe Injected

2008-11-03 08:06 . 2008-11-03 08:09 <REP> d-------- c:\program files\Mon Counter-Strike 1.6 V31 gr

2008-11-03 07:10 . 2008-11-03 07:10 244 --ah----- C:\sqmnoopt01.sqm

2008-11-03 07:10 . 2008-11-03 07:10 232 --ah----- C:\sqmdata01.sqm

2008-10-29 15:30 . 2008-08-12 07:29 441,856 --a------ c:\windows\System32\win32spl.dll

2008-10-29 15:30 . 2008-08-12 07:29 37,376 --a------ c:\windows\System32\printcom.dll

2008-10-21 21:38 . 2008-10-21 21:46 <REP> d-------- c:\users\mariano\AppData\Roaming\n-Track Studio6

2008-10-21 21:37 . 2008-10-21 21:37 <REP> d-------- c:\program files\FASoft

2008-10-19 03:04 . 2008-10-19 03:04 <REP> d-------- c:\windows\SQLTools9_KB948109_ENU

2008-10-19 03:01 . 2008-10-19 03:01 <REP> d-------- c:\windows\SQL9_KB948109_ENU

2008-10-17 22:50 . 2008-09-18 08:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-17 22:50 . 2008-09-18 08:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-17 17:48 . 2008-09-18 06:03 2,027,520 --a------ c:\windows\System32\win32k.sys

2008-10-17 17:39 . 2008-08-26 05:12 290,304 --a------ c:\windows\System32\drivers\srv.sys

2008-10-17 13:02 . 2008-10-25 03:26 <REP> d-------- c:\program files\Microsoft Silverlight

2008-10-17 12:56 . 2008-10-19 03:05 <REP> d-------- c:\program files\Microsoft SQL Server

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-17 19:19 --------- d---a-w c:\programdata\TEMP

2008-11-17 19:09 --------- d-----w c:\program files\Search Settings

2008-11-17 14:34 27,525 ----a-w c:\users\mariano\AppData\Roaming\nvModes.dat

2008-11-17 13:54 --------- d-----w c:\programdata\Google Updater

2008-11-14 09:10 --------- d-----w c:\program files\Common Files\Adobe

2008-11-13 23:05 --------- d-----w c:\programdata\Microsoft Help

2008-11-13 01:38 --------- d-----w c:\users\mariano\AppData\Roaming\LimeWire

2008-11-12 16:53 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2008-11-05 15:44 --------- d-----w c:\programdata\eMule

2008-11-04 17:31 --------- d-----w c:\users\mariano\AppData\Roaming\Audacity

2008-11-04 13:40 --------- d-----w c:\program files\Bonjour

2008-11-04 13:39 --------- d-----w c:\program files\QuickTime

2008-11-03 01:32 --------- d-----w c:\users\mariano\AppData\Roaming\uTorrent

2008-10-27 01:59 --------- d-----w c:\users\mariano\AppData\Roaming\Notepad++

2008-10-27 01:59 --------- d-----w c:\program files\Notepad++

2008-10-20 13:38 --------- d-----w c:\programdata\Skype

2008-10-20 02:01 --------- d-----w c:\users\mariano\AppData\Roaming\Sony

2008-10-18 02:36 --------- d-----w c:\users\mariano\AppData\Roaming\skypePM

2008-10-17 08:58 --------- d-----w c:\program files\Microsoft.NET

2008-10-08 20:13 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2008-10-08 20:11 --------- d-----w c:\program files\Microsoft Synchronization Services

2008-10-08 20:11 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-10-08 20:02 --------- d-----w c:\program files\Microsoft SDKs

2008-10-08 03:21 0 ----a-w c:\users\mariano\AppData\Roaming\wklnhst.dat

2008-10-08 03:21 --------- d-----w c:\users\mariano\AppData\Roaming\Template

2008-10-03 01:42 --------- d-----w c:\program files\Microsoft Games

2008-10-03 01:42 --------- d-----w c:\program files\GameSpy Arcade

2008-10-02 23:46 81,920 ----a-w c:\windows\System32\frapsvid.dll

2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll

2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll

2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe

2008-10-01 12:57 --------- d-----w c:\users\mariano\AppData\Roaming\PeerNetworking

2008-10-01 03:13 --------- d-----w c:\program files\Free Audio Pack

2008-09-30 12:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-26 22:45 --------- d-----w c:\program files\Picasa2

2008-09-26 19:58 --------- d-----w c:\users\mariano\AppData\Roaming\FileZilla

2008-09-26 13:27 --------- d-----w c:\program files\FileZilla Client

2008-09-25 18:40 --------- d-----w c:\program files\Everest Poker

2008-09-20 05:00 --------- d-----w c:\users\mariano\AppData\Roaming\gtk-2.0

2008-09-19 20:00 --------- d-----w c:\users\mariano\AppData\Roaming\mIRC

2008-09-12 08:27 368,640 ----a-w c:\windows\System32\ReWire.dll

2008-09-12 08:27 233,472 ------w c:\windows\System32\REX Shared Library.dll

2008-08-29 06:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-08-29 05:53 61,440 ----a-w c:\windows\System32\dnssd.dll

2008-08-20 06:52 50,688 ----a-w c:\windows\System32\wbhelp2.dll

2008-08-01 23:25 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-17 1266992]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-15 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 39408]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-08-20 3065344]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2006-11-02 49664]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]

"FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2007-07-13 561152]

"PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696]

"Silent Mode"="c:\program files\Light Sensor Utility\Sensor.exe" [2007-06-27 253952]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-01 29744]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]

"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]

"recinfo420"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-10 36352]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-04 185896]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-02 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

c:\users\mariano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"ValidateAdminCodeSignatures"= 1 (0x1)

"FilterAdministratorToken"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D5C1ADF6-73A2-405C-8BFC-D5ACB74493B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7A978BA1-8918-4724-9F51-D6725A1D62E3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{554B9D1C-DDD1-43D8-B608-247E79C1AF59}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV

"TCP Query User{06DAB3E1-B8F6-4593-B096-46216ECA8C3C}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2

"UDP Query User{254A7FB6-27BF-494C-8D27-715FB16B566D}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2

"TCP Query User{7EDE742D-18E7-41CC-9A96-D44A2F315DD6}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"UDP Query User{019187DA-D0E0-48D3-9EB2-AED02DFF6E76}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD

"TCP Query User{BE54105E-114D-40A3-A5FE-45EB144AA988}e:\\sthiw\\stinstall.exe"= UDP:e:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"UDP Query User{BF02581C-A1BA-4749-A1AD-B5D688B8FA94}e:\\sthiw\\stinstall.exe"= TCP:e:\sthiw\stinstall.exe:SpeedTouch Setup Wizard

"TCP Query User{BAAC0188-F755-42C0-A086-5B01D98E44A9}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{7461F891-83BD-4EB5-9333-F59EE93B0BBF}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{C02724B5-2BFD-411C-A702-E3A67F68FAB1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{D57C748D-FBCF-4550-AC9B-2F76160B232E}c:\\users\\mariano\\desktop\\mirc\\mirc.exe"= UDP:c:\users\mariano\desktop\mirc\mirc.exe:mirc.exe

"UDP Query User{B219046A-BC79-44D5-9B6A-2FBDE33451CC}c:\\users\\mariano\\desktop\\mirc\\mirc.exe"= TCP:c:\users\mariano\desktop\mirc\mirc.exe:mirc.exe

"{48896683-4BB0-40C1-982E-A41E8C61C217}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{5A147318-ED33-4E9E-ADF1-236AD3158D30}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb

"{13F69BF7-44CE-434B-BDC2-5EEF66FF4BDC}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{C99D5F33-ACB9-4F5A-A4B0-4C27A1BE873B}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{C50D8AC0-F854-4720-ABF7-9D553FBB97F6}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{F7C9BB06-2576-4FDE-8D1A-C4FAFF6B9A87}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{139B5732-0B3B-4F60-A11F-4406084BD7F1}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{AE7DD1C8-405D-4E14-A2BA-05323A5189FC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{58B39CC1-99B5-4410-A3FD-D1D64ECDE82B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{990E0811-0BCF-44B1-9E53-B2F6C0C325D2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{6827AF18-04FB-4583-B741-A894EF3E50A2}c:\\users\\mariano\\desktop\\copy of djbot\\mirc.exe"= UDP:c:\users\mariano\desktop\copy of djbot\mirc.exe:mirc.exe

"UDP Query User{40AA5569-F6FA-48B4-82A8-3A5E4160A734}c:\\users\\mariano\\desktop\\copy of djbot\\mirc.exe"= TCP:c:\users\mariano\desktop\copy of djbot\mirc.exe:mirc.exe

"TCP Query User{8F9C74E4-777E-49F8-85AD-0213CD4A8F49}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{1266A800-14EA-4005-A75E-2A93CCC1AE0A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{58CBBFBD-BB95-4068-9F16-995422EE1E3C}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{F02715DF-E615-42A1-BF8C-FFF113AEEF48}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{AF6307CE-F9F4-4727-8BBC-835B72D36866}c:\\users\\mariano\\desktop\\djbot\\mirc.exe"= UDP:c:\users\mariano\desktop\djbot\mirc.exe:mirc.exe

"UDP Query User{19879BB7-7DE6-428A-9A40-0C02E4853AF7}c:\\users\\mariano\\desktop\\djbot\\mirc.exe"= TCP:c:\users\mariano\desktop\djbot\mirc.exe:mirc.exe

"TCP Query User{84AF67C1-96D2-479A-82B4-A7FBAF739AC7}c:\\users\\mariano\\desktop\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\users\mariano\desktop\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp.exe

"UDP Query User{1035ED80-112D-476C-B4FA-3D1FEDDEE483}c:\\users\\mariano\\desktop\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\users\mariano\desktop\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp.exe

"TCP Query User{718ABE1F-1055-4531-A706-6A331F61BABD}c:\\ircbel_script\\mirc.exe"= UDP:c:\ircbel_script\mirc.exe:mIRC

"UDP Query User{CBEDF41B-1BF6-428B-9BAB-FEFEFCCABBF1}c:\\ircbel_script\\mirc.exe"= TCP:c:\ircbel_script\mirc.exe:mIRC

"TCP Query User{0612DEBB-902F-44F8-9E9F-D6C3C911ED49}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{8EC3496A-EEEB-4BEC-A403-F8CB0200E58A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{D6863DFE-E2BB-4451-8325-582BD857F010}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

"UDP Query User{472FFB29-ADE6-42D2-983D-7B1A341E0237}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

"{F60BBD9B-617D-4D0F-A882-08BA2E5425B4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{92111F95-A70B-4E9B-BC07-56BFBBC5D231}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{3CF03B47-821B-4C89-923E-8A773D7DFC17}c:\\users\\mariano\\desktop\\delire\\djs script.exe"= UDP:c:\users\mariano\desktop\delire\djs script.exe:djs script.exe

"UDP Query User{D2853D51-4379-4824-A7F4-203BAFA63989}c:\\users\\mariano\\desktop\\delire\\djs script.exe"= TCP:c:\users\mariano\desktop\delire\djs script.exe:djs script.exe

"TCP Query User{13D79233-F5EC-4C57-926B-4A809EC26E00}c:\\bsmaxscript[7.0]\\mirc.exe"= UDP:c:\bsmaxscript[7.0]\mirc.exe:mIRC

"UDP Query User{4FF48A30-D64A-433C-BD31-7028733B77CE}c:\\bsmaxscript[7.0]\\mirc.exe"= TCP:c:\bsmaxscript[7.0]\mirc.exe:mIRC

"TCP Query User{2DD748AD-61BF-4073-9671-D6CBC15BE4D8}c:\\users\\mariano\\desktop\\windrop\\windrop\\eggdrop.exe"= UDP:c:\users\mariano\desktop\windrop\windrop\eggdrop.exe:eggdrop.exe

"UDP Query User{FBCA4447-FAC7-4C42-83A0-5D1E0DF6269A}c:\\users\\mariano\\desktop\\windrop\\windrop\\eggdrop.exe"= TCP:c:\users\mariano\desktop\windrop\windrop\eggdrop.exe:eggdrop.exe

"TCP Query User{F504DB96-E547-42CC-849F-179BDFA4292F}c:\\users\\mariano\\desktop\\funbot_v2\\funbotv2.exe"= UDP:c:\users\mariano\desktop\funbot_v2\funbotv2.exe:funbotv2.exe

"UDP Query User{39D9CD41-B77B-4A93-8E6A-1DC726D74243}c:\\users\\mariano\\desktop\\funbot_v2\\funbotv2.exe"= TCP:c:\users\mariano\desktop\funbot_v2\funbotv2.exe:funbotv2.exe

"TCP Query User{ECE0DD72-D8D6-4066-BA43-D3F0A53B6C77}c:\\users\\mariano\\desktop\\analogx\\proxy\\proxy.exe"= UDP:c:\users\mariano\desktop\analogx\proxy\proxy.exe:proxy.exe

"UDP Query User{4CC63046-E294-4659-AD4E-843DF486AD8A}c:\\users\\mariano\\desktop\\analogx\\proxy\\proxy.exe"= TCP:c:\users\mariano\desktop\analogx\proxy\proxy.exe:proxy.exe

"TCP Query User{75C03EE7-A82B-467B-8997-B8D81318E7D6}c:\\wamp\\apache2\\bin\\httpd.exe"= UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server

"UDP Query User{59ED6116-8175-4E44-9F2D-DFF376B4299C}c:\\wamp\\apache2\\bin\\httpd.exe"= TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server

"TCP Query User{7E0A5F2E-4D76-4E31-A9CD-54FDF0BA496C}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo

"UDP Query User{13790735-77B4-461E-A08B-4B5C4F453F40}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo

"TCP Query User{D4E99D25-FD65-42E4-82B4-DEA884332646}c:\\program files\\counter-strike 1.6 v31\\hl.exe"= UDP:c:\program files\counter-strike 1.6 v31\hl.exe:Half-Life Launcher

"UDP Query User{34392178-7E27-4BEC-8D87-CC0BEA3ADBC2}c:\\program files\\counter-strike 1.6 v31\\hl.exe"= TCP:c:\program files\counter-strike 1.6 v31\hl.exe:Half-Life Launcher

"TCP Query User{2E3E35F6-E5A6-4C7F-94AB-5170B78F4DC9}c:\\program files\\virtualdj\\virtualdj_he6.exe"= UDP:c:\program files\virtualdj\virtualdj_he6.exe:VirtualDJ

"UDP Query User{83ABC27E-A7A2-47F6-8011-41D1BB89B862}c:\\program files\\virtualdj\\virtualdj_he6.exe"= TCP:c:\program files\virtualdj\virtualdj_he6.exe:VirtualDJ

"TCP Query User{49B8784B-746E-4D09-89E1-A2C4B58A7A49}c:\\program files\\counter-strike\\hl.exe"= UDP:c:\program files\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{922C85A0-14E8-4907-9BF7-D5F787A409A1}c:\\program files\\counter-strike\\hl.exe"= TCP:c:\program files\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{AE61DA8E-3130-4729-8FD8-39689CEAA0CE}c:\\users\\mariano\\documents\\my completed downloads\\wowclient-downloader.exe"= UDP:c:\users\mariano\documents\my completed downloads\wowclient-downloader.exe:wowclient-downloader.exe

"UDP Query User{C3FF4BA4-8410-4C76-94D4-7B821D2D0FAE}c:\\users\\mariano\\documents\\my completed downloads\\wowclient-downloader.exe"= TCP:c:\users\mariano\documents\my completed downloads\wowclient-downloader.exe:wowclient-downloader.exe

"TCP Query User{1596986C-F7AB-4158-8E4C-CBCF6498EA38}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{515AE117-9FDE-4E87-98BD-75DF19CC6DE1}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{79F866AA-47EC-4C2E-ACF4-CE11F0C95088}c:\\users\\mariano\\documents\\my completed downloads\\enusinstallerbc.exe"= UDP:c:\users\mariano\documents\my completed downloads\enusinstallerbc.exe:enusinstallerbc.exe

"UDP Query User{6EA01CD9-0241-44D4-9E38-A372F10963B2}c:\\users\\mariano\\documents\\my completed downloads\\enusinstallerbc.exe"= TCP:c:\users\mariano\documents\my completed downloads\enusinstallerbc.exe:enusinstallerbc.exe

"TCP Query User{0069D20A-13BE-4A6E-8B98-20D56309DC37}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{DEC16A7A-054B-423C-8581-9B8D9D866545}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"TCP Query User{0DB00D9D-6EF1-45BF-8897-5472816ECB00}c:\\program files\\cs 1.6\\hl.exe"= UDP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher

"UDP Query User{BA3B6069-5E50-44D2-A98F-2B295E4EA6A2}c:\\program files\\cs 1.6\\hl.exe"= TCP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher

"TCP Query User{1C49857F-0285-48A4-9F06-B5A0D62DCB25}c:\\program files\\mon counter-strike 1.6 v31 gr\\hl.exe"= UDP:c:\program files\mon counter-strike 1.6 v31 gr\hl.exe:Half-Life Launcher

"UDP Query User{CC4B5DAD-F950-467E-993D-1A8EB53AD2F6}c:\\program files\\mon counter-strike 1.6 v31 gr\\hl.exe"= TCP:c:\program files\mon counter-strike 1.6 v31 gr\hl.exe:Half-Life Launcher

"TCP Query User{930B6001-578F-4211-91C9-193A9C59B2A8}c:\\program files\\cs\\hl.exe"= UDP:c:\program files\cs\hl.exe:Half-Life Launcher

"UDP Query User{5586F6BC-061E-44AA-8336-7369AD590CC3}c:\\program files\\cs\\hl.exe"= TCP:c:\program files\cs\hl.exe:Half-Life Launcher

"TCP Query User{0B8A0BC2-4064-42ED-886E-FA43EBB43965}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.254\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex01.254\freezer.exe:freezer.exe

"UDP Query User{3B332A31-3FEE-4D47-B207-845586820692}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.254\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex01.254\freezer.exe:freezer.exe

"TCP Query User{0CD14879-38BE-474C-897D-A6F232DBACFF}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.039\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.039\freezer.exe:freezer.exe

"UDP Query User{65042628-D4A9-4F67-AD0E-E0578A39125F}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.039\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.039\freezer.exe:freezer.exe

"TCP Query User{FB3C4D55-81B1-40C9-9BA6-89E220E71815}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.919\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.919\freezer.exe:freezer.exe

"UDP Query User{452465BA-B6B3-47F5-A3FE-A7D3A87746B4}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.919\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.919\freezer.exe:freezer.exe

"TCP Query User{B1405AA7-01B7-4B09-AA36-38328368F41C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.772\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.772\freezer.exe:freezer.exe

"UDP Query User{BCEB5DD1-09D4-45D7-8060-A4E9FB88BACF}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.772\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.772\freezer.exe:freezer.exe

"{64F03025-D886-45B1-A862-5BCAD461BAA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D9554320-5569-4EB7-BDB1-FC3D721A70F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{954AB9BC-02EC-4B0C-B12C-349B0947A1B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{AC4B4E9D-8425-49C9-87E6-32A1030617F8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{E0009AE3-9CCC-40EE-9374-2CEAE7977BDE}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.773\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.773\freezer.exe:freezer.exe

"UDP Query User{337E7C1F-B204-4D6B-A34E-A2B8971F9C98}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.773\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.773\freezer.exe:freezer.exe

"TCP Query User{813FC501-EF26-4E2B-B8B8-27CCBF0FDF1C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.023\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.023\freezer.exe:freezer.exe

"UDP Query User{3DDC6E30-C2F7-4745-8887-5B552B17FD4A}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.023\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.023\freezer.exe:freezer.exe

"TCP Query User{4138176C-4A35-45D7-9AF0-7BBB6944BCA8}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.180\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.180\freezer.exe:freezer.exe

"UDP Query User{0979C723-825B-4122-AA17-4D8B56BF3CE6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.180\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.180\freezer.exe:freezer.exe

"TCP Query User{63671C37-91AD-4D4E-83F2-91A9E8512821}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.134\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.134\freezer.exe:freezer.exe

"UDP Query User{41B30D48-BE2B-4678-86BE-78227D92D894}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.134\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.134\freezer.exe:freezer.exe

"TCP Query User{9B5F2504-B6B8-4E25-8054-DEB3EEAE6076}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.852\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.852\freezer.exe:freezer.exe

"UDP Query User{90680ABB-CB5A-4F49-BF56-3F3CAA833683}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.852\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.852\freezer.exe:freezer.exe

"TCP Query User{AAFA3CF3-09FE-4304-B06B-ABE374764F8D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.929\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.929\freezer.exe:freezer.exe

"UDP Query User{B2B913AD-74AD-4536-82EB-2D1BDAC6A255}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.929\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.929\freezer.exe:freezer.exe

"{5075F858-2031-40B9-9357-0E898EEE8E0F}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{1083B160-3DFF-49AB-8634-A822AB45FB0A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{AF3B325A-37F5-4FFE-AA3A-C560D5E33B41}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{BD4C58AD-6F84-4A1D-8AD0-7A74C780CE9D}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"TCP Query User{5A6B67AE-4692-4C20-8786-854329849CE4}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.321\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.321\freezer.exe:freezer.exe

"UDP Query User{776D284F-1E13-484D-8702-65DC6665A88A}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.321\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.321\freezer.exe:freezer.exe

"TCP Query User{8C68C3A1-9A99-491E-8B6F-60C91F2398FB}c:\\users\\public\\games\\wow-2.3.0.7561-frfr-downloader.exe"= UDP:c:\users\public\games\wow-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader

"UDP Query User{50741C50-ABCC-4E7A-9688-CECA47DE25FD}c:\\users\\public\\games\\wow-2.3.0.7561-frfr-downloader.exe"= TCP:c:\users\public\games\wow-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader

"TCP Query User{D7B2636E-E213-4AF4-8D15-CB5E1D94D78C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.539\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.539\freezer.exe:freezer.exe

"UDP Query User{0B051696-EE7E-4BCF-A7CA-713D02AAE7E5}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.539\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.539\freezer.exe:freezer.exe

"TCP Query User{5F8C93CD-3646-4F32-87CA-DB5593BBE711}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.820\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.820\freezer.exe:freezer.exe

"UDP Query User{C79B407D-E8CD-434C-9F5B-749C9194FD99}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.820\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.820\freezer.exe:freezer.exe

"TCP Query User{EAF6076C-A7F8-4B5F-BF55-D4A3876B7B1F}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.789\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.789\freezer.exe:freezer.exe

"UDP Query User{3C4C3DA3-70E7-4D93-9909-47C37EB62132}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.789\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.789\freezer.exe:freezer.exe

"TCP Query User{D5F183DF-669C-414D-86B6-C2DB7CB9C4A3}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.352\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.352\freezer.exe:freezer.exe

"UDP Query User{725A6E05-7A0B-408B-B873-CD1446EB6FE8}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.352\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.352\freezer.exe:freezer.exe

"TCP Query User{AEEEF50A-0461-4DDC-8A29-3D0974C4D7D0}c:\\users\\mariano\\downloads\\bc.exe"= UDP:c:\users\mariano\downloads\bc.exe:bc.exe

"UDP Query User{F300CDE8-966B-4C5A-AAAB-E668611DE946}c:\\users\\mariano\\downloads\\bc.exe"= TCP:c:\users\mariano\downloads\bc.exe:bc.exe

"TCP Query User{81AE56CA-A7FD-4F45-85F8-1BC78061BD05}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.363\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.363\freezer.exe:freezer.exe

"UDP Query User{3234393A-4A0E-4091-86F1-1C86B7B5A881}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.363\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.363\freezer.exe:freezer.exe

"TCP Query User{26C3E34F-C9FD-4FC3-B879-9342FE258735}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.602\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.602\freezer.exe:freezer.exe

"UDP Query User{31BF5A29-92A6-4C49-A61C-267783DAD4E6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.602\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.602\freezer.exe:freezer.exe

"TCP Query User{D2271E54-D0A2-4933-8710-6ADFEDA56EEA}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.181\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.181\freezer.exe:freezer.exe

"UDP Query User{C00DA421-5FC8-4253-923F-08A8A64DB84B}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.181\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.181\freezer.exe:freezer.exe

"TCP Query User{BB71A73A-B862-4DE5-B0F4-4960A9FBDF4D}c:\\users\\mariano\\downloads\\wow.exe"= UDP:c:\users\mariano\downloads\wow.exe:wow.exe

"UDP Query User{A53038C2-FE51-4CDF-994C-25DA1B56E110}c:\\users\\mariano\\downloads\\wow.exe"= TCP:c:\users\mariano\downloads\wow.exe:wow.exe

"TCP Query User{18A6C65C-24A5-4E68-92FE-B00A4416C447}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.774\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.774\freezer.exe:freezer.exe

"UDP Query User{CD3C7272-6265-4EF1-ADBA-417C0BD4895D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.774\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.774\freezer.exe:freezer.exe

"TCP Query User{4484E576-7BE0-4EFE-8DD3-99025CD3CD2E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.908\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.908\freezer.exe:freezer.exe

"UDP Query User{8053487C-F9F3-4732-8852-597BB699DB03}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.908\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.908\freezer.exe:freezer.exe

"TCP Query User{E9DEEE93-8DE5-419A-8F23-00DC6BA808BD}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.399\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.399\freezer.exe:freezer.exe

"UDP Query User{CE2D97D7-AD37-47A0-8487-27E68DC47675}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.399\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.399\freezer.exe:freezer.exe

"TCP Query User{7291802D-3DC4-4E58-871C-DCBC8DD32CF5}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.200\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex01.200\freezer.exe:freezer.exe

"UDP Query User{3113E75C-127A-4F62-B31B-1A3E1B408922}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.200\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex01.200\freezer.exe:freezer.exe

"TCP Query User{3E2126F2-F71B-412A-9559-AA391585EE75}c:\\program files\\hlsw\\hlsw_0_4_1.exe"= UDP:c:\program files\hlsw\hlsw_0_4_1.exe:MFC-Anwendung HLSW

"UDP Query User{55C1BF92-8AB4-4BA7-B6B3-54B9731A8977}c:\\program files\\hlsw\\hlsw_0_4_1.exe"= TCP:c:\program files\hlsw\hlsw_0_4_1.exe:MFC-Anwendung HLSW

"TCP Query User{30056622-C7F1-408B-932B-00879929EF5E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.911\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.911\freezer.exe:freezer.exe

"UDP Query User{E8460B7A-BE69-4CB6-84DF-C9C850D65E8E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.911\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.911\freezer.exe:freezer.exe

"TCP Query User{42B66E71-1B50-4AB4-A29A-F44C32DE5CB6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.883\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.883\freezer.exe:freezer.exe

"UDP Query User{AE6263C4-29E4-495D-B833-F65577D012CD}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.883\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.883\freezer.exe:freezer.exe

"TCP Query User{0E8DB5C1-C8B2-4E9D-9E3A-0E487589BE0F}c:\\program files\\world of warcraft\\wow-2.4.2-frfr-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.2-frfr-downloader.exe:Blizzard Downloader

"UDP Query User{BCAB243B-3C62-4789-A2E3-4B69950EB01B}c:\\program files\\world of warcraft\\wow-2.4.2-frfr-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.2-frfr-downloader.exe:Blizzard Downloader

"TCP Query User{C3827576-BF61-4E00-8750-7760F3668362}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.288\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.288\freezer.exe:freezer.exe

"UDP Query User{BE9A1C15-2FEE-4886-8D36-61C60B087C3D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.288\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.288\freezer.exe:freezer.exe

"TCP Query User{00514863-D1AD-42EA-9466-1B23AAD4E539}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.410\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.410\freezer.exe:freezer.exe

"UDP Query User{0ECDD4CB-C43B-4498-A7C1-AA7D14669E1D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.410\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.410\freezer.exe:freezer.exe

"TCP Query User{EE92B42B-3892-4635-956D-34F135C6FF7E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.117\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.117\freezer.exe:freezer.exe

"UDP Query User{4E395360-0AAE-4F39-AD82-E2FFC0E429AC}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.117\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.117\freezer.exe:freezer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-01 110160]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-01 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-08-01 51792]

R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]

R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2007-01-15 47616]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-15 218624]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-15 29744]

S3 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-01-15 202872]

S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-10-28 195752]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-08-27 87288]

S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2008-06-20 543555]

S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice [2007-01-09 20539]

S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld []

S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-01-15 131616]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1019df91-626f-11dd-b798-00147fb5bb8f}]

\shell\AutoRun\command - G:\EXPLORER.EXE

\shell\explore\Command - G:\EXPLORER.EXE

\shell\open\Command - G:\EXPLORER.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e6354-3eed-11dd-957c-003005db8da5}]

\shell\AutoRun\command - ntde1ect.com

\shell\explore\Command - ntde1ect.com

\shell\open\Command - ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e635b-3eed-11dd-957c-003005db8da5}]

\shell\AutoRun\command - H:\ntde1ect.com

\shell\explore\Command - H:\ntde1ect.com

\shell\open\Command - H:\ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e657c-3eed-11dd-957c-003005db8da5}]

\shell\AutoRun\command - I:\ntde1ect.com

\shell\explore\Command - I:\ntde1ect.com

\shell\open\Command - I:\ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf6fd7-561c-11dd-a9f6-003005db8da5}]

\shell\AutoRun\command - EXPLORER.EXE

\shell\explore\Command - EXPLORER.EXE

\shell\open\Command - EXPLORER.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d523730b-90ec-11dd-8ca9-00147fb5bb8f}]

\shell\AutoRun\command - EXPLORER.EXE

\shell\explore\Command - EXPLORER.EXE

\shell\open\Command - EXPLORER.EXE

 

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contenu du dossier 'Tâches planifiées'

 

2008-11-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe

HKCU-Run-meoii - c:\users\mariano\appdata\local\meoii.exe

HKLM-Run-toolbar_eula_launcher - c:\tb_eula\EULALauncher.NET.exe

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - c:\users\mariano\AppData\Roaming\Mozilla\Firefox\Profiles\9f6oubmr.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.speedbit.com/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-18 00:43:43

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2008-11-18 0:46:22

ComboFix-quarantined-files.txt 2008-11-17 20:45:22

 

Avant-CF: 2 928 742 400 octets libres

Après-CF: 2,745,012,224 octets libres

 

393 --- E O F --- 2008-11-13 23:08:23

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Ok,

 

La Réunion? Veinard!

 

Fais un tout nouveau log Hijackthis stp.

 

@ ++++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...