Ouverture de plusieurs pages internet lorsque que je ferme IE

[pitsensas]

Bonjour,

 

J'étais sur la page Internet Facebook et j'ai fermé IE avec la croix en haut à droite. IE s'est fermé et s'est ré-ouvert avec pleins de pages Internet (onglets en fait). Obligé de faire plusieurs fins de tâches de Iexplorer.exe pour m'en sortir. C'est la première fois mais je trouve cela très louche.

 

Donc, j'ai pensé à de la pub intempestives donc j'ai passé Navilog1 mais il n'a rien trouvé:

 

cleanavi.txt

Fix Navipromo version 4.0.6 commencé le 03/01/2010 19:02:14,82

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

 

Outil exécuté depuis C:\Program Files\navilog1

 

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon XP 3000+ )

BIOS : Version 1.00

USER : propriétaire ( Administrator )

BOOT : Normal boot

 

Antivirus : ESET Smart Security 4.0 4.0 (Activated)

Firewall : Pare-feu personnel d'ESET 4.0.467.0 (Activated)

 

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

F:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)

 

 

Recherche executée en mode normal

 

 

Aucune Infection Navipromo/Egdaccess trouvée

 

 

 

*** Scan terminé 03/01/2010 19:03:09,31 ***

 

Donc, je vous joins pour analyse les log RSIT:

 

info.txt logfile of random's system information tool 1.06 2010-01-03 19:05:17

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

AIDA32 v3.93-->"C:\Program Files\Protection PC\AIDA32\unins000.exe"

Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Archiveur WinRAR-->C:\Program Files\Compression\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Auslogics Disk Defrag-->"C:\Program Files\Protection PC\Auslogics Disk Defrag\unins000.exe"

BitComet 0.70-->F:\Logiciels\BitComet\uninst.exe

CCleaner-->"C:\Program Files\Protection PC\CCleaner\uninst.exe"

C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Davory-->C:\Program Files\Restauration\Davory\Davory.exe uninst

Debugging Tools for Windows (x86)-->MsiExec.exe /I{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}

ExtraFilm FotoFacil-->C:\Program Files\Extrafilm FotoFacil\Uninstall.exe

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Hide Folders XP 1.3 for Windows 2000/XP-->C:\Program Files\HideFolder\hfxp.exe /u

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

MaestroList-->"C:\Program Files\MaestroList\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe

Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}

NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI

OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Outlook Express Quick Backup-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express\Outlook Express Quick Backup\ST6UNST.LOG"

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

Philips SPC 900NC PC Camera-->C:\Program Files\InstallShield Installation Information\{51E13E14-F72A-4C97-8FD7-04322D995E2F}\setup.exe -runfromtemp -l0x040c -removeonly

Philips SPC 900NC PC Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}\Setup.exe" -l0x40c

PhotoMix 5.3-->"C:\Program Files\PhotoMix\unins000.exe"

Pro Evolution Soccer 6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1036

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Réceptions et fêtes-->"C:\Program Files\Anuman Interactive\Réceptions et fêtes\unins000.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SierraHome Hallmark Scrapbook Studio-->C:\WINDOWS\IsUninst.exe -f"c:\program files\Scrapbook Studio\HmUninst.isu" -c"c:\program files\Scrapbook Studio\Uninsthm.DLL"

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe

Spybot - Search & Destroy-->"C:\Program Files\Protection PC\Spybot - Search & Destroy\unins000.exe"

Studio-Scrap-->"C:\Program Files\Studio-Scrap\unins000.exe"

Tracks Eraser Pro v4.03-->"C:\Program Files\Protection PC\Tracks Eraser Pro\unins000.exe"

UnLockOE-->C:\Program Files\Outlook Express\UnLockOE\uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VideoLAN VLC media player 0.8.6f-->C:\Program Files\VLC\uninstall.exe

Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

WinSCP 4.0.4-->"C:\Program Files\WinSCP\unins000.exe"

WinZip-->"C:\Program Files\Compression\WinZip\WINZIP32.EXE" /uninstall

xp-AntiSpy 3.95-->C:\Program Files\Protection PC\xp-AntiSpy\Uninstall.exe

Zeb-Utility 1.2-->C:\Program Files\Protection PC\Zeb-Utility\Uninstal.exe

Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

 

======Hosts File======

 

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

 

======Security center information======

 

AV: ESET Smart Security 4.0

FW: Pare-feu personnel d'ESET

 

======System event log======

 

Computer Name: PC-FIXE

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Explorateur d'ordinateur.

 

Record Number: 2251

Source Name: Service Control Manager

Time Written: 20091024182037.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: PC-FIXE

Event Code: 26

Message: Application popup :  : Machine Check: Regs

 

Record Number: 2250

Source Name: Application Popup

Time Written: 20091024182036.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 26

Message: Application popup :  : Machine Check:

 

Record Number: 2249

Source Name: Application Popup

Time Written: 20091024182036.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 26

Message: Application popup :  : Machine Check: Regs

 

Record Number: 2248

Source Name: Application Popup

Time Written: 20091024182036.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 26

Message: Application popup :  : Machine Check:

 

Record Number: 2247

Source Name: Application Popup

Time Written: 20091024182036.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: PC-FIXE

Event Code: 102

Message: msnmsgr (708) \\.\C:\Documents and Settings\propriétaire\Local Settings\Application Data\Microsoft\Messenger\kiela.lxxx@hotmail.fr\SharingMetadata\Working\database_9610_1010_100F_F651\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

 

Record Number: 5

Source Name: ESENT

Time Written: 20090816195751.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 100

Message: msnmsgr (708) Le moteur de base de données 5.01.2600.5512 est démarré.

 

Record Number: 4

Source Name: ESENT

Time Written: 20090816195751.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 12001

Message:

Record Number: 3

Source Name: usnjsvc

Time Written: 20090816195749.000000+120

Event Type:

User:

 

Computer Name: PC-FIXE

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 2

Source Name: SecurityCenter

Time Written: 20090816192205.000000+120

Event Type: Informations

User:

 

Computer Name: PC-FIXE

Event Code: 11707

Message: Produit : Java 6 Update 15 -- Installation terminée.

 

Record Number: 1

Source Name: MsiInstaller

Time Written: 20090816182453.000000+120

Event Type: Informations

User: PC-FIXE\propriétaire

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0a00

"TEMP"=%USERPROFILE%\Local Settings\Temp

"TMP"=%USERPROFILE%\Local Settings\Temp

"windir"=%SystemRoot%

"LANG"=fr

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by propriétaire at 2010-01-03 19:04:34

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 1 GB (3%) free of 38 GB

Total RAM: 1023 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:05:15, on 03/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Temp\Aide Virus\RSIT\RSIT.exe

C:\Program Files\trend micro\propriétaire.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [MAJ Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\Tempo Lancement MAJ.vbs"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe min

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Translate with &Babylon - res://G:\Portable Babylon 7\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1254072300375

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - http://www.extrafilm.fr/ImageUploader4.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9A298E5-7642-4D3B-86AA-2EADC6CF8859}: NameServer = 212.27.54.252,212.27.53.252

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Protection PC\Tracks Eraser Pro\autocomp.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6217 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\OGALogon.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-03 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-03 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7204864]

"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]

"MAJ Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\Tempo Lancement MAJ.vbs [2009-05-09 381]

"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-09-11 2054360]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Tracks Eraser Pro"=C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe [2004-03-13 254976]

"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2008-02-25 2465839]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"aawservice"=3

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoSMConfigurePrograms"=1

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoSMConfigurePrograms"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"F:\Logiciels\eMule\emule.exe"="F:\Logiciels\eMule\emule.exe:*:Enabled:eMule"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Jeux\Pro Evolution Soccer 6\PES6.exe"="C:\Program Files\Jeux\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe"

"C:\Program Files\VLC\vlc.exe"="C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"

"F:\Logiciels\BitComet\BitComet.exe"="F:\Logiciels\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 3 months======

 

2010-01-03 19:04:35 ----D---- C:\Program Files\trend micro

2010-01-03 19:04:34 ----D---- C:\rsit

2010-01-03 19:02:14 ----A---- C:\cleannavi.txt

2010-01-03 19:01:32 ----D---- C:\Program Files\Navilog1

2010-01-03 15:53:12 ----A---- C:\WINDOWS\system32\javaws.exe

2010-01-03 15:53:11 ----A---- C:\WINDOWS\system32\javaw.exe

2010-01-03 15:53:11 ----A---- C:\WINDOWS\system32\java.exe

2010-01-03 14:43:45 ----D---- C:\Program Files\Foxit Software

2010-01-03 14:38:34 ----D---- C:\Documents and Settings\propriétaire\Application Data\Foxit

2009-12-23 22:39:17 ----D---- C:\WINDOWS\Temp

2009-12-23 21:16:18 ----A---- C:\WINDOWS\PEV.exe

2009-12-10 19:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2009-12-10 19:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-10 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-10 19:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2009-12-10 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2009-12-06 14:20:31 ----D---- C:\WINDOWS\system32\Adobe

2009-11-24 23:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2009-11-24 23:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2009-11-11 22:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2009-10-17 23:19:23 ----D---- C:\Documents and Settings\propriétaire\Application Data\ESET

2009-10-17 23:17:16 ----D---- C:\Documents and Settings\All Users\Application Data\ESET

2009-10-11 19:42:45 ----D---- C:\Documents and Settings\propriétaire\Application Data\Office Genuine Advantage

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\zh-TW

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\zh-HK

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\tr-TR

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\sv-SE

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\pt-BR

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\nl-NL

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\nb-NO

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\ko-KR

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\it-IT

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\he-IL

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\fi-FI

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\es-ES

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\el-GR

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\de-DE

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\da-DK

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\ar-SA

 

======List of files/folders modified in the last 3 months======

 

2010-01-03 19:04:35 ----RD---- C:\Program Files

2010-01-03 19:04:07 ----D---- C:\Documents and Settings\propriétaire\Application Data\Free Download Manager

2010-01-03 18:00:29 ----D---- C:\Temp

2010-01-03 16:22:09 ----D---- C:\WINDOWS\Prefetch

2010-01-03 16:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-03 16:08:11 ----D---- C:\WINDOWS\Debug

2010-01-03 16:08:11 ----D---- C:\WINDOWS

2010-01-03 15:57:15 ----ASH---- C:\boot.ini

2010-01-03 15:57:15 ----A---- C:\WINDOWS\win.ini

2010-01-03 15:57:15 ----A---- C:\WINDOWS\system.ini

2010-01-03 15:53:24 ----SHD---- C:\WINDOWS\Installer

2010-01-03 15:53:21 ----HD---- C:\Config.Msi

2010-01-03 15:53:12 ----D---- C:\WINDOWS\system32

2010-01-03 15:52:53 ----A---- C:\WINDOWS\system32\deploytk.dll

2010-01-03 14:40:18 ----D---- C:\Program Files\Free Download Manager

2010-01-03 14:26:08 ----D---- C:\Program Files\Protection PC

2010-01-03 14:20:52 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-01-03 14:20:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-01-03 13:40:14 ----N---- C:\WINDOWS\SchedLgU.Txt

2010-01-01 11:29:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-31 18:56:26 ----D---- C:\WINDOWS\system32\drivers

2009-12-24 08:41:48 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-23 22:44:11 ----D---- C:\WINDOWS\ERUNT

2009-12-23 22:43:47 ----D---- C:\Program Files\ESET

2009-12-23 21:21:45 ----D---- C:\WINDOWS\AppPatch

2009-12-23 21:21:41 ----D---- C:\Program Files\Fichiers communs

2009-12-18 21:01:30 ----RSD---- C:\WINDOWS\Fonts

2009-12-10 19:49:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-10 19:47:55 ----D---- C:\Program Files\Internet Explorer

2009-12-10 19:29:12 ----HD---- C:\WINDOWS\inf

2009-12-10 19:29:08 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-12-10 19:26:14 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-10 19:25:42 ----D---- C:\WINDOWS\system32\fr-fr

2009-12-06 14:21:01 ----D---- C:\Documents and Settings\propriétaire\Application Data\Adobe

2009-12-06 14:20:34 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

2009-11-24 23:28:08 ----D---- C:\WINDOWS\WinSxS

2009-11-08 19:00:57 ----D---- C:\Program Files\Mozilla Firefox

2009-11-05 19:32:20 ----D---- C:\WINDOWS\ie7updates

2009-11-05 19:32:17 ----D---- C:\Program Files\Java

2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\wininet.dll

2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\webcheck.dll

2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\occache.dll

2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\mstime.dll

2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\msrating.dll

2009-10-29 08:44:18 ----A---- C:\WINDOWS\system32\url.dll

2009-10-29 08:44:18 ----A---- C:\WINDOWS\system32\pngfilt.dll

2009-10-29 08:44:18 ----A---- C:\WINDOWS\system32\mshtmled.dll

2009-10-29 08:44:18 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-10-29 08:44:17 ----N---- C:\WINDOWS\system32\jsproxy.dll

2009-10-29 08:44:17 ----N---- C:\WINDOWS\system32\iernonce.dll

2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\msfeeds.dll

2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\iertutil.dll

2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\ieframe.dll

2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll

2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\ieaksie.dll

2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\ieakeng.dll

2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\extmgr.dll

2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\ieencode.dll

2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\icardie.dll

2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\dxtrans.dll

2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2009-10-29 08:44:14 ----N---- C:\WINDOWS\system32\corpol.dll

2009-10-29 08:44:14 ----A---- C:\WINDOWS\system32\advpack.dll

2009-10-28 16:07:15 ----A---- C:\WINDOWS\system32\tzchange.exe

2009-10-28 15:36:53 ----A---- C:\WINDOWS\system32\ieudinit.exe

2009-10-28 15:36:52 ----N---- C:\WINDOWS\system32\ie4uinit.exe

2009-10-28 07:52:46 ----N---- C:\WINDOWS\system32\ieakui.dll

2009-10-23 19:44:09 ----D---- C:\Documents and Settings\propriétaire\Application Data\Studio-Scrap

2009-10-21 06:39:43 ----A---- C:\WINDOWS\system32\strmfilt.dll

2009-10-21 06:39:43 ----A---- C:\WINDOWS\system32\httpapi.dll

2009-10-18 15:53:07 ----D---- C:\WINDOWS\Minidump

2009-10-17 18:34:15 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-17 18:33:30 ----RSD---- C:\WINDOWS\assembly

2009-10-17 17:49:59 ----D---- C:\WINDOWS\system32\CatRoot

2009-10-13 11:33:37 ----A---- C:\WINDOWS\system32\oakley.dll

2009-10-12 14:39:22 ----A---- C:\WINDOWS\system32\rastls.dll

2009-10-12 14:39:22 ----A---- C:\WINDOWS\system32\raschap.dll

2009-10-11 18:49:43 ----SD---- C:\WINDOWS\Tasks

2009-10-11 18:49:42 ----D---- C:\WINDOWS\system32\en-us

2009-10-11 14:45:56 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-09-11 55768]

R1 HFSYS;HFSYS; \??\C:\WINDOWS\system32\drivers\HFSYS.SYS []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]

R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-09-11 135048]

R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]

R3 camvid40;Philips SPC 900NC PC Camera; C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-09-12 1239552]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-10-17 754560]

R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]

R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-11-04 3519360]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]

R3 usbaudio;Philips USB Microphone; C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]

S3 LwAdiHid;Périphériques numériques WingMan Logitech (détection automatique); C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2004-08-03 20864]

S3 mbr;mbr; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mbr.sys []

S3 msgame;Activateur de port HID vers manette de jeu Sidewinder; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-03 153376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-30 235344]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-11-04 143427]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Autocomplete;AutoComplete Service; C:\Program Files\Protection PC\Tracks Eraser Pro\autocomp.exe [2004-03-08 24064]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-09-11 20680]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

D'avance merci pour votre aide

 

Cordialement

Modifié le 3 janvier 2010 par pitsensas

[pitsensas]

Bonjour,

 

Personne pour m'aider (au moins analyser le rapport de RSIT) ?

 

D'avance merci

A+

[pear]

Bonsoir,

 

Votre rapport ne montre que ceci:

 

S3 mbr;mbr; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mbr.sys []

Possible rootkit ou trace de rootkit.

 

Téléchargez sur le bureau

MBR Rootkit Detector 0.2.4 by gmer

Désactiver provisoirement les programmes de protection (antivirus, firewall,anti-spyware...)

Vous les réactiverez après la désinfection terminée.

Clic sur l'onglet "rootkit"

Clic sur Scan

- Un rapport sera généré -> mbr.log.

En Copier/coller le résultat dans la réponse .

En cas d'infection,vous devriez voir un rapport de ce genre:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\ACPI -> 0x858e41c0

\Driver\atapi -> 0x89bf0410

NDIS: GlobeTrotter HSxPA - Network Interface #2 -> SendCompleteHandler -> 0x8591de70

Warning: possible MBR rootkit infection !

copy of MBR has been found in sector 0x01749DDC1

malicious code @ sector 0x01749DDC4 !

PE file found in sector at 0x01749DDDA !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Dans Démarrer-> Exécuter

Copiez/Collez :

"%userprofile%\Bureau\mbr" -f

Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

 

Si vous Relancez mbr.exe ou si votre machine est saine,

Mbr.log vous dit:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

[pitsensas]

Bonjour,

 

Ci-joint le log de mbr:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

PE file found in sector at 0x04A98CC5 !

 

J'ai essayé la commande "%userprofile%\Bureau\mbr" -f mais je n'ai pas le message "original MBR restored successfully !" et toujours le message PE File found in sector .....

 

Est ce grave et que dois je faire ?

 

D'avance merci

[pear]

Bonsoir,

 

Vos rapports ne montrent rien de néfaste.

Créez un sur C:`\ un dossier nommé Gmer

Télécharger gmer

vers C:\gmer

Clic droit sur fichier téléchargé->Extraire ici

Avant toute utilisation de GMER, veuillez désactiver votre antivirus, antispyware sous peine de crash.

 

Double-clic sur gmer.exe

 

L'onglet Rootkit/Malware permet de lancer un scan anti-rootkit.

Clic sur l'onglet "rootkit"

Ne scanner que la partition système pour gagner du temps.

Faites un clic droit dans la fenêtre vide et dans options cliquez"Only non Ms Files"

 

Clic sur Scan

Les informations sur le scan s'affichent alors, les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

C'est ce qu'il faudra copier et supprimer

Le bouton Copy permet de récupérer le résultat pour effectuer un copier/coller.

Le bouton Save permet l'enregistrement du rapport sur votre disque au format texte.

Pour supprimer:

Clic droit et faire l'action voulue selon le type de la colonne de gauche.

 

Delete the service si c'est un service

Delete File pour le reste

Collez le résultat dans un prochain message

 

S'il n'y rien,

Essayez ceci:

Pour réparer Internet Explorer, vous pouvez être amené à le réinstaller.

* Démarrer-> Exécuter

* Tapez rundll32.exe setupapi, InstallHinfSection DefaultInstall 132 %windir%\Inf\ie.inf

* Cliquez sur OK

ou encore:

Réparer IE6

 

C'est nouveau, c'est écrit par Raghu Boddu, et présenté sur le site The Windows Club de Anand C Khanse (MS MVP),

Cela ré-enregistrera environ 89 fichiers DLL & OCX indispensables à IE 7 et IE 8.

 

Repair IE7 et IE8

Enregistrer sur le bureau.

Fermer Internet Explorer

Dézipper dans un dossier de votre choix

Cliquez sur Fix IE Utility

Cliquez sur Run Utility

Patientez quelques instants

Cliquez sur Renregistered All files

[pitsensas]

Bonsoir,

 

Désolé pour le délai.

 

Ci-joint le rapport du scan de Gmer:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-28 23:31:50

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pxldapob.sys

 

 

---- Modules - GMER 1.0.15 ----

 

Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F77BF000-F77C8000 (36864 bytes)

Module SISAGPX.sys (SiS AGPv3.5 Filter/Silicon Integrated Systems Corporation) F77CF000-F77D9000 (40960 bytes)

Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.67 /NVIDIA Corporation) F6765000-F6AC1000 (3522560 bytes)

Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) F6675000-F672E000 (757760 bytes)

Module \SystemRoot\system32\DRIVERS\sisnicxp.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) F7ADF000-F7AE7000 (32768 bytes)

Module \SystemRoot\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) F785F000-F786A000 (45056 bytes)

Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7B07000-F7B0C000 (20480 bytes)

Module \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) F4370000-F438D000 (118784 bytes)

Module \SystemRoot\system32\DRIVERS\epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) F42D1000-F42E4000 (77824 bytes)

Module \??\C:\WINDOWS\system32\drivers\HFSYS.SYS (Hide Folders XP driver/FSPro Labs) F65F8000-F65FC000 (16384 bytes)

Module \SystemRoot\system32\DRIVERS\camdrv41.sys (Philips camera minidriver/Philips Consumer Electronics) F406F000-F419E000 (1241088 bytes)

Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 81.67 /NVIDIA Corporation) BF9D6000-BFD91000 (3911680 bytes)

Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)

Module \SystemRoot\system32\DRIVERS\eamon.sys (Amon monitor/ESET) F3672000-F373E000 (835584 bytes)

Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F3846000-F384A000 (16384 bytes)

Module \SystemRoot\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) F3627000-F364A000 (143360 bytes)

Module \SystemRoot\System32\Drivers\Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec) F2BF9000-F2BFD000 (16384 bytes)

Module \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pxldapob.sys (GMER) EF6A6000-EF6BD000 (94208 bytes)

 

---- Processes - GMER 1.0.15 ----

 

Process C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 304

Library C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll (ESET On-demmand Scanner Kernel/ESET) 0x21E00000

Library C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll (ESET Amon Service/ESET) 0x21300000

Library C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll (ESET Emon Service/ESET) 0x02E40000

Library C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll (ESET Document Scanner Kernel/ESET) 0x02E70000

Library C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll (ESET Personal Firewall service/ESET) 0x20300000

Library C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll (ESET Antispam Service/ESET) 0x20600000

Library C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll (ESET Update Service/ESET) 0x21100000

Library C:\Program Files\ESET\ESET Smart Security\updater.dll (ESET Update Engine/ESET) 0x21000000

Library C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll (ESET MailPlugins Service/ESET) 0x22900000

 

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 340

Library C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 388

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) 536

Library C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 696

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 720

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) 764

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 776

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 932

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1032

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 1076

Library C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\ESET\ESET Smart Security\eguiScan.dll (ESET On-demmand Scanner GUI/ESET) 0x21C00000

Library C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll (ESET Amon GUI/ESET) 0x21400000

Library C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll (ESET Emon GUI/ESET) 0x21600000

Library C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll (ESET Document Scanner GUI/ESET) 0x23200000

Library C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll (ESET Personal Firewall UI/ESET) 0x20400000

Library C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll (ESET Antispam GUI/ESET) 0x20800000

Library C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll (ESET Update GUI/ESET) 0x21200000

Library C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll (ESET MailPlugins GUI/ESET) 0x22B00000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1096

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1132

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe (Acesoft) 1152

Library C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe (Acesoft) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\WinSCP\DragExt.dll (Drag&Drop shell extension for WinSCP/Martin Prikryl) 0x01AD0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1352

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Free Download Manager\fdm.exe (Free Download Manager/FreeDownloadManager.ORG) 1480

Library C:\Program Files\Free Download Manager\fdm.exe (Free Download Manager/FreeDownloadManager.ORG) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\Free Download Manager\fum\fumcore.dll 0x10000000

 

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1496

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\WINDOWS\system32\HpTcpMon.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x10000000

Library C:\WINDOWS\system32\hpzjrd01.dll (HP Rediscovery Library/Hewlett Packard) 0x009B0000

Library C:\WINDOWS\system32\HPTcpMUI.dll (Standard TCP/IP Port Monitor UI DLL/Microsoft Corporation) 0x00CE0000

Library C:\WINDOWS\system32\hptcpmib.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x00D40000

Library C:\WINDOWS\system32\hpzlnt05.dll (HP) 0x00D80000

Library C:\WINDOWS\system32\hpz3l054.dll (LanguageMonitor/Hewlett-Packard Company) 0x00DC0000

Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00DD0000

Library C:\WINDOWS\system32\pdfcmnnt.dll 0x00DE0000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll (Hewlett-Packard Corporation) 0x00E60000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00E80000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000

 

Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1560

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\WinSCP\DragExt.dll (Drag&Drop shell extension for WinSCP/Martin Prikryl) 0x02040000

Library C:\PROGRA~1\COMPRE~1\WINZIP\WZSHLSTB.DLL (WinZip Shell Extension DLL/WinZip Computing, Inc.) 0x16200000

Library C:\Program Files\Compression\WinRAR\rarext.dll 0x03640000

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x10000000

Library C:\Program Files\ESET\ESET Smart Security\shellExt.dll (Shell Extension/ESET) 0x22000000

 

Process C:\Documents and Settings\propriétaire\Bureau\gmer.exe 1880

Library C:\Documents and Settings\propriétaire\Bureau\gmer.exe 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 1976

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\explorer.exe (Explorateur Windows/Microsoft Corporation) 3040

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3368

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

---- Services - GMER 1.0.15 ----

 

Service (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32

Service C:\Program Files\Protection PC\Tracks Eraser Pro\autocomp.exe (Acesoft) [MANUAL] Autocomplete

Service C:\WINDOWS\system32\DRIVERS\camdrv41.sys (Philips camera minidriver/Philips Consumer Electronics) [MANUAL] camvid40

Service C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) [MANUAL] cmuda

Service C:\WINDOWS\system32\DRIVERS\eamon.sys (Amon monitor/ESET) [AUTO] eamon

Service C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) [sYSTEM] ehdrv

Service C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET HTTP Server Service/ESET) [MANUAL] EhttpSrv

Service C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) [AUTO] ekrn

Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan) [MANUAL] ENTECH

Service C:\WINDOWS\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) [AUTO] epfw

Service C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) [MANUAL] Epfwndis

Service C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) [sYSTEM] epfwtdi

Service C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) [MANUAL] gmer

Service C:\WINDOWS\system32\drivers\HFSYS.SYS (Hide Folders XP driver/FSPro Labs) [sYSTEM] HFSYS

Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412

Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12

Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12

Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService

Service C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys (Logitech WingMan Digital Game Controller Driver (HID)/Logitech Inc.) [MANUAL] LwAdiHid

Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector

Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService

Service C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mbr.sys [MANUAL] mbr

Service MSDTC Bridge 3.0.0.0

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.67 /NVIDIA Corporation) [MANUAL] nv

Service C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 81.67/NVIDIA Corporation) [AUTO] NVSvc

Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelService 3.0.0.0

Service C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (SiS AGPv3.5 Filter/Silicon Integrated Systems Corporation) [bOOT] SISAGP

Service C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC

Service C:\WINDOWS\system32\DRIVERS\sisnicxp.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNICXP

Service SMSvcHost 3.0.0.0

Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1

Service System32\Drivers\sptd.sys [bOOT] sptd

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip

Service Windows Workflow Foundation 3.0.0.0

 

---- EOF - GMER 1.0.15 ----

 

D'avance merci pour votre retour

Cordialement

[pear]

Bonjour,

Avant toute utilisation de GMER, veuillez désactiver votre antivirus, antispyware sous peine de BSOD.

Double-clic sur gmer.exe

 

L'onglet Rootkit/Malware permet de lancer un scan anti-rootkit.

Clic sur l'onglet "rootkit"

Ne scanner que la partition système pour gagner du temps.

Faites un clic droit dans la fenêtre vide et dans options cliquez"Only non Ms Files"

 

Clic sur Scan

Les informations sur le scan s'affichent alors, les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

C'est ce qu'il faudra copier et supprimer

Le bouton Copy permet de récupérer le résultat pour effectuer un copier/coller.

Le bouton Save permet l'enregistrement du rapport sur votre disque au format texte.

Pour supprimer:

Clic sur:

Service C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mbr.sys [MANUAL] mbr pour mettre en surbrillance

Clic droit et faire l'action voulue selon le type de la colonne de gauche.

 

 

Et , si ce n'est pas fait, réparer Internet Explorer comme indiqué.

 

 

Nettoyer les fichiers temporaires:

Téléchargez TFC par OldTimer sur votre Bureau

Faites un double clic sur TFC.exe pour le lancer.

Sous Vista, faites un clic droit sur le fichier et choisissez Exécuter en tant qu'Administrateur

L'outil va fermer tous les programmes lors de son exécution, donc vérifiez que vous avez sauvegardé tout votre travail en cours auparavant.

Cliquez sur le bouton Start pour lancer le processus.

Selon la fréquence à laquelle vous supprimez vos fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux.

Laissez le programme s'exécuter sans l'interrompre.

Lorsqu'il aura terminé, l'outil devrait faire redémarrer votre systèmepour parachever le nettoyage..

S'il ne le faisait pas,faites redémarrer manuellement le PC

Modifié le 29 janvier 2010 par pear

[pitsensas]

Bonsoir,

 

Ci-dessous le nouveau rapport de Gmer après suppresion de la ligne "mbr.sys"

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-06 20:55:34

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pxldapob.sys

 

 

---- Modules - GMER 1.0.15 ----

 

Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F77BF000-F77C8000 (36864 bytes)

Module SISAGPX.sys (SiS AGPv3.5 Filter/Silicon Integrated Systems Corporation) F77CF000-F77D9000 (40960 bytes)

Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.67 /NVIDIA Corporation) F66E1000-F6A3D000 (3522560 bytes)

Module \SystemRoot\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) F65F1000-F66AA000 (757760 bytes)

Module \SystemRoot\system32\DRIVERS\sisnicxp.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) F7ABF000-F7AC7000 (32768 bytes)

Module \SystemRoot\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) F6A3D000-F6A48000 (45056 bytes)

Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7AE7000-F7AEC000 (20480 bytes)

Module \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) F42EC000-F4309000 (118784 bytes)

Module \SystemRoot\system32\DRIVERS\epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) F424D000-F4260000 (77824 bytes)

Module \??\C:\WINDOWS\system32\drivers\HFSYS.SYS (Hide Folders XP driver/FSPro Labs) F657C000-F6580000 (16384 bytes)

Module \SystemRoot\system32\DRIVERS\camdrv41.sys (Philips camera minidriver/Philips Consumer Electronics) F3FEB000-F411A000 (1241088 bytes)

Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 81.67 /NVIDIA Corporation) BF9D6000-BFD91000 (3911680 bytes)

Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)

Module \SystemRoot\system32\DRIVERS\eamon.sys (Amon monitor/ESET) F35EE000-F36BA000 (835584 bytes)

Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F37CE000-F37D2000 (16384 bytes)

Module \SystemRoot\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) F35A3000-F35C6000 (143360 bytes)

Module \SystemRoot\System32\Drivers\Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec) F2B75000-F2B79000 (16384 bytes)

Module \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pxldapob.sys (GMER) F0FDC000-F0FF3000 (94208 bytes)

 

---- Processes - GMER 1.0.15 ----

 

Process C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 340

Library C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll (ESET On-demmand Scanner Kernel/ESET) 0x21E00000

Library C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll (ESET Amon Service/ESET) 0x21300000

Library C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll (ESET Emon Service/ESET) 0x03020000

Library C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll (ESET Document Scanner Kernel/ESET) 0x03050000

Library C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll (ESET Personal Firewall service/ESET) 0x20300000

Library C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll (ESET Antispam Service/ESET) 0x20600000

Library C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll (ESET Update Service/ESET) 0x21100000

Library C:\Program Files\ESET\ESET Smart Security\updater.dll (ESET Update Engine/ESET) 0x21000000

Library C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll (ESET MailPlugins Service/ESET) 0x22900000

 

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 372

Library C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 488

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 524

Library C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\ESET\ESET Smart Security\eguiScan.dll (ESET On-demmand Scanner GUI/ESET) 0x21C00000

Library C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll (ESET Amon GUI/ESET) 0x21400000

Library C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll (ESET Emon GUI/ESET) 0x21600000

Library C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll (ESET Document Scanner GUI/ESET) 0x23200000

Library C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll (ESET Personal Firewall UI/ESET) 0x20400000

Library C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll (ESET Antispam GUI/ESET) 0x20800000

Library C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll (ESET Update GUI/ESET) 0x21200000

Library C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll (ESET MailPlugins GUI/ESET) 0x22B00000

 

Process C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) 568

Library C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 696

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 720

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) 764

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 776

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 932

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Documents and Settings\propriétaire\Bureau\gmer.exe 984

Library C:\Documents and Settings\propriétaire\Bureau\gmer.exe 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1032

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1096

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1128

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 1260

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1428

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\Program Files\Free Download Manager\fdm.exe (Free Download Manager/FreeDownloadManager.ORG) 1444

Library C:\Program Files\Free Download Manager\fdm.exe (Free Download Manager/FreeDownloadManager.ORG) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\Free Download Manager\fum\fumcore.dll 0x10000000

 

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1484

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\WINDOWS\system32\HpTcpMon.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x10000000

Library C:\WINDOWS\system32\hpzjrd01.dll (HP Rediscovery Library/Hewlett Packard) 0x009B0000

Library C:\WINDOWS\system32\HPTcpMUI.dll (Standard TCP/IP Port Monitor UI DLL/Microsoft Corporation) 0x00CE0000

Library C:\WINDOWS\system32\hptcpmib.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x00D40000

Library C:\WINDOWS\system32\hpzlnt05.dll (HP) 0x00D80000

Library C:\WINDOWS\system32\hpz3l054.dll (LanguageMonitor/Hewlett-Packard Company) 0x00DC0000

Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00DD0000

Library C:\WINDOWS\system32\pdfcmnnt.dll 0x00DE0000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll (Hewlett-Packard Corporation) 0x00E60000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00E80000

Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000

 

Process C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe (Acesoft) 1512

Library C:\Program Files\Protection PC\Tracks Eraser Pro\te.exe (Acesoft) 0x00400000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\WinSCP\DragExt.dll (Drag&Drop shell extension for WinSCP/Martin Prikryl) 0x01AD0000

 

Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1552

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\WinSCP\DragExt.dll (Drag&Drop shell extension for WinSCP/Martin Prikryl) 0x02060000

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x10000000

Library C:\PROGRA~1\COMPRE~1\WINZIP\WZSHLSTB.DLL (WinZip Shell Extension DLL/WinZip Computing, Inc.) 0x16200000

Library C:\Program Files\Compression\WinRAR\rarext.dll 0x01DE0000

Library C:\Program Files\ESET\ESET Smart Security\shellExt.dll (Shell Extension/ESET) 0x22000000

Library C:\WINDOWS\system32\CmdLineExt.dll (SecuROM Context-Menu for Explorer./Sony DADC Austria AG.) 0x03160000

 

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 2020

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3524

Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

 

---- Services - GMER 1.0.15 ----

 

Service (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32

Service C:\Program Files\Protection PC\Tracks Eraser Pro\autocomp.exe (Acesoft) [MANUAL] Autocomplete

Service C:\WINDOWS\system32\DRIVERS\camdrv41.sys (Philips camera minidriver/Philips Consumer Electronics) [MANUAL] camvid40

Service C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Audio WDM Driver/C-Media Inc) [MANUAL] cmuda

Service C:\WINDOWS\system32\DRIVERS\eamon.sys (Amon monitor/ESET) [AUTO] eamon

Service C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) [sYSTEM] ehdrv

Service C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET HTTP Server Service/ESET) [MANUAL] EhttpSrv

Service C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) [AUTO] ekrn

Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan) [MANUAL] ENTECH

Service C:\WINDOWS\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) [AUTO] epfw

Service C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) [MANUAL] Epfwndis

Service C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (ESET Personal Firewall TDI filter/ESET) [sYSTEM] epfwtdi

Service C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) [MANUAL] gmer

Service C:\WINDOWS\system32\drivers\HFSYS.SYS (Hide Folders XP driver/FSPro Labs) [sYSTEM] HFSYS

Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412

Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12

Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12

Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService

Service C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys (Logitech WingMan Digital Game Controller Driver (HID)/Logitech Inc.) [MANUAL] LwAdiHid

Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector

Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService

Service MSDTC Bridge 3.0.0.0

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.67 /NVIDIA Corporation) [MANUAL] nv

Service C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 81.67/NVIDIA Corporation) [AUTO] NVSvc

Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelService 3.0.0.0

Service C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (SiS AGPv3.5 Filter/Silicon Integrated Systems Corporation) [bOOT] SISAGP

Service C:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC

Service C:\WINDOWS\system32\DRIVERS\sisnicxp.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNICXP

Service SMSvcHost 3.0.0.0

Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1

Service System32\Drivers\sptd.sys [bOOT] sptd

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip

Service Windows Workflow Foundation 3.0.0.0

 

---- EOF - GMER 1.0.15 ----

 

Je lance le nettoyage des fichiers temporaires

A+