Se connecter / S'enregistrer
Votre question

mon ordinateur rame quand je vais sur internet iexplore.exe presque à 100%

Tags :
  • Ordinateur
  • Google Plus
  • Internet
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Juillet 2012 09:00:34

J'ai plusieurs soucis depuis quelques temps:
windowsupdate me redirige vers google.fr
Mon pc rame, le process est presque à 100% dès que j'ouvre une page internet...
S'il y a une ^^ame charitable par ici, j'aimerais bien un peu d'aide!

merci

Autres pages sur : ordinateur rame vais internet iexplore exe presque 100

7 Juillet 2012 09:15:37

Bonjour à toi aussi


étape 1

Télécharge DDS de sUBs sur ton bureau.
L'outil ne nécessite pas d'installation.

Lance-le en cliquant sur l'icône dds.scr:

Cette fenêtre DOS va apparaitre:



Le scan ne doit pas dépasser trois minutes.

Deux rapports seront générés, Enregistre les rapports DDS.txt et Attach.txt.



Poste le rapport DDS.txt, tu ne fourniras le rapport Attach.txt que s'il t'est demandé.


<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

++

****
étape 2


Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php

Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
Clic en bas à droite sur le bouton « Scan » pour lancer le scan.



Lorsque le scan est terminé, clic sur « Copy »

Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
7 Juillet 2012 09:28:46

Merci beaucoup de ton aide je fais le necessaire de suite.
Contenus similaires
7 Juillet 2012 09:30:55

ton lien pour gmer ne fonctionne pas.
tu n'en as pas un autre
7 Juillet 2012 09:33:35

Voici pour l'étape 1 et les deux rapports dds:
dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Serval at 9:27:25 on 2012-07-07
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.192 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\VM301Snap.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\apps\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Ereduxoh] "d:\documents and settings\serval.keaton\application data\uvyns\qeary.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ulead AutoDetector v2] c:\program files\fichiers communs\ulead systems\autodetector\monitor.exe
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [BigDogPath] c:\windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
mRun: [Domino] c:\windows\Domino.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [AppleSyncNotifier] c:\program files\fichiers communs\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Vade Retro Outlook Express] "c:\progra~1\gotoso~1\vadere~1\Vaderetro_oe.exe"
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [APSDaemon] "c:\program files\fichiers communs\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.15\amvconverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_26.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\apps\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/...
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.ma-config.com/plugins/MaConfig_5_2_2_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7DE9B7CD-685E-4E3E-AFBB-7741E2E817A7} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\apps\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-07 03:59:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-06 03:42:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 08:14:33 -------- d-----w- d:\documents and settings\serval.keaton\application data\Uvyns
2012-07-02 08:14:33 -------- d-----w- d:\documents and settings\serval.keaton\application data\Onebhi
2012-07-02 08:14:33 -------- d-----w- d:\documents and settings\serval.keaton\application data\Fyxuc
2012-07-01 05:27:56 -------- d-----w- d:\documents and settings\serval.keaton\application data\PriceGong
2012-07-01 04:50:18 -------- d-----w- d:\documents and settings\all users\application data\Freemake
2012-07-01 04:49:41 -------- d-----w- c:\program files\Conduit
2012-07-01 04:49:38 -------- d-----w- d:\documents and settings\serval.keaton\local settings\application data\Conduit
2012-06-13 04:45:21 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-11 12:48:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 12:48:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19:48 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:30 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:30 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:18 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:03 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55:57 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:31:02,14 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Édition familiale
Boot Device: \Device\HarddiskVolume2
Install Date: 13/04/2009 08:30:37
System Uptime: 07/07/2012 08:38:57 (1 hours ago)
.
Motherboard: NEC COMPUTERS INTERNATIONAL | | GA-8I915PMD
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | Socket 775 | 2926/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 4,363 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 71,805 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP943: 08/04/2012 11:22:45 - Point de vérification système
RP944: 09/04/2012 13:08:48 - Point de vérification système
RP945: 10/04/2012 19:15:41 - Point de vérification système
RP946: 12/04/2012 09:16:07 - Point de vérification système
RP947: 12/04/2012 16:16:03 - Software Distribution Service 3.0
RP948: 12/04/2012 20:23:35 - Software Distribution Service 3.0
RP949: 14/04/2012 19:10:47 - Point de vérification système
RP950: 16/04/2012 18:28:11 - Point de vérification système
RP951: 18/04/2012 15:32:00 - Point de vérification système
RP952: 20/04/2012 10:07:44 - Supprimé Bonjour
RP953: 21/04/2012 16:35:55 - Point de vérification système
RP954: 23/04/2012 09:07:57 - Point de vérification système
RP955: 24/04/2012 10:11:48 - Point de vérification système
RP956: 25/04/2012 11:54:54 - Point de vérification système
RP957: 26/04/2012 12:20:24 - Point de vérification système
RP958: 28/04/2012 11:40:55 - Point de vérification système
RP959: 29/04/2012 15:12:47 - Point de vérification système
RP960: 01/05/2012 17:12:05 - Point de vérification système
RP961: 03/05/2012 13:40:56 - Point de vérification système
RP962: 05/05/2012 17:21:53 - Point de vérification système
RP963: 08/05/2012 19:22:07 - Point de vérification système
RP964: 09/05/2012 19:22:44 - Point de vérification système
RP965: 26/05/2012 05:49:44 - Software Distribution Service 3.0
RP966: 06/06/2012 08:53:37 - Software Distribution Service 3.0
RP967: 13/06/2012 06:48:58 - Software Distribution Service 3.0
RP968: 15/06/2012 09:45:58 - Point de vérification système
RP969: 16/06/2012 09:51:02 - Point de vérification système
RP970: 18/06/2012 10:43:28 - Point de vérification système
RP971: 19/06/2012 13:37:29 - Point de vérification système
RP972: 20/06/2012 16:05:35 - Point de vérification système
RP973: 25/06/2012 04:52:36 - Point de vérification système
RP974: 28/06/2012 07:41:25 - Point de vérification système
RP975: 29/06/2012 12:51:38 - Point de vérification système
RP976: 04/07/2012 16:42:07 - Point de vérification système
RP977: 05/07/2012 18:57:23 - Point de vérification système
RP978: 06/07/2012 06:03:38 - Supprimé REALTEK GbE & FE Ethernet PCI NIC Driver
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
470_Help
470_Readme
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1 - Français
adsl TV
AIDA32 v3.93
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Athan Basic 4.2
BPD_HPSU
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Codeur Windows Media Série 9
CustomerResearchQFolder
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
eReg
eSupportQFolder
Google Update Helper
H470
Hotfix for Windows XP (KB976002-v5)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP Officejet H470 Series
HP Product Assistant
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 4.7.5 (Full)
Lecteur Windows Media 11
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 CD-ROM 2
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2530548)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2559049)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2586448)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2647516)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2675157)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2699988)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2621440)
Mise à jour de sécurité pour Windows XP (KB2641653)
Mise à jour de sécurité pour Windows XP (KB2647518)
Mise à jour de sécurité pour Windows XP (KB2653956)
Mise à jour de sécurité pour Windows XP (KB2659262)
Mise à jour de sécurité pour Windows XP (KB2660465)
Mise à jour de sécurité pour Windows XP (KB2661637)
Mise à jour de sécurité pour Windows XP (KB2676562)
Mise à jour de sécurité pour Windows XP (KB2685939)
Mise à jour de sécurité pour Windows XP (KB2686509)
Mise à jour de sécurité pour Windows XP (KB2695962)
Mise à jour de sécurité pour Windows XP (KB2707511)
Mise à jour de sécurité pour Windows XP (KB2709162)
Mise à jour pour Windows Internet Explorer 8 (KB968220)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB976749)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows XP (KB2718704)
Mises à jour NVIDIA 1.7.11
MobileMe Control Panel
Module de compatibilité pour Microsoft Office System 2007
MP3 Player Utilities 4.15
MPM
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA Pilote graphique 296.10
NVIDIA Update Components
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Panneau de configuration NVIDIA 296.10
PIF DESIGNER
ProductContext
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Safari
Security Update for CAPICOM (KB931906)
Skype Click to Call
Skype™ 5.5
SolutionCenter
Sonic MyDVD
Sonic RecordNow!
SonicStage 3.4
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.5
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== End Of File ===========================
7 Juillet 2012 09:36:20

quand je tape gmer dans google ou que je tape directement l'adresse ça me redirige vers google.fr
7 Juillet 2012 09:53:36

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-07 09:51:27
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\kxldqpoc.sys


---- Modules - GMER 1.0.15 ----

Module cujuvxgy.sys F765B000-F7669000 (57344 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F773B000-F7744000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Windows XP Miniport Driver, Version 296.10 /NVIDIA Corporation) F657A000-F7246000 (13418496 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) F653E000-F6566000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F6509000-F651A000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7A0B000-F7A11000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7A1B000-F7A20000 (20480 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) F3F40000-F4263000 (3289088 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Windows XP Display driver, Version 296.10 /NVIDIA Corporation) BD012000-BD42F000 (4313088 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) F726E000-F7272000 (16384 bytes)
Module \SystemRoot\System32\Drivers\LBeepKE.sys (Logitech Consumer Control Filter Driver./Logitech, Inc.) F7CCC000-F7CCD000 (4096 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F7A3B000-F7A43000 (32768 bytes)
Module \??\D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\mbr.sys F79C3000-F79CA000 (28672 bytes)
Module \??\D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\kxldqpoc.sys (GMER) B6349000-B6362000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 156
Library C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00D70000
Library C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll (HP CUE Writing System Information Objects/Hewlett-Packard Co.) 0x10000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll (HP CUE Status Imp/Hewlett-Packard Co.) 0x17000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll (HP CUE PMLEventMonitorPlugin/Hewlett-Packard Co.) 0x17200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc (CUE StatusIOPML Combined resource DLL/Hewlett-Packard Co.) 0x016E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x016F0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc (Combined resource DLL/Hewlett-Packard Co.) 0x01920000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x019E0000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 520
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 544
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 564
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) 588
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 600
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 772
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 820
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 888
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 928
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 968
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\AppleVersions.dll (Apple Software Support Version Check Dynamic Link Library/Apple Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\YSCrashDump.dll (YSCrashDump.dll/Apple Inc.) 0x00620000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00640000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00760000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00770000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x007A0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libicuin.dll (ICU I18N DLL/The ICU Project) 0x007C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libicuuc.dll (ICU Common DLL/The ICU Project) 0x00910000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt46.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll (ASL.dll/Apple Inc.) 0x00A10000
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00AA0000
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\MobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x01270000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll 0x5A4C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.) 0x01320000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x01590000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll 0x01610000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1008
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
7 Juillet 2012 09:54:14

la suite du rapport gmer:

Process c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 1048
Library c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\TV\CLCapEngine.dll 0x10000000
Library c:\Apps\Powercinema\Kernel\TV\PCMRRec4.dll (CLRec4.1/CyberLink Corp.) 0x00D90000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000
Library c:\Apps\Powercinema\Kernel\TV\CLCapSvcps.dll 0x01040000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1068
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) 1124
Library C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1140
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll (Microsoft Common Language Runtime - WorkStation/Microsoft Corporation) 0x79760000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1208
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\E_FLMACE.DLL (EPSON Bi-directional Monitor/SEIKO EPSON CORPORATION) 0x50400000
Library C:\WINDOWS\system32\hpz3l5k2.dll (LanguageMonitor/Hewlett-Packard Company) 0x009B0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5k2.dll (Hewlett-Packard Corporation) 0x00D70000

Process D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\Rar$EX03.125\gmer.exe 1244
Library D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\Rar$EX03.125\gmer.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00F60000

Process c:\APPS\HIDSERVICE\HIDSERVICE.exe 1316
Library c:\APPS\HIDSERVICE\HIDSERVICE.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink MediaLibrary NT Service/Cyberlink) 1328
Library C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink MediaLibrary NT Service/Cyberlink) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll 0x10000000

Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1500
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x01D30000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x037A0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1564
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\program files\hp\digital imaging\bin\hpqddsvc.dll (HP CUE DeviceDiscovery Service/Hewlett-Packard Co.) 0x10000000
Library c:\program files\hp\digital imaging\bin\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library c:\program files\hp\digital imaging\bin\hpqcxs08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x14A00000
Library C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000

Process C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 1620
Library C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x048C0000

Process C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 1652
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 0x00400000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\u32Comm.dll (Error Handle/Ulead Systems, Inc.) 0x4A100000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\DetMethod.dll 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor_Res.dll (AutoDetector/Ulead Systems, Inc.) 0x008A0000

Process C:\Apps\Powercinema\PCMService.exe (CyberLink PowerCinema Resident Program/CyberLink Corp.) 1660
Library C:\Apps\Powercinema\PCMService.exe (CyberLink PowerCinema Resident Program/CyberLink Corp.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Apps\Powercinema\helper.dll (Helper.dll/CyberLink Corp.) 0x10000000
Library c:\Apps\Powercinema\Kernel\common\CLRCEngine3.dll (Cyberlink Remote Control Module for PCM/CyberLink Corp.) 0x012E0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x02360000
Library c:\Apps\Powercinema\Kernel\TV\CLCapX.dll (CLCapX/Cyberlink) 0x02150000

Process C:\apps\ABoard\ABoard.exe (Activboard Application/NEC Computers International) 1684
Library C:\apps\ABoard\ABoard.exe (Activboard Application/NEC Computers International) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\apps\ABoard\AHook.dll (AHook Dynamic Link Library/NEC Computers International) 0x10000000

Process C:\WINDOWS\VM301Snap.exe (Vimicro/Vimicro) 1692
Library C:\WINDOWS\VM301Snap.exe (Vimicro/Vimicro) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000

Process C:\apps\ABoard\AOSD.exe (ActivOSD Application/NEC Computers International) 1700
Library C:\apps\ABoard\AOSD.exe (ActivOSD Application/NEC Computers International) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00920000

Process C:\WINDOWS\Domino.exe 1712
Library C:\WINDOWS\Domino.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000

Process C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 1720
Library C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003F0000

Process C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe 1728
Library C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003E0000

Process C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe 1760
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00950000

Process C:\Program Files\Athan\Athan.exe ( Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. /www.IslamicFinder.org) 1768
Library C:\Program Files\Athan\Athan.exe ( Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. /www.IslamicFinder.org) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x013F0000
Library C:\Program Files\Athan\vbh.dll 0x10000000
Library C:\Program Files\Athan\vbp.dll 0x02570000
Library C:\Program Files\Athan\vbq.dll 0x02620000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000
Library C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax 0x02E30000
Library C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/Gabest) 0x031F0000

Process C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.) 1784
Library C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 1792
Library C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\RunDLL32.exe (Exécuter une DLL en tant qu'application/Microsoft Corporation) 1844
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\NvMCTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 296.10 /NVIDIA Corporation) 0x00AC0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00A30000
Library C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll (NVIDIA Update Components, 1.7.11.0/NVIDIA Corporation) 0x01110000
Library C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL (Easy daemon API/NVIDIA Corporation) 0x013D0000
Library C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL (NVIDIA French language resource library/NVIDIA Corporation) 0x014B0000
Library C:\WINDOWS\system32\NVRSFR.DLL (NVIDIA French language resource library/NVIDIA Corporation) 0x02560000

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 1852
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x10000000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00E10000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x01850000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1860
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00B00000

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 1944
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x10000000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00E40000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00260000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Co.) 2016
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003D0000
Library C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll (HP U/I COM Objects/Hewlett-Packard Co.) 0x14000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc (CUE TrayApp Combined resource DLL/Hewlett-Packard Co.) 0x15000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll (HP Digital Imaging Monitor Objects (CUE)/Hewlett-Packard Co.) 0x15800000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll (HP All-in-One TrayAppPlugin/Hewlett-Packard Co.) 0x16600000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc (AiO TrayAppPlugIn Combined resource DLL/Hewlett-Packard Co.) 0x16750000
Library C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll (HP Digital Imaging Monitor PlugIn (AiO)/Hewlett-Packard Co.) 0x10000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll (HP RedBox Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01620000
Library C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll (HP Mars Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01680000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x016F0000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x01C40000
Library C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll (HP CUE DeviceDiscovery User/Hewlett-Packard Co.) 0x01910000
Library C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll (Hewlett-Packard Market Research/Hewlett-Packard Co.) 0x01970000
Library C:\WINDOWS\system32\hpzidr12.dll (IEEE-1284.4-1999 Run-time library (kernel)/Hewlett-Packard) 0x01A00000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2200
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\windows\system32\hpzinw12.dll (Dot4Net Module/Hewlett-Packard) 0x00670000

Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) 2236
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 296.10 /NVIDIA Corporation)
7 Juillet 2012 09:54:55

et la fin:

Process C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 2336
Library C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2356
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\windows\system32\hpzipm12.dll (PmlDrv Module/Hewlett-Packard) 0x00670000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 2472
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00E60000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x035E0000

Process D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) 2476
Library D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2724
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process c:\APPS\Powercinema\Kernel\TV\CLSched.exe 2772
Library c:\APPS\Powercinema\Kernel\TV\CLSched.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\TV\CLCapSvcps.dll 0x10000000
Library c:\Apps\Powercinema\Kernel\TV\CLSchMgr.dll 0x01030000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 3228
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00D70000
Library C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_257.ocx (Adobe Flash Player 11.3 r300/Adobe Systems, Inc.) 0x10000000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 3440
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.3 r300/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [BOOT] amdagp
Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys (Wondershare Virtual Audio Device/Wondershare) [MANUAL] AsAudioDevice_349
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [BOOT] asc
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [BOOT] asc3550
Service c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [AUTO] CLCapSvc
Service c:\APPS\Powercinema\Kernel\TV\CLSched.exe [AUTO] CLSched
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (Pilote de bus PCI IDE CMD/CMD Technology, Inc.) [BOOT] CmdIde
Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) [AUTO] CyberLink Media Library Service
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [BOOT] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service c:\APPS\HIDSERVICE\HIDSERVICE.exe [AUTO] GenericHidService
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Programme d'installation de Google/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Programme d'installation de Google/Google Inc.) [MANUAL] gupdatem
Service C:\WINDOWS\system32\drivers\HdAudio.sys (High Definition Audio Function Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HdAudAddService
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) [MANUAL] L8042Kbd
Service C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech, Inc.) [MANUAL] L8042mou
Service C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Consumer Control Filter Driver./Logitech, Inc.) [AUTO] LBeepKE
Service C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.) [MANUAL] LHidFilt
Service C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.) [MANUAL] LMouFilt
Service C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) [MANUAL] LMouKE
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [BOOT] mraid35x
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module/Sony Corporation) [MANUAL] MSCSPTISRV
Service C:\APPS\Inventime\mysql\bin\mysqld-nt.exe [MANUAL] MysqlInventime
Service system32\drivers\nmwcdnsu.sys [MANUAL] nmwcdnsu
Service system32\drivers\nmwcdnsuc.sys [MANUAL] nmwcdnsuc
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Windows XP Miniport Driver, Version 296.10 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) [AUTO] NVSvc
Service C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) [AUTO] nvUpdatusService
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (PACSPTISVR Module/Sony Corporation) [MANUAL] PACSPTISVR
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1280
Service C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [BOOT] sisagp
Service D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) [AUTO] Skype C2C Service
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [BOOT] Sparrow
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe (SPTISRV Module/Sony Corporation) [MANUAL] SPTISRV
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (SonicStage Scsi I/F Server/Sony Corporation) [MANUAL] SSScsiSV
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [BOOT] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [BOOT] symc8xx
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [BOOT] sym_u3
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Gestionnaire de miniport ULTRA66 de Promise/Promise Technology, Inc.) [BOOT] ultra
Service system32\DRIVERS\usbser_lowerflt.sys [MANUAL] upperdev
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service Wmi
Service C:\WINDOWS\System32\Drivers\usbVM31b.sys (Video and Capture Device Driver/Vimicro Corporation) [MANUAL] ZSMC301b

---- EOF - GMER 1.0.15 ----
7 Juillet 2012 10:03:00

Désolé, j'avais oublié de désactiver malware.

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-07 10:00:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\kxldqpoc.sys


---- Modules - GMER 1.0.15 ----

Module cujuvxgy.sys F765B000-F7669000 (57344 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F773B000-F7744000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Windows XP Miniport Driver, Version 296.10 /NVIDIA Corporation) F657A000-F7246000 (13418496 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) F653E000-F6566000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F6509000-F651A000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7A0B000-F7A11000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7A1B000-F7A20000 (20480 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) F3F40000-F4263000 (3289088 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Windows XP Display driver, Version 296.10 /NVIDIA Corporation) BD012000-BD42F000 (4313088 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) F726E000-F7272000 (16384 bytes)
Module \SystemRoot\System32\Drivers\LBeepKE.sys (Logitech Consumer Control Filter Driver./Logitech, Inc.) F7CCC000-F7CCD000 (4096 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F7A3B000-F7A43000 (32768 bytes)
Module \??\D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\mbr.sys F79C3000-F79CA000 (28672 bytes)
Module \??\D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\kxldqpoc.sys (GMER) B6349000-B6362000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 156
Library C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status Root/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00D70000
Library C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll (HP CUE Writing System Information Objects/Hewlett-Packard Co.) 0x10000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll (HP CUE Status Imp/Hewlett-Packard Co.) 0x17000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll (HP CUE PMLEventMonitorPlugin/Hewlett-Packard Co.) 0x17200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc (CUE StatusIOPML Combined resource DLL/Hewlett-Packard Co.) 0x016E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x016F0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc (Combined resource DLL/Hewlett-Packard Co.) 0x01920000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x019E0000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 520
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 544
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 564
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) 588
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 600
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 772
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 820
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 888
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 928
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 968
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\AppleVersions.dll (Apple Software Support Version Check Dynamic Link Library/Apple Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\YSCrashDump.dll (YSCrashDump.dll/Apple Inc.) 0x00620000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00640000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00760000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00770000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x007A0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libicuin.dll (ICU I18N DLL/The ICU Project) 0x007C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libicuuc.dll (ICU Common DLL/The ICU Project) 0x00910000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\icudt46.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\ASL.dll (ASL.dll/Apple Inc.) 0x00A10000
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00AA0000
Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\MobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x01270000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll 0x5A4C0000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.) 0x01320000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x01590000
Library C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll 0x01610000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1008
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 1048
Library c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\TV\CLCapEngine.dll 0x10000000
Library c:\Apps\Powercinema\Kernel\TV\PCMRRec4.dll (CLRec4.1/CyberLink Corp.) 0x00D90000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000
Library c:\Apps\Powercinema\Kernel\TV\CLCapSvcps.dll 0x01040000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1068
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) 1124
Library C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 1140
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll (Microsoft Common Language Runtime - WorkStation/Microsoft Corporation) 0x79760000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1208
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\E_FLMACE.DLL (EPSON Bi-directional Monitor/SEIKO EPSON CORPORATION) 0x50400000
Library C:\WINDOWS\system32\hpz3l5k2.dll (LanguageMonitor/Hewlett-Packard Company) 0x009B0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5k2.dll (Hewlett-Packard Corporation) 0x00D70000

Process c:\APPS\HIDSERVICE\HIDSERVICE.exe 1316
Library c:\APPS\HIDSERVICE\HIDSERVICE.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink MediaLibrary NT Service/Cyberlink) 1328
Library C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink MediaLibrary NT Service/Cyberlink) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll 0x10000000

Process C:\Program Files\WinRAR\WinRAR.exe 1404
Library C:\Program Files\WinRAR\WinRAR.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x012B0000

Process C:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1500
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x01D30000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x037A0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1564
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\program files\hp\digital imaging\bin\hpqddsvc.dll (HP CUE DeviceDiscovery Service/Hewlett-Packard Co.) 0x10000000
Library c:\program files\hp\digital imaging\bin\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library c:\program files\hp\digital imaging\bin\hpqcxs08.dll (HP CUE Context Manager Objects/Hewlett-Packard Co.) 0x14A00000
Library C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Co.) 0x14200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000

Process C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 1620
Library C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x048C0000

Process C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 1652
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe (AutoDetector/Ulead Systems, Inc.) 0x00400000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\u32Comm.dll (Error Handle/Ulead Systems, Inc.) 0x4A100000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\DetMethod.dll 0x10000000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor_Res.dll (AutoDetector/Ulead Systems, Inc.) 0x008A0000

Process C:\Apps\Powercinema\PCMService.exe (CyberLink PowerCinema Resident Program/CyberLink Corp.) 1660
Library C:\Apps\Powercinema\PCMService.exe (CyberLink PowerCinema Resident Program/CyberLink Corp.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\Apps\Powercinema\helper.dll (Helper.dll/CyberLink Corp.) 0x10000000
Library c:\Apps\Powercinema\Kernel\common\CLRCEngine3.dll (Cyberlink Remote Control Module for PCM/CyberLink Corp.) 0x012E0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x02360000
Library c:\Apps\Powercinema\Kernel\TV\CLCapX.dll (CLCapX/Cyberlink) 0x02150000

Process C:\apps\ABoard\ABoard.exe (Activboard Application/NEC Computers International) 1684
Library C:\apps\ABoard\ABoard.exe (Activboard Application/NEC Computers International) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\apps\ABoard\AHook.dll (AHook Dynamic Link Library/NEC Computers International) 0x10000000

Process C:\WINDOWS\VM301Snap.exe (Vimicro/Vimicro) 1692
Library C:\WINDOWS\VM301Snap.exe (Vimicro/Vimicro) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000

Process C:\apps\ABoard\AOSD.exe (ActivOSD Application/NEC Computers International) 1700
Library C:\apps\ABoard\AOSD.exe (ActivOSD Application/NEC Computers International) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00920000

Process C:\WINDOWS\Domino.exe 1712
Library C:\WINDOWS\Domino.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000

Process C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 1720
Library C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks Scheduler/RealNetworks, Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003F0000

Process C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe 1728
Library C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003E0000

Process C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe 1760
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
7 Juillet 2012 10:03:52

suite et fin:

Process C:\Program Files\Athan\Athan.exe ( Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. /www.IslamicFinder.org) 1768
Library C:\Program Files\Athan\Athan.exe ( Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. /www.IslamicFinder.org) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x013F0000
Library C:\Program Files\Athan\vbh.dll 0x10000000
Library C:\Program Files\Athan\vbp.dll 0x02570000
Library C:\Program Files\Athan\vbq.dll 0x02620000
Library C:\WINDOWS\system32\msdmo.dll 0x73600000
Library C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax 0x02E30000
Library C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/Gabest) 0x031F0000

Process C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.) 1784
Library C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 1792
Library C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\system32\RunDLL32.exe (Exécuter une DLL en tant qu'application/Microsoft Corporation) 1844
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\NvMCTray.dll (NVIDIA Media Center Library/NVIDIA Corporation) 0x10000000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 296.10 /NVIDIA Corporation) 0x00AC0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00A30000
Library C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll (NVIDIA Update Components, 1.7.11.0/NVIDIA Corporation) 0x01110000
Library C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL (Easy daemon API/NVIDIA Corporation) 0x013D0000
Library C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL (NVIDIA French language resource library/NVIDIA Corporation) 0x014B0000
Library C:\WINDOWS\system32\NVRSFR.DLL (NVIDIA French language resource library/NVIDIA Corporation) 0x02560000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1860
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00B00000

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 1944
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x10000000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00E40000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00260000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Co.) 2016
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Co.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x003D0000
Library C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll (HP U/I COM Objects/Hewlett-Packard Co.) 0x14000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc (CUE TrayApp Combined resource DLL/Hewlett-Packard Co.) 0x15000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll (HP Digital Imaging Monitor Objects (CUE)/Hewlett-Packard Co.) 0x15800000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll (HP All-in-One TrayAppPlugin/Hewlett-Packard Co.) 0x16600000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc (AiO TrayAppPlugIn Combined resource DLL/Hewlett-Packard Co.) 0x16750000
Library C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll (HP Digital Imaging Monitor PlugIn (AiO)/Hewlett-Packard Co.) 0x10000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll (HP RedBox Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01620000
Library C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll (HP Mars Interface Tray App PlugIn/Hewlett-Packard Co.) 0x01680000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Co.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Co.) 0x016F0000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/Hewlett-Packard) 0x01C40000
Library C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll (HP CUE DeviceDiscovery User/Hewlett-Packard Co.) 0x01910000
Library C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll (HP CUE DeviceDiscovery Common Library/Hewlett-Packard Co.) 0x3AF00000
Library C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll (Hewlett-Packard Market Research/Hewlett-Packard Co.) 0x01970000
Library C:\WINDOWS\system32\hpzidr12.dll (IEEE-1284.4-1999 Run-time library (kernel)/Hewlett-Packard) 0x01A00000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2200
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\windows\system32\hpzinw12.dll (Dot4Net Module/Hewlett-Packard) 0x00670000

Process C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) 2236
Library C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 296.10 /NVIDIA Corporation) 0x00E20000

Process C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 2336
Library C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2356
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\windows\system32\hpzipm12.dll (PmlDrv Module/Hewlett-Packard) 0x00670000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 2472
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00E60000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x035E0000

Process D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) 2476
Library D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\Rar$EX00.250\gmer.exe 2708
Library D:\DOCUME~1\SERVAL~1.KEA\LOCALS~1\Temp\Rar$EX00.250\gmer.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00F60000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2724
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process c:\APPS\Powercinema\Kernel\TV\CLSched.exe 2772
Library c:\APPS\Powercinema\Kernel\TV\CLSched.exe 0x00400000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library c:\Apps\Powercinema\Kernel\TV\CLCapSvcps.dll 0x10000000
Library c:\Apps\Powercinema\Kernel\TV\CLSchMgr.dll 0x01030000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 3228
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00D70000
Library C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_257.ocx (Adobe Flash Player 11.3 r300/Adobe Systems, Inc.) 0x10000000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 3440
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 3920
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library C:\PROGRA~1\GOTOSO~1\VADERE~1\VrOe_hook.dll 0x00E20000
Library C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_257.ocx (Adobe Flash Player 11.3 r300/Adobe Systems, Inc.) 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.3 r300/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [BOOT] amdagp
Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys (Wondershare Virtual Audio Device/Wondershare) [MANUAL] AsAudioDevice_349
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [BOOT] asc
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [BOOT] asc3550
Service c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [AUTO] CLCapSvc
Service c:\APPS\Powercinema\Kernel\TV\CLSched.exe [AUTO] CLSched
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (Pilote de bus PCI IDE CMD/CMD Technology, Inc.) [BOOT] CmdIde
Service C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (NT CLMLServer/Cyberlink) [AUTO] CyberLink Media Library Service
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [BOOT] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service c:\APPS\HIDSERVICE\HIDSERVICE.exe [AUTO] GenericHidService
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Programme d'installation de Google/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Programme d'installation de Google/Google Inc.) [MANUAL] gupdatem
Service C:\WINDOWS\system32\drivers\HdAudio.sys (High Definition Audio Function Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HdAudAddService
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys (Logitech PS2 Keyboard Filter Driver./Logitech, Inc.) [MANUAL] L8042Kbd
Service C:\WINDOWS\system32\DRIVERS\L8042mou.Sys (Logitech PS/2 Mouse Filter Driver./Logitech, Inc.) [MANUAL] L8042mou
Service C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech Consumer Control Filter Driver./Logitech, Inc.) [AUTO] LBeepKE
Service C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.) [MANUAL] LHidFilt
Service C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.) [MANUAL] LMouFilt
Service C:\WINDOWS\system32\DRIVERS\LMouKE.Sys (Logitech Filter Driver for Mouse Class./Logitech, Inc.) [MANUAL] LMouKE
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [BOOT] mraid35x
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module/Sony Corporation) [MANUAL] MSCSPTISRV
Service C:\APPS\Inventime\mysql\bin\mysqld-nt.exe [MANUAL] MysqlInventime
Service system32\drivers\nmwcdnsu.sys [MANUAL] nmwcdnsu
Service system32\drivers\nmwcdnsuc.sys [MANUAL] nmwcdnsuc
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Windows XP Miniport Driver, Version 296.10 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 296.10/NVIDIA Corporation) [AUTO] NVSvc
Service C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) [AUTO] nvUpdatusService
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (PACSPTISVR Module/Sony Corporation) [MANUAL] PACSPTISVR
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [BOOT] ql1280
Service C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [BOOT] sisagp
Service D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) [AUTO] Skype C2C Service
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [BOOT] Sparrow
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe (SPTISRV Module/Sony Corporation) [MANUAL] SPTISRV
Service C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (SonicStage Scsi I/F Server/Sony Corporation) [MANUAL] SSScsiSV
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [BOOT] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [BOOT] symc8xx
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [BOOT] sym_u3
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Gestionnaire de miniport ULTRA66 de Promise/Promise Technology, Inc.) [BOOT] ultra
Service system32\DRIVERS\usbser_lowerflt.sys [MANUAL] upperdev
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service system32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service Wmi
Service C:\WINDOWS\System32\Drivers\usbVM31b.sys (Video and Capture Device Driver/Vimicro Corporation) [MANUAL] ZSMC301b

---- EOF - GMER 1.0.15 ----
7 Juillet 2012 10:36:16

re bonjour, t'es toujours là?
7 Juillet 2012 11:03:01

re
euh, ce n'est pas une hotline...je te rappelle que l'on est tous bénévoles :o 
j'ai aussi une vie privée :D 


++++++

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs : Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

<@_@>

+++++++++++++++++++++
7 Juillet 2012 17:24:16

:)  rebonsoir voici le rapport... heuresement qu'il y a encore des bénévoles sinon je sais pas comment on s'en sortirait...:) 
en tous les cas merci beaucoup pour le temps que tu m'accordes, si t'as besoin d'un petit conseil juridique n'hésite pas, j'aime renvoyer l'ascenseur.


ComboFix 12-07-07.04 - Serval 07/07/2012 16:55:06.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.459 [GMT 2:00]
Lancé depuis: d:\documents and settings\Serval.Keaton\Bureau\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
c:\windows\iun6002.exe
c:\windows\system32\Thumbs.db
d:\documents and settings\Serval.Keaton\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
d:\documents and settings\Serval.Keaton\Application Data\PriceGong
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\1.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\2229.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\2259.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\4489.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\4519.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\a.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\b.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\c.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\d.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\e.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\f.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\g.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\h.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\i.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\j.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\k.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\l.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\m.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\mru.xml
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\n.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\o.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\p.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\q.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\r.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\s.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\t.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\u.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\v.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\w.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\wlu.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\x.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\y.txt
d:\documents and settings\Serval.Keaton\Application Data\PriceGong\Data\z.txt
d:\documents and settings\Serval.Keaton\Application Data\Uvyns
d:\documents and settings\Serval.Keaton\Application Data\Uvyns\qeary.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-07 au 2012-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-07 03:59 . 2012-07-07 06:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-06 03:42 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 08:14 . 2012-07-07 08:36 -------- d-----w- d:\documents and settings\Serval.Keaton\Application Data\Onebhi
2012-07-02 08:14 . 2012-07-02 08:14 -------- d-----w- d:\documents and settings\Serval.Keaton\Application Data\Fyxuc
2012-07-01 04:50 . 2012-07-01 04:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Freemake
2012-07-01 04:49 . 2012-07-01 04:49 -------- d-----w- c:\program files\Conduit
2012-07-01 04:49 . 2012-07-01 05:36 -------- d-----w- d:\documents and settings\Serval.Keaton\Local Settings\Application Data\Conduit
2012-06-13 04:45 . 2012-05-11 14:40 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 12:48 . 2012-04-22 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 12:48 . 2011-06-12 02:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-04 15:35 . 2008-10-16 12:07 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-16 17:06 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-16 17:06 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2004-08-16 17:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-16 17:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-16 17:06 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-16 16:39 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:07 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-16 17:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 12:09 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-16 17:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-04-14 01:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-04-14 01:58 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-16 16:40 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2004-08-16 16:41 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2009-04-13 06:46 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-16 16:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2009-04-13 06:46 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2009-04-13 06:46 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2009-04-13 06:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-14 198160]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\VLC\\vlc.exe"=
"c:\\apps\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [02/07/2009 12:18 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2012 05:42 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22/02/2012 08:22 2348352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2012 05:42 22344]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2012 05:44 136176]
S2 Skype C2C Service;Skype C2C Service;d:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 17:32 3048136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/04/2012 05:53 257224]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [12/10/2009 08:03 16640]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2012 05:44 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/07/2012 05:59 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:48]
.
2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 03:44]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 03:44]
.
2012-07-07 c:\windows\Tasks\User_Feed_Synchronization-{F64D6B84-E4A4-4AD6-834C-322E01E027A9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://yahoo.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Ereduxoh - d:\documents and settings\Serval.Keaton\Application Data\Uvyns\qeary.exe
AddRemove-Athan - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
Heure de fin: 2012-07-07 17:19:49
ComboFix-quarantined-files.txt 2012-07-07 15:19
.
Avant-CF: 4 609 126 400 octets libres
Après-CF: 4 567 511 040 octets libres
.
- - End Of File - - 3D6E53C941712604BAC7703A3BD1BF37
8 Juillet 2012 21:48:11

Bonsoir


étape 1

Copie (Ctrl+C) le texte ci-dessous :

Folder::
d:\documents and settings\serval.keaton\application data\Uvyns
d:\documents and settings\Serval.Keaton\Application Data\Onebhi
d:\documents and settings\Serval.Keaton\Application Data\Fyxuc
c:\program files\Conduit
d:\documents and settings\serval.keaton\local settings\application data\Conduit
d:\documents and settings\serval.keaton\application data\PriceGong



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    étape 2



    • Rends-toi sur cette page AdwCleaner de Xplode , clique sur Télécharger et enregistre le fichier sur ton Bureau
    • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Sur le menu principal, clique sur Recherche et patiente le temps de l'analyse
    • A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre. Poste le rapport dans ta prochaine réponse
      Le rapport se trouve sous C:\AdwCleaner[R].txt


      Tutoriel: AdwCleaner (Xplode)


    8 Juillet 2012 22:33:17

    windowsupdate refonctionne à nouveau, ça c'est déjà très bien :) 

    Maintenant le hic c'est juste le processeur qui fait un bruit monstre!!

    voilà pour le rapport combofix:
    ComboFix 12-07-08.01 - Serval 08/07/2012 22:10:33.2.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.449 [GMT 2:00]
    Lancé depuis: d:\documents and settings\Serval.Keaton\Bureau\ComboFix.exe
    Commutateurs utilisés :: d:\documents and settings\Serval.Keaton\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Conduit
    c:\program files\Conduit\Community Alerts\Alert.dll
    d:\documents and settings\Serval.Keaton\Application Data\Fyxuc
    d:\documents and settings\Serval.Keaton\Application Data\Fyxuc\foow.kid
    d:\documents and settings\Serval.Keaton\Application Data\Onebhi
    d:\documents and settings\serval.keaton\local settings\application data\Conduit
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\DialogsAPI.js
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\PIE.htc
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\settings.js
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Dialogs\version.txt
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\DynamicDialogs.zip
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1638461_1631433_FR.xml
    d:\documents and settings\serval.keaton\local settings\application data\Conduit\Community Alerts\LanguagePacks\en.xml
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-08 au 2012-07-08 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 03:59 . 2012-07-07 06:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-07-06 03:42 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-01 04:50 . 2012-07-01 04:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Freemake
    2012-06-13 04:45 . 2012-05-11 14:40 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-11 12:48 . 2012-04-22 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-11 12:48 . 2011-06-12 02:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-04 15:35 . 2008-10-16 12:07 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2004-08-16 17:06 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2004-08-16 17:06 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2004-08-16 17:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2004-08-16 17:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2004-08-16 17:06 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2004-08-16 16:39 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2008-10-16 12:08 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2008-10-16 12:07 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2004-08-16 17:06 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2008-10-16 12:09 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2004-08-16 17:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:18 . 2009-04-14 01:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2009-04-14 01:58 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22 . 2004-08-16 16:40 606208 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:06 . 2004-08-16 16:41 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:55 . 2009-04-13 06:46 1863296 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:40 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:40 . 2004-08-16 16:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-05 03:15 . 2009-04-13 06:46 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-05 03:14 . 2009-04-13 06:46 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:47 . 2009-04-13 06:46 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-07_15.14.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-07-08 19:54 . 2012-07-08 19:54 16384 c:\windows\Temp\Perflib_Perfdata_38c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ereduxoh"="d:\documents and settings\Serval.Keaton\Application Data\Uvyns\qeary.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
    "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
    "BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-14 198160]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
    "Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
    "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
    "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\APPS\\Inventime\\my.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\adslTV\\adsltv.exe"=
    "c:\\Program Files\\adslTV\\VLC\\vlc.exe"=
    "c:\\apps\\skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [02/07/2009 12:18 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/07/2012 05:42 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22/02/2012 08:22 2348352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/07/2012 05:42 22344]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2012 05:44 136176]
    S2 Skype C2C Service;Skype C2C Service;d:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 17:32 3048136]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/04/2012 05:53 257224]
    S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [12/10/2009 08:03 16640]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2012 05:44 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/07/2012 05:59 40776]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:48]
    .
    2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 03:44]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-06 03:44]
    .
    2012-07-08 c:\windows\Tasks\User_Feed_Synchronization-{F64D6B84-E4A4-4AD6-834C-322E01E027A9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://yahoo.fr/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-08 22:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
    "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
    .
    Heure de fin: 2012-07-08 22:26:54
    ComboFix-quarantined-files.txt 2012-07-08 20:26
    ComboFix2.txt 2012-07-07 15:19
    .
    Avant-CF: 4 554 330 112 octets libres
    Après-CF: 4 530 405 376 octets libres
    .
    - - End Of File - - 8B87C28A775FDAB401F830E0A0D8B83F
    8 Juillet 2012 22:35:49

    # AdwCleaner v1.701 - Rapport créé le 08/07/2012 à 22:35:26
    # Mis à jour le 02/07/2012 par Xplode
    # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d'utilisateur : Serval - Keaton
    # Exécuté depuis : D:\Documents and Settings\Serval.Keaton\Bureau\adwcleaner.exe
    # Option [Recherche]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Dossier Présent : D:\Documents and Settings\All Users\Application Data\boost_interprocess
    Dossier Présent : C:\Program Files\Ilivid

    ***** [Registre] *****

  • Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
    Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
    Clé Présente : HKCU\Software\Conduit
    Clé Présente : HKCU\Software\ConduitSearchScopes
    Clé Présente : HKLM\SOFTWARE\Conduit
    Clé Présente : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Clé Présente : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Clé Présente : HKLM\SOFTWARE\Viewpoint

    ***** [Registre - GUID] *****

    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
    Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
    Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

    ***** [Navigateurs] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Le registre ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [1887 octets] - [08/07/2012 22:35:26]

    ########## EOF - D:\AdwCleaner[R1].txt - [2015 octets] ##########
    8 Juillet 2012 22:43:44

    re

    Citation :
    Maintenant le hic c'est juste le processeur qui fait un bruit monstre!!

    comment ça?
    c'est normal qu'il fasse un peu de bruit pendant l’exécution de Combofix, mais après, ton pc doit tourner normalement. :) 


    • Ferme toutes les applications, y compris ton navigateur
    • Relance AdwCleaner par un double-clique sur l'icône AdwCleaner0.exe.
      /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
    • Sur le menu principal, clique sur Suppression et patiente le temps de l'analyse
    • A la fin du scan, un rapport AdwCleaner.txt s'ouvre. Poste le rapport dans ta prochaine réponse
      Le rapport se trouve sous C:\AdwCleaner.txt

      Tutoriel: AdwCleaner (Xplode)


  • +++++++++++++++++++++++++++++++++++++++++

    9 Juillet 2012 03:35:43

    # AdwCleaner v1.701 - Rapport créé le 09/07/2012 à 03:29:11
    # Mis à jour le 02/07/2012 par Xplode
    # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d'utilisateur : Serval - Keaton
    # Exécuté depuis : D:\Documents and Settings\Serval.Keaton\Bureau\adwcleaner.exe
    # Option [Suppression]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : D:\Documents and Settings\All Users\Application Data\boost_interprocess
    Dossier Supprimé : C:\Program Files\Ilivid

    ***** [Registre] *****

  • Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
    Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
    Clé Supprimée : HKCU\Software\Conduit
    Clé Supprimée : HKCU\Software\ConduitSearchScopes
    Clé Supprimée : HKLM\SOFTWARE\Conduit
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Clé Supprimée : HKLM\SOFTWARE\Viewpoint

    ***** [Registre - GUID] *****

    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

    ***** [Navigateurs] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Le registre ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [2016 octets] - [08/07/2012 22:35:26]
    AdwCleaner[R2].txt - [2076 octets] - [08/07/2012 22:36:11]
    AdwCleaner[S1].txt - [2026 octets] - [09/07/2012 03:29:11]

    ########## EOF - D:\AdwCleaner[S1].txt - [2154 octets] ##########

    Re bonsoir,

    Le bruit n'est pas engendré par Combofix mais par iexplore.exe qui utilise 50% de l'UC
    9 Juillet 2012 04:16:34

    Par exemple deux pages internet ouvertes ça bouffe 50%¨de mon process
    9 Juillet 2012 21:04:41

    Bonsoir
    on va regarder de plus près:


  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • sous Personnalisation (dans le cadre blanc), copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    nslookup http://www.google.fr /c
    SAVEMBR:0
    CREATERESTOREPOINT



  • Enfin, clique sur le bouton Analyse. Laisse travailler l'outil.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
    Utilise ce service:
    http://pjjoint.malekal.com/
    Poste les liens.

    10 Juillet 2012 15:10:06

    Bonjour

    ton pc n'est pas tout jeune non plus... en plus, vu la tonne de programmes installés dessus... Tu devrais faire un bon coup de ménage là dedans. :D 

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation (dans le cadre blanc) en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
    O4 - HKCU..\Run: [Ereduxoh] "D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns\qeary.exe" File not found

    :files
    D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns

    :reg
    [HKEY_CURRENT_USER\Control Panel\Desktop]
    "MenuShowDelay"="100"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
    "AlwaysUnloadDll"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "link"=hex:00,00,00,00
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "EnableBalloonTips"=dword:00000000
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
    "IconStreams"=-
    "PastIconsStream"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
    "SetCommand"=dword:00000001
    "SecurityLevel"=dword:00000001
    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.


    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
    12 Juillet 2012 05:31:26

    Bonjour;

    J'ai essayé plusieurs fois de faire la manip sur OTL, le souci c'est que mon pc plante quand j'appuie sur le bouton correction.
    Pourtant j'ai désactivé malware et je n'ai pas d'antivirus.
    J'ai bien copié dans l'espace personnalisation ça:
    :o TL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
    O4 - HKCU..\Run: [Ereduxoh] "D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns\qeary.exe" File not found

    :files
    D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns

    :reg
    [HKEY_CURRENT_USER\Control Panel\Desktop]
    "MenuShowDelay"="100"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
    "AlwaysUnloadDll"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "link"=hex:00,00,00,00
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "EnableBalloonTips"=dword:00000000
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
    "IconStreams"=-
    "PastIconsStream"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
    "SetCommand"=dword:00000001
    "SecurityLevel"=dword:00000001
    :commands
    [emptytemp]
    [reboot]
    12 Juillet 2012 14:14:36

    Bonjour
    on va modifier la personnalisation:
    le pc va redémarrer donc tu laisse la procédure suivre son cours.

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Personnalisation (dans le cadre blanc) en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :processes
    killallprocesses

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
    O4 - HKCU..\Run: [Ereduxoh] "D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns\qeary.exe" File not found

    :files
    D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Correction en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.


    <@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**


    13 Juillet 2012 11:57:51

    Salut :) 

    Quand j'appuie sur le bouton correction après avoir copié collé les éléments que tu m'as indiqués dans l'onglet personnalisation.
    Explorer s'arrête et OTL plante et ne répond plus!
    Que faire?

    Merci de ton aide!
    13 Juillet 2012 16:18:11

    Bonjour
    c'est normal, il faut que tu patientes et que tu laisses travailler l'outil.
    14 Juillet 2012 05:18:21

    Salut je viens de comprendre pourquoi OTL plantait parce que dans la personnalisation je laissais les espaces entre le début du texte et la fin !
    :) 
    Pourquoi ça que ça ne démarrait pas!

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ereduxoh not found.
    ========== FILES ==========
    File\Folder D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Administrateur.Keaton
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3686027 bytes
    ->Flash cache emptied: 492 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 16786 bytes

    User: LocalService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService.AUTORITE NT.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.AUTORITE NT.001
    ->Temp folder emptied: 0 bytes

    User: LocalService.AUTORITE NT.002
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.001
    ->Temp folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.002
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Serval

    User: Serval.Keaton
    ->Temp folder emptied: 15162515 bytes
    ->Temporary Internet Files folder emptied: 107001142 bytes
    ->Java cache emptied: 7752112 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 44775 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39138 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7024560 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 134,00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07142012_050835

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    14 Juillet 2012 05:25:07

    Voici le rapport d'OTL lorsque je copie la première personnalisation que tu m'avais donnée.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ereduxoh not found.
    ========== FILES ==========
    File\Folder D:\Documents and Settings\Serval.Keaton\Application Data\Uvyns not found.
    ========== REGISTRY ==========
    HKEY_CURRENT_USER\Control Panel\Desktop\\"MenuShowDelay"|"100" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\"link"|hex:00,00,00,00 /E : value set successfully!
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"EnableBalloonTips"|dword:00000000 /E : value set successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\IconStreams deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\PastIconsStream deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrateur.Keaton
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.AUTORITE NT.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.AUTORITE NT.001
    ->Temp folder emptied: 0 bytes

    User: LocalService.AUTORITE NT.002
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.001
    ->Temp folder emptied: 0 bytes

    User: NetworkService.AUTORITE NT.002
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Serval

    User: Serval.Keaton
    ->Temp folder emptied: 83594 bytes
    ->Temporary Internet Files folder emptied: 18820291 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 996 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6292 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18,00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07142012_052106

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    14 Juillet 2012 16:57:23

    Bonjour
    pour moi, tu n'es plus infecté.

    On va vérifier que plusieurs programmes sont bien à jour:


    • Télécharge SX Check&Update (de igor 51) sur ton Bureau.

      /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
    • Double-clique sur SXC&U.exe situé sur ton Bureau pour le lancer.

    • Au menu principal, choisis l'option Rapport.




    • Poste le rapport qui s'affiche à ton écran.

  • /!\ Pense à réactiver ton antivirus /!\
    14 Juillet 2012 17:22:36

    Re!
    Je ne suis pas infecté? et pourtant toujours le même souci mon processeur qui "hurle", enfin t'as sans doute raison faut que j'en change!

    Sinon je n'ai pas d'antivirus que me conseilles tu?

    Voici le rapport: SX Check&Update
    Lien vers le tutoriel : http://forum.security-x.fr/tutoriels-317/tutoriel-sx-ch...
    ---
    Windows Version : Windows XP 32 bits
    Service Pack : 3
    UserName : Serval
    14/07/2012
    17:20:09
    version = v0.2.4
    ---
    Windows Update Information :
    AUOptions : 4
    Automatically, no notification
    ---
    Name : FlashPlayer ActiveX
    Version : 11.3.300.265
    Flash Player ActiveX est à jour

    Name : FlashPlayer Plugin
    Version : 10.0.32.18
    Flash Player Plugin n'est pas à jour! (11.3.300.265)

    Java Information :
    Nom : Java(TM) 6 Update 26
    Version : 6.0.260
    Java(TM) 6 Update 26 n'est pas à jour! (6.0.330)

    Name : Adobe Reader 9.5.1 - Français
    Version : 9.5.1
    Adobe Reader est à jour

    Name : Spelling Dictionaries Support For Adobe Reader 9
    Version : 9.0.0
    Adobe Reader n'est pas à jour! (9.5.1)

    Nom : Internet Explorer
    Version : 8.0.6001.18702

    15 Juillet 2012 19:13:04

    re
    avast
    http://forum.security-x.fr/tutoriels-317/%28tutoriel%29...!-antivirus-gratuit/


    Lis bien:
    http://www.malekal.com/2010/11/15/maintenir-java-adobe-...

    relance SX Check&Update
    • Au menu principal, clique sur le bouton Update Flash et installe la nouvelle version Flash Player sous chaque navigateur qui s'est ouvert, Internet Explorer et Firefox dans ton cas
      A titre indicatif, la page de téléchargement http://get.adobe.com/fr/flashplayer/
    • Ensuite, clique sur le bouton Update Java et installe la dernière version proposée
      A titre indicatif, la page de téléchargement http://www.java.com/fr/download/
    • Ensuite, clique sur le bouton Update Adobe Reader et installe la dernière version proposée
      A titre indicatif, la page de téléchargement http://get.adobe.com/fr/reader/?promoid=HTEGU
    • N'oublie pas de décocher à chaque fois les options proposées (Barre Google et autre)




      Supprime/Désinstalle tous les programmes utilisés pour la désinfection.

      Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



      Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

      Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

      Lire aussi:
    • Antispyware gratuit : ça sert à rien!

      ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

      Clique ensuite sur "Valider votre message"

      :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS