Se connecter / S'enregistrer
Votre question

Bizarrare--bizarre

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Mars 2010 18:30:17

bonjour...Qui pourrait m' éclairer sur se programme..HKLM RUM:( BisonInst0402)C:Windows BRO40286.exe PC Acer 5720ZG merci ce serait sympa ..

Autres pages sur : bizarrare bizarre

12 Mars 2010 22:05:49

Bonsoir
tu as une imprimante Brother?
13 Mars 2010 00:32:49

bonsoir..non mon imprimante LEXMARK.. et si c etait lié a la wbcam ??
a c 296 8 Sécurité
a b 9 Windows
13 Mars 2010 01:32:33

Bonjour,

Je vois que c'est écrit "Bison" donc ça peut être la webcam.
13 Mars 2010 11:25:07

Bonjour..merci de t interesser a mon probleme..ta premiere idée etait la bonne..recherche + approfondi c est les rubans pour l imprimante...mais je l ai decoché quand meme de ma page de démarage..Merci encore ..bon week end
13 Mars 2010 23:58:49

bon surf
:hello: 
14 Mars 2010 21:06:05

Sham bonsoir..j espere ne pas abuser..mes recherches suite a une clé du registre infecté(analyse Malwarebytes anti malware) programme mis en quarantaine avast anti virus..Downloads/ install jre6u10 windows..infection NSiS : Fake Inst ca fait peur au dedut..mais mon pc apparemment se comporte normalement.. Ca serait sympa Sham si tu me donnais la marche a suivre pour remettre cela en ordre..bonne soirée
14 Mars 2010 21:46:42

re
Citation :
Ca serait sympa Sham si tu me donnais la marche a suivre pour remettre cela en ordre..bonne soirée

Moi ou Destrio hein??? ;) 


1
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    2
  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

    15 Mars 2010 12:14:19

    Sham..bonjour..Je te poste mon rapport DDS.txt.


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by luc jean at 11:56:46,68 on 15/03/2010
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1118 [GMT 1:00]

    AV: avast! antivirus 4.8.1229 [VPS 090213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: avast! antivirus 4.8.1229 [VPS 090213-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\LUCJEA~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\luc jean\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uWindow Title = Windows Internet Explorer fourni par Yahoo!
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    mDefault_Page_URL = hxxp://fr.fr.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Barre d'outils: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Lexmark Barre d'outils: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Acer Tour Reminder]
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; yie8)" -"http://www.candystand.com/play/gp-team-challenge"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [Acer Tour]
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [eRecoveryService]
    mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Skytel] Skytel.exe
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL eNetHook.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\lucjea~1\appdata\roaming\mozilla\firefox\profiles\qemwyd39.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - component: c:\users\luc jean\appdata\roaming\mozilla\firefox\profiles\qemwyd39.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
    FF - component: c:\users\luc jean\appdata\roaming\mozilla\firefox\profiles\qemwyd39.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-20 114768]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-9-17 13560]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-10 50688]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-20 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-12-1 53328]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-20 138680]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-8-10 32256]
    S2 gupdate1c9d17a842f08a0;Service Google Update (gupdate1c9d17a842f08a0);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-20 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-20 352920]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-10 179712]
    S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-10 54632]
    S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-18 30192]
    S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-4-18 42376]
    S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-4-18 66952]
    S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-4-18 81288]
    S3 marlbus;NEC WMC USB_AD1 Composite Device driver (WDM);c:\windows\system32\drivers\marlbus.sys [2005-7-16 58352]
    S3 marlmdfl;NEC WMC USB_AD1 Modem Filter;c:\windows\system32\drivers\marlmdfl.sys [2005-7-16 8272]
    S3 marlmdm;NEC WMC USB_AD1 Modem Drivers;c:\windows\system32\drivers\marlmdm.sys [2005-7-16 93968]
    S3 marlobex;NEC WMC USB_AD1 OBEX Interface Drivers (WDM);c:\windows\system32\drivers\marlobex.sys [2005-7-16 83344]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-18 747912]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-18 948616]
    S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-11-28 80744]

    =============== Created Last 30 ================

    2010-03-13 07:58:00 0 d-----w- c:\users\lucjea~1\appdata\roaming\Malwarebytes
    2010-03-13 07:57:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-13 07:57:53 0 d-----w- c:\programdata\Malwarebytes
    2010-03-13 07:57:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-13 07:57:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-11 18:35:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-03-11 18:35:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-03-11 18:35:19 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-03-10 20:55:10 0 d-----w- c:\windows\pss
    2010-02-25 20:48:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-02-25 18:59:17 279440 ----a-w- c:\windows\system32\drivers\~GLH0013.TMP
    2010-02-24 16:19:47 0 d-----w- c:\users\lucjea~1\appdata\roaming\LimeWire
    2010-02-24 16:18:21 0 d-----w- c:\program files\LimeWire
    2010-02-24 15:40:16 0 d-----w- c:\programdata\CheckPoint
    2010-02-24 15:40:15 279440 ----a-w- c:\windows\system32\drivers\~GLH0014.TMP
    2010-02-24 15:35:04 0 d-----w- c:\windows\Internet Logs
    2010-02-24 13:43:21 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-24 13:42:17 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-24 13:42:17 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-02-24 13:42:13 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-24 13:42:12 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-24 13:42:12 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-24 13:42:12 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-24 13:42:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-24 13:42:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-24 13:42:10 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-02-24 13:42:04 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-02-24 13:42:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-02-24 13:42:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-02-23 16:38:36 0 d-----w- c:\program files\CCleaner
    2010-02-14 10:33:18 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-14 10:33:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

    ==================== Find3M ====================

    2010-03-07 18:05:21 27620 ----a-w- c:\users\lucjea~1\appdata\roaming\nvModes.dat
    2010-03-07 14:17:19 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-07 14:17:19 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2010-02-28 14:23:25 86016 ----a-w- c:\windows\inf\infpub.dat
    2010-02-28 14:23:25 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-02-28 14:23:25 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-19 17:47:35 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-10-11 20:20:50 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
    2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
    2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-10-24 19:39:05 262144 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 11:57:29,02 ===============
    15 Mars 2010 12:39:07

    voila le rapport de la 2 em partie

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-15 12:35:06
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    MERCI
    15 Mars 2010 21:45:26

    ok
    poste le rapport de scan que tu as fait avec MBAM (il est dans l'onglet rapports/logs)
    15 Mars 2010 21:59:42

    bonsoir ,
    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3862
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    13/03/2010 10:10:39
    mbam-log-2010-03-13 (10-10-29).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 221610
    Temps écoulé: 1 hour(s), 2 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    16 Mars 2010 18:12:38

    re
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
    Quand l'outil a trouvé quelque-chose, à la fin, il faut cliquer sur "Supprimer la sélection". ;) 

    ça me semble propre...

    @ Destrio tu vois quelque-chose??? ;) 
    16 Mars 2010 18:36:58

    OK MERCI...Pour le programme mis en quarantaine par avast je peux le supprimer ?? (je t en ai parlé dans mes premiers messages) Vous etes vraiment une communauté sympa..
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS