Votre question

Virus, Yoog Search

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Janvier 2009 12:26:58

Bonjour,

Je suis infectée par ce virus, enfin plutôt cette barre de recherche... Je n'arrive pas à la retirer, j'ai fais tourner : CCleaner, Spybot, Hitjack this, AVG.

Voila

=)

Autres pages sur : virus yoog search

15 Janvier 2009 17:51:10

Personne pour m'aider?
15 Janvier 2009 20:45:03

bonsoir
~Lance Hijackthis.exe "do a system scan & save log file",et fais un copier coller du rapport généré dans ton prochain post.


Contenus similaires
15 Janvier 2009 21:12:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:25, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\npc\bin\npcsvc32.exe
C:\Program Files\Norman\npc\bin\nuaa.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: cpmsky browser enhancer - {295F6CC5-F585-E322-637A-CC6C662F130B} - C:\Windows\system32\l.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nvavnopxiiwboql] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\l.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081110
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 11711 bytes
15 Janvier 2009 21:53:03

re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


ajoute un nouveau rapport Hijackthis.

15 Janvier 2009 23:03:26

J'ai lancée Combofix, je n'ai que ce fichier text:

ComboFix 09-01-13.04 - Floue 2009-01-15 22:45:50.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1473 [GMT 1:00]
Lancé depuis: C:\Users\Floue\Desktop\ComboFix.exe
.

Ca à d'ailleurs créé un soucis sur mon pc qui à du réparer des erreurs au démarrage... (Il n'arrivait pas à relancer windows).


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01, on 2009-01-15
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\VM30xSnap.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcfgex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: adzgalore - {07e8be77-e571-d78f-aad4-2fefcc69c7a8} - C:\Windows\system32\nsv342C.dll (file missing)
O2 - BHO: (no name) - {295F6CC5-F585-E322-637A-CC6C662F130B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [nvavnopxiiwboql] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\l.dll"
O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
O9 - Extra button: Résumer - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O9 - Extra 'Tools' menuitem: Résumer avec Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9338 bytes

15 Janvier 2009 23:06:37

re
on va se débrouiller autrement...

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    15 Janvier 2009 23:12:12

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Floue at 2009-01-15 23:09:05
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 23 GB (24%) free of 96 GB
    Total RAM: 3070 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:09, on 2009-01-15
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\VM30xSnap.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgcfgex.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Floue\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Floue.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: adzgalore - {07e8be77-e571-d78f-aad4-2fefcc69c7a8} - C:\Windows\system32\nsv342C.dll (file missing)
    O2 - BHO: (no name) - {295F6CC5-F585-E322-637A-CC6C662F130B} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [nvavnopxiiwboql] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\l.dll"
    O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
    O9 - Extra button: Résumer - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra 'Tools' menuitem: Résumer avec Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 9299 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\User_Feed_Synchronization-{B15FAE3A-606F-45D0-AB1D-06F74B0F8712}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07e8be77-e571-d78f-aad4-2fefcc69c7a8}]
    adzgalore - C:\Windows\system32\nsv342C.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{295F6CC5-F585-E322-637A-CC6C662F130B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-13 1078552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-13 1968920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-13 1968920]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
    "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-08 29744]
    "Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480]
    "nvavnopxiiwboql"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
    "VM30xSnap"=VM30xSnap.exe Vimicro USB PC Camera (ZC030x) []
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-13 1601304]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
    "PMCRemote"= []
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
    "PMCLoader"=C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [2008-05-14 644368]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-22 1830128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mirc]
    C:\WINDOWS\WINCRA\mirc.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Floue^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Floue^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
    C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa11b52-97b6-11dd-a86a-00030d9cff55}]
    shell\AutoRun\command - G:\RunGame.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa11b53-97b6-11dd-a86a-00030d9cff55}]
    shell\AutoRun\command - H:\Autorun.exe


    ======File associations======

    .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

    ======List of files/folders created in the last 1 months======

    2009-01-15 23:09:05 ----D---- C:\rsit
    2009-01-15 22:53:27 ----D---- C:\Windows\Minidump
    2009-01-15 22:45:13 ----D---- C:\ComboFix(0)
    2009-01-15 22:40:15 ----A---- C:\Windows\zip.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\VFIND.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\SWXCACLS.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\SWSC.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\SWREG.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\sed.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\NIRCMD.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\grep.exe
    2009-01-15 22:40:15 ----A---- C:\Windows\fdsv.exe
    2009-01-15 22:40:09 ----D---- C:\ComboFix
    2009-01-15 22:40:09 ----A---- C:\Windows\system32\CF21883.exe
    2009-01-15 22:40:04 ----A---- C:\Windows\system32\cmd.execf
    2009-01-15 22:38:16 ----D---- C:\Windows\ERDNT
    2009-01-15 22:38:16 ----D---- C:\Qoobox
    2009-01-15 22:38:14 ----A---- C:\Windows\system32\CF21498.exe
    2009-01-15 22:38:13 ----A---- C:\Windows\system32\swsc.exe
    2009-01-15 18:27:35 ----D---- C:\ProgramData\SUPERAntiSpyware.com
    2009-01-15 18:27:16 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-01-15 18:27:15 ----D---- C:\Users\Floue\AppData\Roaming\SUPERAntiSpyware.com
    2009-01-15 18:26:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-01-13 00:37:35 ----A---- C:\Windows\system32\avgrsstx.dll
    2009-01-11 20:54:16 ----D---- C:\Users\Floue\AppData\Roaming\Samsung
    2009-01-11 20:04:30 ----D---- C:\Windows\system32\Samsung_USB_Drivers
    2009-01-11 20:03:43 ----D---- C:\Program Files\Samsung
    2009-01-10 23:12:04 ----D---- C:\Users\Floue\AppData\Roaming\Shareaza
    2009-01-10 23:12:04 ----D---- C:\Program Files\Shareaza
    2009-01-10 21:24:34 ----A---- C:\Windows\ntbtlog.txt
    2009-01-04 12:41:22 ----A---- C:\Windows\system32\javaws.exe
    2009-01-04 12:41:22 ----A---- C:\Windows\system32\javaw.exe
    2009-01-04 12:41:22 ----A---- C:\Windows\system32\java.exe
    2009-01-04 12:06:23 ----D---- C:\Users\Floue\AppData\Roaming\LimeWire
    2009-01-04 12:05:40 ----D---- C:\Program Files\LimeWire
    2009-01-04 00:11:08 ----A---- C:\Windows\system32\mshtml.dll
    2009-01-04 00:09:26 ----A---- C:\Windows\system32\tzres.dll
    2009-01-03 23:59:45 ----D---- C:\Program Files\Microsoft
    2009-01-03 23:59:12 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-01-03 23:56:13 ----D---- C:\Program Files\Common Files\Windows Live
    2009-01-03 23:48:28 ----D---- C:\Program Files\Alwil Software
    2009-01-03 22:01:32 ----A---- C:\Windows\system32\gdi32.dll
    2009-01-03 22:01:26 ----A---- C:\Windows\system32\Apphlpdm.dll
    2009-01-03 22:01:25 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2009-01-03 22:01:15 ----A---- C:\Windows\system32\shell32.dll
    2009-01-03 22:01:08 ----A---- C:\Windows\explorer.exe
    2009-01-03 22:01:01 ----A---- C:\Windows\system32\urlmon.dll
    2009-01-03 22:01:01 ----A---- C:\Windows\system32\ieframe.dll
    2009-01-03 22:01:00 ----A---- C:\Windows\system32\wininet.dll
    2009-01-03 22:01:00 ----A---- C:\Windows\system32\mstime.dll
    2009-01-03 22:00:59 ----A---- C:\Windows\system32\jsproxy.dll
    2009-01-03 22:00:59 ----A---- C:\Windows\system32\iertutil.dll
    2009-01-03 22:00:55 ----A---- C:\Windows\system32\mf.dll
    2009-01-03 22:00:53 ----A---- C:\Windows\system32\WMVCORE.DLL
    2009-01-03 22:00:52 ----A---- C:\Windows\system32\WMNetMgr.dll
    2009-01-03 22:00:52 ----A---- C:\Windows\system32\logagent.exe

    ======List of files/folders modified in the last 1 months======

    2009-01-16 07:51:31 ----D---- C:\Windows\system32\config
    2009-01-16 07:51:28 ----D---- C:\Windows\Tasks
    2009-01-16 07:51:28 ----D---- C:\Windows\system32\fr-FR
    2009-01-16 07:51:28 ----D---- C:\Windows\system32\catroot2
    2009-01-16 07:51:24 ----D---- C:\Windows\system32\wbem
    2009-01-16 07:51:24 ----D---- C:\Windows\registration
    2009-01-15 23:09:13 ----D---- C:\Windows\Temp
    2009-01-15 22:59:27 ----D---- C:\Windows\System32
    2009-01-15 22:59:27 ----D---- C:\Windows\inf
    2009-01-15 22:59:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-01-15 22:54:21 ----D---- C:\Windows\Prefetch
    2009-01-15 22:53:27 ----D---- C:\Windows
    2009-01-15 22:52:41 ----SHD---- C:\System Volume Information
    2009-01-15 22:47:15 ----D---- C:\Windows\system32\drivers
    2009-01-15 22:47:14 ----D---- C:\Windows\AppPatch
    2009-01-15 22:47:14 ----D---- C:\Program Files\Common Files
    2009-01-15 18:27:35 ----HD---- C:\ProgramData
    2009-01-15 18:27:27 ----SHD---- C:\Windows\Installer
    2009-01-15 18:27:16 ----D---- C:\Program Files
    2009-01-15 12:37:46 ----HD---- C:\$AVG8.VAULT$
    2009-01-14 23:21:23 ----D---- C:\Users\Floue\AppData\Roaming\OpenOffice.org2
    2009-01-14 19:12:15 ----D---- C:\Windows\winsxs
    2009-01-14 19:07:32 ----D---- C:\Windows\system32\catroot
    2009-01-14 19:07:28 ----D---- C:\Program Files\Windows Mail
    2009-01-14 19:03:12 ----D---- C:\Windows\Debug
    2009-01-13 00:36:44 ----D---- C:\ProgramData\avg8
    2009-01-13 00:31:57 ----SD---- C:\Users\Floue\AppData\Roaming\Microsoft
    2009-01-11 20:03:42 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-01-11 16:57:46 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-11 16:57:46 ----A---- C:\Windows\system32\cont_adzgalore-remove.exe
    2009-01-10 21:53:02 ----SD---- C:\ProgramData\Microsoft
    2009-01-10 21:26:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe
    2009-01-04 12:44:52 ----D---- C:\Program Files\Google
    2009-01-04 12:43:16 ----D---- C:\ProgramData\Microsoft Help
    2009-01-04 12:41:20 ----D---- C:\Program Files\Java
    2009-01-04 12:36:51 ----D---- C:\Program Files\Common Files\Macromedia
    2009-01-04 12:36:50 ----D---- C:\Program Files\Macromedia
    2009-01-04 12:36:08 ----D---- C:\Program Files\DivX
    2009-01-04 12:35:59 ----D---- C:\Program Files\Common Files\PX Storage Engine
    2009-01-04 12:14:22 ----D---- C:\Windows\rescache
    2009-01-04 11:55:56 ----D---- C:\ProgramData\Google
    2009-01-04 11:54:52 ----D---- C:\ProgramData\eMule
    2009-01-04 11:52:21 ----D---- C:\Program Files\Norman
    2009-01-03 23:59:26 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-01-03 23:58:50 ----D---- C:\Program Files\Windows Live

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-01-13 23832]
    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-13 324872]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-13 27656]
    R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-13 107272]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
    R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-01-11 5632]
    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 3155456]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
    R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
    S3 aya4rb7u;aya4rb7u; C:\Windows\system32\drivers\aya4rb7u.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-17 15360]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 Ltn_stk7070P;PCTV based TV tuner device; C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
    S3 Ltn_stkrc;PCTV Infrared Receiver; C:\Windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
    S3 VM30xx86;Vimicro USB PC Camera (ZC0301); C:\Windows\System32\Drivers\vm30xx86.sys [2007-02-15 1294464]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
    S3 ZSMC301b;Look 312P; C:\Windows\System32\Drivers\usbVM31b.sys [2004-03-19 90968]
    S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-11 610304]
    R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-13 903960]
    R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-13 298264]
    R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-13 1339600]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
    R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-19 72704]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-08 29744]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    -----------------EOF-----------------




    info.txt logfile of random's system information tool 1.05 2009-01-15 23:09:28

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNNeroVision.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
    AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Contextual Tool Adzgalore-->C:\Windows\system32\cont_adzgalore-remove.exe
    Copernic Summarizer-->"C:\Windows\CopernicSummarizerUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Summarizer\unwise.dat"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Frozen-Bubble 1.0-->"C:\Program Files\Frozen-Bubble\unins000.exe"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
    Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
    Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}
    Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
    Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Nero 8 Essentials-->MsiExec.exe /X{854C47D1-C2A0-4492-8655-C3F8D49C1036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    Pinnacle TVCenter Pro-->"C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -runfromtemp -l0x040c -removeonly
    PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
    RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Search Assistant Mysidesearch-->C:\Windows\system32\l-uninst.exe
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    SystemDiagnostics-->MsiExec.exe /X{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Vimicro USB PC Camera (ZC0301PL)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9
    Vimicro USB PC Camera-->C:\Program Files\InstallShield Installation Information\{133EE96D-DBA6-4644-84A4-B2794505D669}\setup.exe -runfromtemp -l0x0009 -removeonly
    VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
    Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe

    =====HijackThis Backups=====

    O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.1\LuckyTender.dll (file missing)
    O13 - Gopher Prefix:
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
    O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081110
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AS: Windows Defender
    AS: SUPERAntiSpyware (disabled)

    System event log

    Computer Name: Papyrus
    Event Code: 1103
    Message: Votre ordinateur a obtenu une adresse auprès du réseau, et vous pouvez maintenant vous connecter à d'autres ordinateurs.
    Record Number: 40858
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090115220446.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1103
    Message: Votre ordinateur a obtenu une adresse auprès du réseau, et vous pouvez maintenant vous connecter à d'autres ordinateurs.
    Record Number: 40859
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090115220546.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1103
    Message: Votre ordinateur a obtenu une adresse auprès du réseau, et vous pouvez maintenant vous connecter à d'autres ordinateurs.
    Record Number: 40860
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090115220646.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1103
    Message: Votre ordinateur a obtenu une adresse auprès du réseau, et vous pouvez maintenant vous connecter à d'autres ordinateurs.
    Record Number: 40861
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090115220746.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1103
    Message: Votre ordinateur a obtenu une adresse auprès du réseau, et vous pouvez maintenant vous connecter à d'autres ordinateurs.
    Record Number: 40862
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090115220846.000000-000
    Event Type: Information
    User:

    Application event log

    Computer Name: Papyrus
    Event Code: 1
    Message: Le client des services de certification a démarré correctement.
    Record Number: 7019
    Source Name: Microsoft-Windows-CertificateServicesClient
    Time Written: 20090115215407.547878-000
    Event Type: Information
    User: AUTORITE NT\SYSTEM

    Computer Name: Papyrus
    Event Code: 1
    Message: Le service Centre de sécurité Windows a démarré.
    Record Number: 7020
    Source Name: SecurityCenter
    Time Written: 20090115215507.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1
    Message: Le client des services de certification a démarré correctement.
    Record Number: 7021
    Source Name: Microsoft-Windows-CertificateServicesClient
    Time Written: 20090115215559.323878-000
    Event Type: Information
    User: PAPYRUS\Floue

    Computer Name: Papyrus
    Event Code: 1001
    Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide.
    Record Number: 7022
    Source Name: Microsoft-Windows-LoadPerf
    Time Written: 20090115215926.000000-000
    Event Type: Information
    User:

    Computer Name: Papyrus
    Event Code: 1000
    Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement dans la section des données contiennent les nouvelles valeurs d'index assignées à ce service.
    Record Number: 7023
    Source Name: Microsoft-Windows-LoadPerf
    Time Written: 20090115215927.000000-000
    Event Type: Information
    User:

    Security event log

    Computer Name: Papyrus
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 8210
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090115220923.940678-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Papyrus
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 8211
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090115220923.984678-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Papyrus
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 8212
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090115220924.027678-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Papyrus
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 8213
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090115220924.070678-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Papyrus
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 8214
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090115220924.113678-000
    Event Type: Échec de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%NpmLib%;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Samsung\Samsung PC Studio 3
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON"=FALSE
    "NpmLib"=C:\Program Files\Norman\Npm\Bin

    -----------------EOF-----------------
    16 Janvier 2009 21:13:35

    Bonsoir
    1
    J'ai besoin de savoir où tu as téléchargé Firefox. Envoie moi le lien en mp stp. :) 

    2



    Télécharge DirLook (de jpshortstuff)

  • Double-clique sur DirLook.exe pour le lancer.
  • Assure-toi que Show Hidden Files et BBCode Ouput soient tous les deux cochés.
  • Copie le contenu de la boîte ci-dessous dans le champ texte principal :

    c:\program files\Mozilla Firefox\components


  • Clique sur le bouton DirLook pour lancer l'examen.
  • Quand il est terminé, une fenêtre du Bloc-notes s'ouvre avec le résultat du scan. Merci de poster ce rapport dans ta prochaine réponse. (Note : Le rapport peut aussi être trouvé dans C:\dl_log.txt)

    Note : Il se peut que l'examen prenne plus de temps pour les gros répertoires.


    3

    Télécharge Gmer. (Przemyslaw Gmerek)

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche seulement Files, Services & Registry.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    17 Janvier 2009 10:52:59

    DirLook.exe v2.0 by jpshortstuff
    Log created at 10:50 on 17/01/2009
    ==================================
    Contents of "c:\program files\Mozilla Firefox\components"

    ---FOLDERS---

    (none found)

    ---FILES---

    aboutRights.js (2925 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    aboutRobots.js (2927 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    browser.xpt (348427 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    browserdirprovider.dll (23032 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 21:38) --a---
    brwsrcmp.dll (134648 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 21:38) --a---
    FeedConverter.js (25339 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    FeedProcessor.js (66215 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    FeedWriter.js (49694 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    fuelApplication.js (38238 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    jsconsole-clhandler.js (1494 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsAddonRepository.js (11659 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsadzgalore.dll (654848 bytes - created on 21/11/2008 at 15:15, modified on 05/01/2009 at 16:17) --a---
    nsBadCertHandler.js (3104 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsBlocklistService.js (27331 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsBrowserContentHandler.js (33087 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsBrowserGlue.js (32315 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsContentDispatchChooser.js (5005 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsContentPrefService.js (29973 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsDefaultCLH.js (6247 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsDownloadManagerUI.js (5737 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsExtensionManager.js (333468 bytes - created on 10/01/2009 at 20:57, modified on 02/12/2008 at 08:04) --a---
    nsHandlerService.js (51214 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsHelperAppDlg.js (41716 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsLivemarkService.js (36039 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsLoginInfo.js (4302 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsLoginManager.js (44047 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsLoginManagerPrompter.js (40367 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsMicrosummaryService.js (77051 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsPlacesTransactionsService.js (33805 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsPostUpdateWin.js (21420 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsProxyAutoConfig.js (13682 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSafebrowsingApplication.js (25176 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSearchService.js (110646 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSearchSuggestions.js (24273 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSessionStartup.js (11428 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSessionStore.js (76726 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSetDefaultBrowser.js (2854 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsSidebar.js (12513 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsTaggingService.js (9967 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsTryToClose.js (3268 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsUpdateService.js (112848 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsUrlClassifierLib.js (50600 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsUrlClassifierListManager.js (19984 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsURLFormatter.js (3097 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    nsWebHandlerApp.js (6920 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    pluginGlue.js (3142 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    storage-Legacy.js (49926 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    txEXSLTRegExFunctions.js (6667 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---
    WebContentConverter.js (34011 bytes - created on 10/01/2009 at 20:58, modified on 02/12/2008 at 08:04) --a---

    ==================================
    =EOF=




    GMER:


    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2009-01-17 10:51:44
    Windows 6.0.6001 Service Pack 1


    ---- System - GMER 1.0.14 ----

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8F07AF20]

    INT 0x51 ? 8691BF00
    INT 0x52 ? 8691BF00
    INT 0x62 ? 84790BF8
    INT 0x72 ? 84790BF8
    INT 0x92 ? 85120BF8
    INT 0x92 ? 8691BF00
    INT 0x92 ? 85120BF8
    INT 0xA2 ? 8691BF00
    INT 0xA2 ? 8691BF00
    INT 0xA2 ? 8691BF00
    INT 0xB3 ? 8691BF00

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!KeSetTimerEx + 854 81EECE18 4 Bytes [ 20, AF, 07, 8F ]
    ? System32\Drivers\spuh.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload 8DCEB46F 5 Bytes JMP 8691B4E0
    .text aj71l7jm.SYS 8A3C7000 22 Bytes [ 26, 82, E0, 81, 10, 81, E0, ... ]
    .text aj71l7jm.SYS 8A3C7017 67 Bytes [ 00, 32, 67, 79, 80, 3D, 65, ... ]
    .text aj71l7jm.SYS 8A3C705B 62 Bytes [ 82, A9, 84, 02, 82, F0, 62, ... ]
    .text aj71l7jm.SYS 8A3C709A 14 Bytes CALL 72C00D20
    .text aj71l7jm.SYS 8A3C70CE 10 Bytes [ 00, 00, 00, 00, 00, 00, 66, ... ]
    .text ...

    ---- User code sections - GMER 1.0.14 ----

    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[936] kernel32.dll!ExitProcess 77633B54 5 Bytes JMP 050520B4 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[936] USER32.dll!MessageBoxA 7634D619 5 Bytes JMP 0505205E C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[936] USER32.dll!MessageBoxW 7634D667 5 Bytes JMP 05052089 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceExA 776408DD 7 Bytes JMP 28001C30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceA 776409A5 5 Bytes JMP 28001BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!CreateEventA 77654AD8 5 Bytes JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!LockResource 77657F1F 5 Bytes JMP 28001E00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceExW 7765813B 7 Bytes JMP 28001B10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!LoadResource 77658213 7 Bytes JMP 28001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!FindResourceW 776597C7 5 Bytes JMP 28001A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] kernel32.dll!SizeofResource 776597E5 7 Bytes JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ADVAPI32.dll!CryptDeriveKey 764BE6F6 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ADVAPI32.dll!CryptDecrypt 764BE8D9 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!SetWindowPlacement 762F79BB 5 Bytes JMP 28005C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!SetWindowRgn 762F95E2 7 Bytes JMP 28005D50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!LoadImageW 762FD61D 5 Bytes JMP 280064E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!LoadIconW 762FEC94 5 Bytes JMP 280066D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!CreateWindowExW 76303D67 5 Bytes JMP 28003AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!PeekMessageW 7630FD9F 5 Bytes JMP 28004430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!TrackPopupMenuEx 76320F4D 5 Bytes JMP 28004D10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!CreateDialogParamW 76321C58 5 Bytes JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] USER32.dll!MessageBoxIndirectW 7634D56B 5 Bytes JMP 28006080 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WS2_32.dll!closesocket 7774330C 5 Bytes JMP 2800B920 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WS2_32.dll!recv 7774343A 5 Bytes JMP 2800B140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WS2_32.dll!WSASend 77744496 5 Bytes JMP 2800B6E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WS2_32.dll!send 7774659B 5 Bytes JMP 2800B500 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WS2_32.dll!WSARecv 77748400 5 Bytes JMP 2800B2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] SHELL32.dll!Shell_NotifyIconW 769BC808 5 Bytes JMP 280032B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoRegisterClassObject 761B45AC 5 Bytes JMP 28002210 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoInitializeEx 761EB89A 5 Bytes JMP 28002110 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] ole32.dll!CoCreateInstance 761EE188 5 Bytes JMP 280024B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!HttpOpenRequestA 766506D6 5 Bytes JMP 28009F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!InternetCloseHandle 7665607B 5 Bytes JMP 2800A2A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!InternetReadFile 7665A067 5 Bytes JMP 2800A0F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2920] WININET.dll!HttpSendRequestA 766608C5 5 Bytes JMP 2800A1D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068D6D2] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068D040] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068D7FC] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068D0BE] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068D13C] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069D048] \SystemRoot\System32\Drivers\spuh.sys
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortNotification] 24488B66
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortGetScatterGatherList] [8DC80320] \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation)
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8A3ECFBC] \SystemRoot\System32\Drivers\aj71l7jm.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortReadPortUshort] 3ECFC8A1
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8A
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortInitialize] 00009A88
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
    IAT \SystemRoot\System32\Drivers\aj71l7jm.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 851221F8
    Device \Driver\volmgr \Device\VolMgrControl 847921F8
    Device \Driver\PCI_PNP2916 \Device\00000050 spuh.sys
    Device \Driver\usbuhci \Device\USBPDO-0 869731F8
    Device \Driver\usbuhci \Device\USBPDO-1 869731F8
    Device \Driver\usbehci \Device\USBPDO-2 869721F8
    Device \Driver\usbuhci \Device\USBPDO-3 869731F8
    Device \Driver\usbuhci \Device\USBPDO-4 869731F8

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\usbuhci \Device\USBPDO-5 869731F8
    Device \Driver\usbehci \Device\USBPDO-6 869721F8
    Device \Driver\volmgr \Device\HarddiskVolume1 847921F8
    Device \Driver\sptd \Device\1724382926 spuh.sys
    Device \Driver\volmgr \Device\HarddiskVolume2 847921F8
    Device \Driver\cdrom \Device\CdRom0 86ABC1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851211F8
    Device \Driver\atapi \Device\Ide\IdePort0 851211F8
    Device \Driver\atapi \Device\Ide\IdePort1 851211F8
    Device \Driver\volmgr \Device\HarddiskVolume3 847921F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 874B1500
    Device \Driver\Smb \Device\NetbiosSmb 874B21F8
    Device \Driver\iScsiPrt \Device\RaidPort0 86ACA1F8

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

    Device \Driver\netbt \Device\NetBT_Tcpip_{2BBFF680-A4EF-48A3-983B-09594979F46B} 874B1500
    Device \Driver\usbuhci \Device\USBFDO-0 869731F8
    Device \Driver\usbuhci \Device\USBFDO-1 869731F8
    Device \Driver\usbehci \Device\USBFDO-2 869721F8
    Device \Driver\usbuhci \Device\USBFDO-3 869731F8
    Device \Driver\usbuhci \Device\USBFDO-4 869731F8
    Device \Driver\usbuhci \Device\USBFDO-5 869731F8
    Device \Driver\usbehci \Device\USBFDO-6 869721F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{9F7CE632-9469-48E2-B4A2-46B462E4BEC9} 874B1500
    Device \Driver\aj71l7jm \Device\Scsi\aj71l7jm1 86ABE1F8
    Device \FileSystem\cdfs \Cdfs 87F611F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x88 0x63 0x98 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6C 0xAE 0xD7 0x0C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0x81 0xB9 0x20 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBF 0x68 0x66 0xD2 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF0 0x80 0xE5 0x40 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0x95 0xF8 0x37 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x88 0x63 0x98 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6C 0xAE 0xD7 0x0C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0x81 0xB9 0x20 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBF 0x68 0x66 0xD2 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF0 0x80 0xE5 0x40 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0x95 0xF8 0x37 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

    ---- EOF - GMER 1.0.14 ----
    17 Janvier 2009 21:05:19

    bonsoir

    Etape 1

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :processes
    explorer.exe

    :files
    c:\program files\Mozilla Firefox\components\nsadzgalore.dll

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    Etape 2


    Rends toi sur ce lien : [#ff2a00]Virus Total

  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Windows\System32\Drivers\spuh.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
    Même chose avec:
    C:\Windows\System32\Drivers\aj71l7jm.SYS

    Note :
    Citation :
    Pour afficher les dossiers et fichiers cachés du système:
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.
    18 Janvier 2009 12:38:05

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    LoadLibrary failed for c:\program files\Mozilla Firefox\components\nsadzgalore.dll
    c:\program files\Mozilla Firefox\components\nsadzgalore.dll NOT unregistered.
    c:\program files\Mozilla Firefox\components\nsadzgalore.dll moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Floue\AppData\Local\Temp\etilqs_AfYoiYvs2944UPdTQ2ft scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Temp\~DF7C56.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\18c08b92-364c-495c-a564-8963ea42dfcd.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\1cf6f2d5-5d1d-4061-90c1-6585b17a653f.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\248192d6-d3f3-4aa2-a614-0a54241da98c.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\37849081-a4c8-446b-b3f0-efffd4ba878f.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\4ff593f6-4563-4649-b787-3b6933485f0b.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\5bde2cb1-0ab5-4ff5-84b5-ba53be4be73c.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\769d81b6-a799-444f-99ca-ba4f932ce424.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\81f70289-2f00-40e4-af8b-2dd272580baf.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\931d38ae-2c86-4a93-8989-144371230a4e.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\959a0ed8-f55e-40a5-9a94-09b38ab39b68.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\ac606c3d-9df7-4abc-b529-e3e212ef3e0b.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\b11f43fd-0c20-42df-b9d9-64322b03600f.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\c4f12da1-7a46-4ca9-b4dc-b4aeed9c7e77.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\fdead27e-00df-4f92-b4af-0ac5e09885f1.tmp scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_122137

    Files moved on Reboot...
    File C:\Users\Floue\AppData\Local\Temp\etilqs_AfYoiYvs2944UPdTQ2ft not found!
    C:\Users\Floue\AppData\Local\Temp\~DF7C56.tmp moved successfully.
    File C:\Windows\temp\18c08b92-364c-495c-a564-8963ea42dfcd.tmp not found!
    File C:\Windows\temp\1cf6f2d5-5d1d-4061-90c1-6585b17a653f.tmp not found!
    File C:\Windows\temp\248192d6-d3f3-4aa2-a614-0a54241da98c.tmp not found!
    File C:\Windows\temp\37849081-a4c8-446b-b3f0-efffd4ba878f.tmp not found!
    File C:\Windows\temp\4ff593f6-4563-4649-b787-3b6933485f0b.tmp not found!
    File C:\Windows\temp\5bde2cb1-0ab5-4ff5-84b5-ba53be4be73c.tmp not found!
    File C:\Windows\temp\769d81b6-a799-444f-99ca-ba4f932ce424.tmp not found!
    File C:\Windows\temp\81f70289-2f00-40e4-af8b-2dd272580baf.tmp not found!
    File C:\Windows\temp\931d38ae-2c86-4a93-8989-144371230a4e.tmp not found!
    File C:\Windows\temp\959a0ed8-f55e-40a5-9a94-09b38ab39b68.tmp not found!
    File C:\Windows\temp\ac606c3d-9df7-4abc-b529-e3e212ef3e0b.tmp not found!
    File C:\Windows\temp\b11f43fd-0c20-42df-b9d9-64322b03600f.tmp not found!
    File C:\Windows\temp\c4f12da1-7a46-4ca9-b4dc-b4aeed9c7e77.tmp not found!
    File C:\Windows\temp\fdead27e-00df-4f92-b4af-0ac5e09885f1.tmp not found!
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\XUL.mfl moved successfully.


    Je ne trouve pas:

    C:\Windows\System32\Drivers\spuh.sys

    =S
    18 Janvier 2009 19:46:47

    bonsoir
    tu as affiché les fichiers/dossiers cachés comme demandé?
    comment se comporte ton pc?
    18 Janvier 2009 23:32:20

    Oui j'ai affiché, mais je ne l'ai pas trouvé :/ 
    19 Janvier 2009 21:46:01

    bonsoir
    ça donne quoi pour yoog search?



    20 Janvier 2009 17:38:55

    Aucun résultat...
    20 Janvier 2009 21:59:02

    Bonsoir
    Pour être honnête, ton infection est récente et pour l'instant, je n'ai pas encore vu de résolution satisfaisante...

    La seule possibilité que je vois est: suppression de ComboFix, puis tu télécharges une nouvelle version et tu laisses travailler l'outil. Après, je ferai un script et si ça ne marche pas, j'entrerai en contact avec le développeur de ComboFix.

    ++++++++++++++++++++

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    ajoute un nouveau rapport Hijackthis.
    20 Janvier 2009 22:21:59

    Le seul souci c'est que la dernière fois que j'ai lancée ComboFix, il a fait planter mon ordi. Au démarrage il lui manquait un fichier pour lancer Vista...

    Du coup j'appréhende de le lancer...

    Un poste Hikackthis quand même...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:20, on 2009-01-20
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\VM30xSnap.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x)
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
    O9 - Extra button: Résumer - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra 'Tools' menuitem: Résumer avec Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\PROGRA~1\COPERN~1\COPERN~2.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 8386 bytes
    20 Janvier 2009 22:58:23

    J'ai réussi à l'enlever de firefox grace à cette méthode:

    Message édité par Sham-Rock

    Par contre toujours sur IE7

    ^-^
    20 Janvier 2009 23:01:19

    C'est bon je l'ai supprimé! (Clique droit dans la fenetre de recherche de IE j'ai supprimé Yoog Search et mis Google, j'ai fermé, rouvert. Plus de Yoo search!!)

    :) 
    20 Janvier 2009 23:01:55

    re
    il vient d'où ton fix?
    ça fait plus de 30 mn que je prépare une procédure avec un outil et tu me sors ça...
    20 Janvier 2009 23:05:32

    ok
    c'est pear, de zebulon..
    tu me passes le lien stp
    20 Janvier 2009 23:07:21

    ok
    je vais édité ton fix car la procédure avant été rédigée pour un utilisateur en particulier et tu aurais pu crasher ton pc...
    20 Janvier 2009 23:09:31

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    pour voir
    20 Janvier 2009 23:10:05

    Ah en même temps je suis pas partie à l'aveuglette.

    J'ai regardé le post et les différentes lignes, avant de me lancer.

    En meme temps ComboFix m'a fait du tort pour rien...

    Merci :) 
    20 Janvier 2009 23:11:16

    Voila:

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    Unable to kill process: C:\WINDOWS\system32\cont_adzgalore-remove.exe
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\drivers\a8p526sc.sys not found.
    File/Folder C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll not found.
    File/Folder C:\WINDOWS\system32\cont_adzgalore-remove.exe not found.
    File/Folder C:\Program Files\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js not found.
    ========== REGISTRY ==========
    Registry key HKEY_USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Internet Explorer\SearchScopes not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cont_adzgalore\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Floue\AppData\Local\Temp\etilqs_a0e6XtGqrxmCjXiICFZq scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Temp\etilqs_a0e6XtGqrxmCjXiICFZq-journal scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Temp\etilqs_bDXC2KdgQNtdYtsbq1m9 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\21985f74-27a7-4f10-91f3-cb3841a7a509.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\2f135a1e-b829-4515-ac7f-aedcd83f2887.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\45b5807b-634f-4d00-93c4-e616b2887609.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\49b683ce-0589-4967-91a3-2c0743953c63.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\4c686a8f-1360-4884-b923-b7b307e1c6ee.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\6b5033c2-a0d6-45c3-889b-ee3f9c05fd6c.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\71a3bd8c-3b8b-455b-a9ed-0d95b2ef65ae.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\a1b82d4b-6bcf-452f-bd9e-0f7314fb56c1.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\a3cfd3d9-8675-4207-972f-c06f2ccae26e.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\a62296f4-5e83-4ba9-ab92-4373d0df70f2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cdcc0bc6-a19a-4d1b-9d7a-6ce9e4480d1c.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\f2e7c664-90e9-4285-b1b0-9ec5304049ec.tmp scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_225148

    Files moved on Reboot...
    File C:\Users\Floue\AppData\Local\Temp\etilqs_a0e6XtGqrxmCjXiICFZq not found!
    File C:\Users\Floue\AppData\Local\Temp\etilqs_a0e6XtGqrxmCjXiICFZq-journal not found!
    File C:\Users\Floue\AppData\Local\Temp\etilqs_bDXC2KdgQNtdYtsbq1m9 not found!
    C:\Windows\temp\21985f74-27a7-4f10-91f3-cb3841a7a509.tmp moved successfully.
    C:\Windows\temp\2f135a1e-b829-4515-ac7f-aedcd83f2887.tmp moved successfully.
    C:\Windows\temp\45b5807b-634f-4d00-93c4-e616b2887609.tmp moved successfully.
    C:\Windows\temp\49b683ce-0589-4967-91a3-2c0743953c63.tmp moved successfully.
    C:\Windows\temp\4c686a8f-1360-4884-b923-b7b307e1c6ee.tmp moved successfully.
    C:\Windows\temp\6b5033c2-a0d6-45c3-889b-ee3f9c05fd6c.tmp moved successfully.
    C:\Windows\temp\71a3bd8c-3b8b-455b-a9ed-0d95b2ef65ae.tmp moved successfully.
    C:\Windows\temp\a1b82d4b-6bcf-452f-bd9e-0f7314fb56c1.tmp moved successfully.
    C:\Windows\temp\a3cfd3d9-8675-4207-972f-c06f2ccae26e.tmp moved successfully.
    C:\Windows\temp\a62296f4-5e83-4ba9-ab92-4373d0df70f2.tmp moved successfully.
    C:\Windows\temp\cdcc0bc6-a19a-4d1b-9d7a-6ce9e4480d1c.tmp moved successfully.
    C:\Windows\temp\f2e7c664-90e9-4285-b1b0-9ec5304049ec.tmp moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\OfflineCache\index.sqlite moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Floue\AppData\Local\Mozilla\Firefox\Profiles\dxpsije0.default\XUL.mfl moved successfully.
    20 Janvier 2009 23:19:51

    quand je regarde ton rapport, pour moi, tu n'as pas supprimé l'infection:

    Citation :
    Unable to kill process: C:\WINDOWS\system32\cont_adzgalore-remove.exe
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\drivers\a8p526sc.sys not found.
    File/Folder C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll not found.
    File/Folder C:\WINDOWS\system32\cont_adzgalore-remove.exe not found.
    File/Folder C:\Program Files\Messenger Plus! Live\Scripts\BlockPrank\BlockPrank.js not found.
    ========== REGISTRY ==========
    Registry key HKEY_USERS\S-1-5-21-427403600-254994093-1133982494-1007\Software\Microsoft\Internet Explorer\SearchScopes not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\cont_adzgalore\\ not found.

    l'outil n'a marché que sur les fichiers temporaires...

    20 Janvier 2009 23:22:46

    Elle n'apparait plus en tout cas, comment ça se fait... ?
    20 Janvier 2009 23:27:56

    je ne sais pas.
    on attend et tu repostes demain si ça revient.
    j'avais préparé une procédure mais pas la peine de te la faire faire pour rien... (en plus, j'en aurais pour un moment à analyser le rapport généré)
    20 Janvier 2009 23:44:47

    Ok on verra demain! =)
    Anonyme
    21 Janvier 2009 01:56:15

    Salut, pour arriver à me débarrasser de yoog search j'ai supprimer tout ce qui porte le nom de yoog dans le registre..........et ç'à marcher........du moins pour l'instant il n'apparaît plus.......
    9 Février 2009 02:34:14

    Citation :
    Salut, pour arriver à me débarrasser de yoog search j'ai supprimer tout ce qui porte le nom de yoog dans le registre..........et ç'à marcher........du moins pour l'instant il n'apparaît plus.......



    Comment fait-on une recherche dans les registres?
    Anonyme
    30 Juillet 2009 17:17:06

    Salut tout le monde.
    Pour les experts ici, un conseil, ne vous fatiguez pas avec les problemes du genre jaime pas cette barre de recherche et tout.
    Ca apprendra aux gens a installer nimporte quoi. Ya des trucs plus graves a arranger.

    Dailleurs ya une utilite qui sappelle ShellExView et qui permet de voir toutes les shell extentions installees, BHO inclus (Browser Helper Objects). Dhab suffit de les effacer dans ce programme et ca part.

    Rolf
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS