[Vista]Double-clic ,et clic droit impossible gestionnaire de jeu vista
Dernière réponse : dans Systèmes d'exploitation
Bonjour,je n'arrive plus à lancer les jeux ,ou a faire un clic droit ,sur le gestionnaire de jeu (le dossier avec les raccourcis de jeux dedans).
Quand j'essaye de le lancer ou de faire un clic droit ,rien ne se passe ...
Comment régler ce petit problème ?
Merci !
Quand j'essaye de le lancer ou de faire un clic droit ,rien ne se passe ...
Comment régler ce petit problème ?
Merci !
Autres pages sur : vista double clic clic droit impossible gestionnaire jeu vista
Lassé par la pub ? Créez un compte
Hello, on va voir ce qu'il se passe :
Première hypothèse : le disque dur qui commence à être défectueux :
Démarre ton PC, puis va dans le menu Démarrer.
Dans la barre de recherche, tape cmd , fais un clic droit sur le résultat puis clique sur Exécuter en tant qu'administrateur .
Une fenêtre noire s'affiche. Tape CHKDSK C: puis patiente.
Une fois l'opération terminée, envoie-moi une capture d'écran stp.
--> Pour envoyer une capture d'écran :
1/ Enregistrer l'image
Appuie sur la touche Impécr de ton clavier.
Démarre Paint (de Microsoft Corporation) : Démarrer > Tous les programmes > Accessoires > Paint
Clique sur Edition , Coller .
Va dans Fichier , puis Enregistrer sous... et sauvegarde ton image.
2/ Héberger l'image
Va sur le site Imageshack , un hébergeur d'images.
Une fois sur le site, clique sur Browse (en gris) puis double-clique sur ton image.
Ne mets pas ton adresse de messagerie et clique sur Télécharger maintenant
Après quelques secondes, des liens s'affichent à gauche : copie le lien en face de Lien direct et colle-le dans ta prochaine réponse.
Première hypothèse : le disque dur qui commence à être défectueux :
--> Pour envoyer une capture d'écran :
1/ Enregistrer l'image
2/ Héberger l'image
) 
Aucun problème de disque dur, finalement.
On va essayer autre chose :
Télécharge CCleaner (de Piriform Ltd).
Installe-le en suivant la procédure, mais en décochant la case Installer la Yahoo Toolbar .
Démarre le programme. Décoche la case Cookies à gauche, puis clique sur Nettoyer .
Une fois le nettoyage terminé, va dans Registre et corrige toutes les erreurs (appuye sur oui quand il te demande de faire une sauvegarde).
Quitte CCleaner et dis-moi si les problèmes reviennent.
On va essayer autre chose :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:18, on 17/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Steam\steam.exe
C:\Windows\explorer.exe
C:\Users\Marc Gilles\Downloads\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED}: NameServer = 80.10.246.130,80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 6101 bytes
Scan saved at 13:56:18, on 17/06/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Steam\steam.exe
C:\Windows\explorer.exe
C:\Users\Marc Gilles\Downloads\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED}: NameServer = 80.10.246.130,80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 6101 bytes
Bon, on va continuer :
Supprime Spyware doctor, qui ne sert strictement à rien ![:o]( ":o")
Avira suffit largement :smile:
Télécharge et installe le Service Pack 2 de Windows Vista ici : http://www.01net.com/telecharger/windows/Utilitaire/dll...
-> Cette mise à jour va prendre une heure. Après redémarrage, dis-moi si le problème revient![;)]( ";)")
Avira suffit largement :smile:-> Cette mise à jour va prendre une heure. Après redémarrage, dis-moi si le problème revient
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:03, on 17/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Marc Gilles\Downloads\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED}: NameServer = 80.10.246.130,80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 5333 bytes
Scan saved at 19:04:03, on 17/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Marc Gilles\Downloads\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED}: NameServer = 80.10.246.130,80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 5333 bytes
Ba j'ai toujours un rootkit que j'arrive pas a supprimer avec Malware:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 4041
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
17/06/2010 19:41:05
mbam-log-2010-06-17 (19-41-05).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 106960
Temps écoulé: 3 minute(s), 24 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\system32\Drivers\rjmpdyxl.sys (Rootkit.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 4041
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
17/06/2010 19:41:05
mbam-log-2010-06-17 (19-41-05).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 106960
Temps écoulé: 3 minute(s), 24 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\system32\Drivers\rjmpdyxl.sys (Rootkit.Agent) -> No action taken.
Une infection rootkit.
--> On va la supprimer :
Relance MBAM.
Sélectionne Exécuter un examen rapide.
Clique sur Rechercher.
A la fin de l'analyse, un message s'affiche.
Clique sur OK afin de continuer.
!! Ferme toutes les applications en cours !! (sauf MBAM bien sûr)
Clique sur Afficher les résultats.
Coche toutes les cases et clique sur Supprimer . A la fin, un rapport s'affiche : colle-le dans ta prochaine réponse stp.
--> On va la supprimer :
Donc après mainte rechercher sur le net ,j'ai réussi a trouver la solution pour supprimer le rootkit (ainsi que les cléf dans le registre).
Mais l'explorateur de jeux ne marche toujours pas ... (enfin je peux quand même lancer les jeux avec le bouton lancer dans le menu ,mais ej peut ni supprimer des icones ,ni les modifier ,je peux juste en rajouter)
Mais l'explorateur de jeux ne marche toujours pas ... (enfin je peux quand même lancer les jeux avec le bouton lancer dans le menu ,mais ej peut ni supprimer des icones ,ni les modifier ,je peux juste en rajouter)
Yop! À la demande de guigui, je vais continuer! ![;)]( ";)")
Désactive l'antivirus.
Télécharger et enregistrer sur le bureau « Combofix »
Double-clic sur Combofix.
Si invitation à télécharger et installer la console de récupération, l'accepter.
La recherche va ensuite se lancer,
Attendre la fermeture de l’outil ( 5 à 10 mn),
Un rapport dans C:\Combofix.txt: héberge le et donne le lien.
Télécharger et enregistrer sur le bureau « Combofix »
Enfin je viens de réussi à lancer firefox ... mais çà lag que je sais pas quoi !
voilà le rapport:
ComboFix 10-06-17.02 - Marc Gilles 18/06/2010 11:20:25.2.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1961 [GMT 2:00]
Lancé depuis: c:\users\Marc Gilles\Downloads\COlaF.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\win.com
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-18 au 2010-06-18 ))))))))))))))))))))))))))))))))))))
.
2010-06-18 09:25 . 2010-06-18 09:27 -------- d-----w- c:\users\Marc Gilles\AppData\Local\temp
2010-06-18 09:25 . 2010-06-18 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 09:25 . 2010-06-18 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 23:25 . 2010-06-17 23:25 -------- d-----w- c:\users\Marc Gilles\AppData\Local\Apps
2010-06-17 23:08 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-17 23:08 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-17 19:56 . 2010-06-17 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-17 19:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 17:50 . 2010-06-17 17:50 -------- d-----r- c:\users\Marc Gilles\Games
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Vista Game Explorer Editor
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 16:18 . 2010-06-17 16:18 -------- d-----w- c:\windows\system32\SPReview
2010-06-17 16:07 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-17 16:07 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-06-17 16:05 . 2009-04-10 21:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-06-17 16:04 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-06-17 16:00 . 2010-06-17 16:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 09:00 . 2010-06-17 09:00 -------- d-----w- c:\program files\CCleaner
2010-06-16 15:11 . 2010-06-16 15:11 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\OfficeRecovery
2010-06-16 14:01 . 2010-06-16 14:01 -------- d-----w- c:\programdata\THQ
2010-06-16 10:33 . 2010-06-16 10:41 -------- d-----w- c:\users\Marc Gilles\Nouveau dossier
2010-06-15 10:00 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\program files\QS
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TeamViewer
2010-06-14 19:20 . 2010-06-14 19:20 -------- d-----w- c:\users\Marc Gilles\temp
2010-06-14 08:33 . 2010-06-14 08:33 -------- d-----w- c:\programdata\McAfee
2010-06-12 22:57 . 2007-08-29 13:36 110592 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe
2010-06-10 08:30 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 07:06 . 2010-06-10 07:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Recordpad
2010-06-09 05:00 . 2010-06-09 05:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Software
2010-06-09 05:00 . 2007-08-29 13:36 74240 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\oggdec\oggdec.exe
2010-06-09 04:59 . 2010-06-09 04:59 -------- d-----w- c:\program files\NCH Software
2010-06-09 04:59 . 2010-06-16 15:10 -------- d-----w- c:\programdata\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 15:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 06:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Swift Sound
2010-06-07 20:08 . 2010-06-07 20:08 -------- d-----w- c:\program files\Megaupload
2010-06-07 19:52 . 2010-06-07 20:01 -------- d-----w- c:\programdata\DivX
2010-06-07 14:40 . 2010-06-07 14:40 -------- d-----w- c:\program files\iPod
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\program files\iTunes
2010-06-07 14:38 . 2010-06-07 14:38 -------- d-----w- c:\program files\QuickTime
2010-06-07 14:34 . 2010-06-07 14:34 -------- d-----w- c:\program files\Bonjour
2010-06-07 14:27 . 2010-06-07 14:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\dods.dll
2010-06-05 19:09 . 2010-06-05 19:09 24744 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\wow.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\cs.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-06-05 19:09 . 2010-06-05 19:09 22696 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\borderlands.dll
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-06-03 07:47 . 2010-06-17 18:45 -------- d-----r- c:\users\Marc Gilles\Logiciel
2010-06-03 06:48 . 2010-06-03 06:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-03 06:48 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 06:48 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-03 06:46 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-03 06:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-03 05:54 . 2010-06-03 05:54 50981 ----a-w- c:\windows\system32\zkdztsvmpxff.exe
2010-06-01 20:55 . 2010-06-01 20:55 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FOG Downloader
2010-06-01 20:55 . 2010-06-07 18:17 -------- d-----w- c:\program files\Runes of Magic
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-24 12:39 . 2010-05-24 12:39 85504 ----a-w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 09:27 . 2009-12-24 03:22 33449 ----a-w- c:\programdata\nvModes.dat
2010-06-18 09:13 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-18 09:13 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-18 08:31 . 2009-11-19 21:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Xfire
2010-06-18 00:21 . 2009-11-19 18:23 1356 ----a-w- c:\users\Marc Gilles\AppData\Local\d3d9caps.dat
2010-06-18 00:04 . 2009-11-29 11:49 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2010-06-17 23:13 . 2009-11-19 18:24 58616 ----a-w- c:\users\Marc Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-17 23:09 . 2009-12-20 17:23 -------- d-----w- c:\program files\gPotato.eu
2010-06-17 20:53 . 2009-11-20 05:23 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\vlc
2010-06-17 19:56 . 2010-03-03 21:05 -------- d-----w- c:\program files\Java
2010-06-17 17:01 . 2010-04-27 08:47 -------- d-----w- c:\program files\Spyware Doctor
2010-06-17 16:31 . 2009-11-19 18:28 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-17 16:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 15:57 . 2009-12-06 09:29 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-17 15:56 . 2009-12-06 09:29 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-17 13:03 . 2009-11-21 15:16 -------- d-----w- c:\program files\Steam
2010-06-17 13:02 . 2009-11-21 15:16 -------- d-----w- c:\program files\Common Files\Steam
2010-06-17 08:57 . 2009-11-25 17:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\gtk-2.0
2010-06-16 09:33 . 2009-12-06 13:59 -------- d-----w- c:\program files\Warcraft III
2010-06-14 20:56 . 2009-12-22 01:36 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Skype
2010-06-14 20:28 . 2009-12-22 01:38 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\skypePM
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\WindSolutions
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\programdata\WindSolutions
2010-06-07 20:08 . 2009-11-21 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 14:40 . 2009-12-18 20:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-05 19:59 . 2010-04-14 12:18 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Mumble
2010-06-04 14:14 . 2009-12-02 21:26 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\dvdcss
2010-06-03 16:30 . 2010-01-04 19:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-03 16:29 . 2009-11-19 21:00 -------- d-----w- c:\programdata\Xfire
2010-06-03 06:39 . 2009-11-19 21:00 -------- d-----w- c:\program files\Xfire
2010-06-01 19:07 . 2009-12-18 11:22 -------- d-----w- c:\program files\Metin2_France
2010-05-27 17:39 . 2009-11-29 14:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-10 08:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 11:33 . 2010-01-04 19:09 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TS3Client
2010-05-16 20:09 . 2010-05-16 20:08 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Notepad++
2010-05-16 20:08 . 2010-05-16 20:08 -------- d-----w- c:\program files\Notepad++
2010-05-10 01:02 . 2009-12-12 17:43 -------- d-----w- c:\program files\Google
2010-05-08 10:31 . 2010-05-08 09:01 -------- d-----w- c:\program files\E-anim
2010-05-04 05:59 . 2010-06-10 08:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\programdata\ma-config.com
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\program files\ma-config.com
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-27 09:15 . 2010-04-27 09:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Malwarebytes
2010-04-27 09:15 . 2010-04-27 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 09:14 . 2010-04-27 09:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 09:12 . 2010-04-27 08:12 -------- d-sh--w- c:\users\Marc Gilles\AppData\Roaming\lowsec
2010-04-27 08:20 . 2010-04-27 08:12 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\6F9E5444FE4BFD4576F143DADF5C5352
2010-04-25 14:33 . 2010-01-07 11:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\.easytag
2010-04-25 11:58 . 2010-04-25 11:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 20:49 . 2010-04-12 20:48 925449 ----a-w- c:\program files\av voice.rar
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 08:38 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-29 22:46 . 2010-04-27 09:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-27 09:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Marc Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Marc Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,2f,44,e7,3a,0e,cb,01
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-05 3375952]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-24 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{1E47E678-3EB3-45DF-AE37-56E55DC3B86D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED} = 80.10.246.130,80.10.246.3
FF - ProfilePath - c:\users\Marc Gilles\AppData\Roaming\Mozilla\Firefox\Profiles\m2qvheo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Recordpad - c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
MSConfigStartUp-skb - fzsumcjd.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 11:27
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\WUDFHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-18 11:32:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-18 09:32
ComboFix2.txt 2010-04-27 13:54
Avant-CF: 456 861 540 352 octets libres
Après-CF: 456 899 334 144 octets libres
- - End Of File - - 116F1862357127119C399CFD2C6AF779
voilà le rapport:
ComboFix 10-06-17.02 - Marc Gilles 18/06/2010 11:20:25.2.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1961 [GMT 2:00]
Lancé depuis: c:\users\Marc Gilles\Downloads\COlaF.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\win.com
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-18 au 2010-06-18 ))))))))))))))))))))))))))))))))))))
.
2010-06-18 09:25 . 2010-06-18 09:27 -------- d-----w- c:\users\Marc Gilles\AppData\Local\temp
2010-06-18 09:25 . 2010-06-18 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 09:25 . 2010-06-18 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 23:25 . 2010-06-17 23:25 -------- d-----w- c:\users\Marc Gilles\AppData\Local\Apps
2010-06-17 23:08 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-17 23:08 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-17 19:56 . 2010-06-17 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-17 19:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 17:50 . 2010-06-17 17:50 -------- d-----r- c:\users\Marc Gilles\Games
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Vista Game Explorer Editor
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 16:18 . 2010-06-17 16:18 -------- d-----w- c:\windows\system32\SPReview
2010-06-17 16:07 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-17 16:07 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-06-17 16:05 . 2009-04-10 21:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-06-17 16:04 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-06-17 16:00 . 2010-06-17 16:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 09:00 . 2010-06-17 09:00 -------- d-----w- c:\program files\CCleaner
2010-06-16 15:11 . 2010-06-16 15:11 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\OfficeRecovery
2010-06-16 14:01 . 2010-06-16 14:01 -------- d-----w- c:\programdata\THQ
2010-06-16 10:33 . 2010-06-16 10:41 -------- d-----w- c:\users\Marc Gilles\Nouveau dossier
2010-06-15 10:00 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\program files\QS
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TeamViewer
2010-06-14 19:20 . 2010-06-14 19:20 -------- d-----w- c:\users\Marc Gilles\temp
2010-06-14 08:33 . 2010-06-14 08:33 -------- d-----w- c:\programdata\McAfee
2010-06-12 22:57 . 2007-08-29 13:36 110592 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe
2010-06-10 08:30 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 07:06 . 2010-06-10 07:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Recordpad
2010-06-09 05:00 . 2010-06-09 05:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Software
2010-06-09 05:00 . 2007-08-29 13:36 74240 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\oggdec\oggdec.exe
2010-06-09 04:59 . 2010-06-09 04:59 -------- d-----w- c:\program files\NCH Software
2010-06-09 04:59 . 2010-06-16 15:10 -------- d-----w- c:\programdata\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 15:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 06:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Swift Sound
2010-06-07 20:08 . 2010-06-07 20:08 -------- d-----w- c:\program files\Megaupload
2010-06-07 19:52 . 2010-06-07 20:01 -------- d-----w- c:\programdata\DivX
2010-06-07 14:40 . 2010-06-07 14:40 -------- d-----w- c:\program files\iPod
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\program files\iTunes
2010-06-07 14:38 . 2010-06-07 14:38 -------- d-----w- c:\program files\QuickTime
2010-06-07 14:34 . 2010-06-07 14:34 -------- d-----w- c:\program files\Bonjour
2010-06-07 14:27 . 2010-06-07 14:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\dods.dll
2010-06-05 19:09 . 2010-06-05 19:09 24744 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\wow.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\cs.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-06-05 19:09 . 2010-06-05 19:09 22696 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\borderlands.dll
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-06-03 07:47 . 2010-06-17 18:45 -------- d-----r- c:\users\Marc Gilles\Logiciel
2010-06-03 06:48 . 2010-06-03 06:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-03 06:48 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 06:48 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-03 06:46 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-03 06:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-03 05:54 . 2010-06-03 05:54 50981 ----a-w- c:\windows\system32\zkdztsvmpxff.exe
2010-06-01 20:55 . 2010-06-01 20:55 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FOG Downloader
2010-06-01 20:55 . 2010-06-07 18:17 -------- d-----w- c:\program files\Runes of Magic
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-24 12:39 . 2010-05-24 12:39 85504 ----a-w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 09:27 . 2009-12-24 03:22 33449 ----a-w- c:\programdata\nvModes.dat
2010-06-18 09:13 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-18 09:13 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-18 08:31 . 2009-11-19 21:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Xfire
2010-06-18 00:21 . 2009-11-19 18:23 1356 ----a-w- c:\users\Marc Gilles\AppData\Local\d3d9caps.dat
2010-06-18 00:04 . 2009-11-29 11:49 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2010-06-17 23:13 . 2009-11-19 18:24 58616 ----a-w- c:\users\Marc Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-17 23:09 . 2009-12-20 17:23 -------- d-----w- c:\program files\gPotato.eu
2010-06-17 20:53 . 2009-11-20 05:23 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\vlc
2010-06-17 19:56 . 2010-03-03 21:05 -------- d-----w- c:\program files\Java
2010-06-17 17:01 . 2010-04-27 08:47 -------- d-----w- c:\program files\Spyware Doctor
2010-06-17 16:31 . 2009-11-19 18:28 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-17 16:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 15:57 . 2009-12-06 09:29 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-17 15:56 . 2009-12-06 09:29 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-17 13:03 . 2009-11-21 15:16 -------- d-----w- c:\program files\Steam
2010-06-17 13:02 . 2009-11-21 15:16 -------- d-----w- c:\program files\Common Files\Steam
2010-06-17 08:57 . 2009-11-25 17:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\gtk-2.0
2010-06-16 09:33 . 2009-12-06 13:59 -------- d-----w- c:\program files\Warcraft III
2010-06-14 20:56 . 2009-12-22 01:36 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Skype
2010-06-14 20:28 . 2009-12-22 01:38 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\skypePM
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\WindSolutions
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\programdata\WindSolutions
2010-06-07 20:08 . 2009-11-21 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 14:40 . 2009-12-18 20:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-05 19:59 . 2010-04-14 12:18 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Mumble
2010-06-04 14:14 . 2009-12-02 21:26 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\dvdcss
2010-06-03 16:30 . 2010-01-04 19:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-03 16:29 . 2009-11-19 21:00 -------- d-----w- c:\programdata\Xfire
2010-06-03 06:39 . 2009-11-19 21:00 -------- d-----w- c:\program files\Xfire
2010-06-01 19:07 . 2009-12-18 11:22 -------- d-----w- c:\program files\Metin2_France
2010-05-27 17:39 . 2009-11-29 14:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-10 08:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 11:33 . 2010-01-04 19:09 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TS3Client
2010-05-16 20:09 . 2010-05-16 20:08 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Notepad++
2010-05-16 20:08 . 2010-05-16 20:08 -------- d-----w- c:\program files\Notepad++
2010-05-10 01:02 . 2009-12-12 17:43 -------- d-----w- c:\program files\Google
2010-05-08 10:31 . 2010-05-08 09:01 -------- d-----w- c:\program files\E-anim
2010-05-04 05:59 . 2010-06-10 08:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\programdata\ma-config.com
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\program files\ma-config.com
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-27 09:15 . 2010-04-27 09:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Malwarebytes
2010-04-27 09:15 . 2010-04-27 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 09:14 . 2010-04-27 09:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 09:12 . 2010-04-27 08:12 -------- d-sh--w- c:\users\Marc Gilles\AppData\Roaming\lowsec
2010-04-27 08:20 . 2010-04-27 08:12 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\6F9E5444FE4BFD4576F143DADF5C5352
2010-04-25 14:33 . 2010-01-07 11:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\.easytag
2010-04-25 11:58 . 2010-04-25 11:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 20:49 . 2010-04-12 20:48 925449 ----a-w- c:\program files\av voice.rar
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 08:38 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-29 22:46 . 2010-04-27 09:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-27 09:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Marc Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Marc Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,2f,44,e7,3a,0e,cb,01
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-05 3375952]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-24 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{1E47E678-3EB3-45DF-AE37-56E55DC3B86D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED} = 80.10.246.130,80.10.246.3
FF - ProfilePath - c:\users\Marc Gilles\AppData\Roaming\Mozilla\Firefox\Profiles\m2qvheo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Recordpad - c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
MSConfigStartUp-skb - fzsumcjd.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 11:27
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\WUDFHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-06-18 11:32:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-18 09:32
ComboFix2.txt 2010-04-27 13:54
Avant-CF: 456 861 540 352 octets libres
Après-CF: 456 899 334 144 octets libres
- - End Of File - - 116F1862357127119C399CFD2C6AF779
Merci de nous respecter et de ne pas faire des up toutes les 10 minutes. ![:o]( ":o")
On est des bénévoles, et on aide sur notre temps de libre.
***
Tu l'a supprimé comment le rootkit?
***
Mettre combofix sur le bureau
Copier ce texte:
File::
C:\Windows\system32\Drivers\rjmpdyxl.sys
c:\windows\system32\zkdztsvmpxff.exe
Ouvrir le Bloc-Notes,
Clic-droit ==> coller.
Faire ==> fichier ==> enregistrer sous ==> choisir Bureau.
Le nommer CFScript.txt
Fermer le bloc-note.
Prendre le fichier CFScript.txt qui est sur le bureau par un clic gauche maintenue,
L'amener sur l'icône de Combofix et relacher le clic.
Combofix se relance seul.
Copier/coller le rapport
***
Ensuite redémarre et explique clairement les soucis qu'il reste.
On est des bénévoles, et on aide sur notre temps de libre.
***
Tu l'a supprimé comment le rootkit?
***
File::
C:\Windows\system32\Drivers\rjmpdyxl.sys
c:\windows\system32\zkdztsvmpxff.exe
***
Ensuite redémarre et explique clairement les soucis qu'il reste.
ComboFix 10-06-17.02 - Marc Gilles 18/06/2010 12:52:43.3.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2107 [GMT 2:00]
Lancé depuis: c:\users\Marc Gilles\Desktop\COlaF.exe
Commutateurs utilisés :: c:\users\Marc Gilles\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\Drivers\rjmpdyxl.sys"
"c:\windows\system32\zkdztsvmpxff.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\zkdztsvmpxff.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-18 au 2010-06-18 ))))))))))))))))))))))))))))))))))))
.
2010-06-18 10:58 . 2010-06-18 11:01 -------- d-----w- c:\users\Marc Gilles\AppData\Local\temp
2010-06-18 10:58 . 2010-06-18 10:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 10:58 . 2010-06-18 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 23:25 . 2010-06-17 23:25 -------- d-----w- c:\users\Marc Gilles\AppData\Local\Apps
2010-06-17 23:08 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-17 23:08 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-17 19:56 . 2010-06-17 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-17 19:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 17:50 . 2010-06-17 17:50 -------- d-----r- c:\users\Marc Gilles\Games
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Vista Game Explorer Editor
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 16:18 . 2010-06-17 16:18 -------- d-----w- c:\windows\system32\SPReview
2010-06-17 16:07 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-17 16:07 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-06-17 16:05 . 2009-04-10 21:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-06-17 16:04 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-06-17 16:00 . 2010-06-17 16:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 09:00 . 2010-06-17 09:00 -------- d-----w- c:\program files\CCleaner
2010-06-16 15:11 . 2010-06-16 15:11 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\OfficeRecovery
2010-06-16 14:01 . 2010-06-16 14:01 -------- d-----w- c:\programdata\THQ
2010-06-16 10:33 . 2010-06-16 10:41 -------- d-----w- c:\users\Marc Gilles\Nouveau dossier
2010-06-15 10:00 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\program files\QS
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TeamViewer
2010-06-14 19:20 . 2010-06-14 19:20 -------- d-----w- c:\users\Marc Gilles\temp
2010-06-14 08:33 . 2010-06-14 08:33 -------- d-----w- c:\programdata\McAfee
2010-06-12 22:57 . 2007-08-29 13:36 110592 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe
2010-06-10 08:30 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 07:06 . 2010-06-10 07:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Recordpad
2010-06-09 05:00 . 2010-06-09 05:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Software
2010-06-09 05:00 . 2007-08-29 13:36 74240 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\oggdec\oggdec.exe
2010-06-09 04:59 . 2010-06-09 04:59 -------- d-----w- c:\program files\NCH Software
2010-06-09 04:59 . 2010-06-16 15:10 -------- d-----w- c:\programdata\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 15:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 06:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Swift Sound
2010-06-07 20:08 . 2010-06-07 20:08 -------- d-----w- c:\program files\Megaupload
2010-06-07 19:52 . 2010-06-07 20:01 -------- d-----w- c:\programdata\DivX
2010-06-07 14:40 . 2010-06-07 14:40 -------- d-----w- c:\program files\iPod
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\program files\iTunes
2010-06-07 14:38 . 2010-06-07 14:38 -------- d-----w- c:\program files\QuickTime
2010-06-07 14:34 . 2010-06-07 14:34 -------- d-----w- c:\program files\Bonjour
2010-06-07 14:27 . 2010-06-07 14:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\dods.dll
2010-06-05 19:09 . 2010-06-05 19:09 24744 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\wow.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\cs.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-06-05 19:09 . 2010-06-05 19:09 22696 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\borderlands.dll
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-06-03 07:47 . 2010-06-17 18:45 -------- d-----r- c:\users\Marc Gilles\Logiciel
2010-06-03 06:48 . 2010-06-03 06:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-03 06:48 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 06:48 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-03 06:46 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-03 06:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-01 20:55 . 2010-06-01 20:55 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FOG Downloader
2010-06-01 20:55 . 2010-06-07 18:17 -------- d-----w- c:\program files\Runes of Magic
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-24 12:39 . 2010-05-24 12:39 85504 ----a-w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 11:01 . 2009-12-24 03:22 33449 ----a-w- c:\programdata\nvModes.dat
2010-06-18 10:55 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-18 10:55 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-18 08:31 . 2009-11-19 21:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Xfire
2010-06-18 00:21 . 2009-11-19 18:23 1356 ----a-w- c:\users\Marc Gilles\AppData\Local\d3d9caps.dat
2010-06-18 00:04 . 2009-11-29 11:49 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2010-06-17 23:13 . 2009-11-19 18:24 58616 ----a-w- c:\users\Marc Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-17 23:09 . 2009-12-20 17:23 -------- d-----w- c:\program files\gPotato.eu
2010-06-17 20:53 . 2009-11-20 05:23 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\vlc
2010-06-17 19:56 . 2010-03-03 21:05 -------- d-----w- c:\program files\Java
2010-06-17 17:01 . 2010-04-27 08:47 -------- d-----w- c:\program files\Spyware Doctor
2010-06-17 16:31 . 2009-11-19 18:28 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-17 16:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 15:57 . 2009-12-06 09:29 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-17 15:56 . 2009-12-06 09:29 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-17 13:03 . 2009-11-21 15:16 -------- d-----w- c:\program files\Steam
2010-06-17 13:02 . 2009-11-21 15:16 -------- d-----w- c:\program files\Common Files\Steam
2010-06-17 08:57 . 2009-11-25 17:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\gtk-2.0
2010-06-16 09:33 . 2009-12-06 13:59 -------- d-----w- c:\program files\Warcraft III
2010-06-14 20:56 . 2009-12-22 01:36 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Skype
2010-06-14 20:28 . 2009-12-22 01:38 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\skypePM
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\WindSolutions
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\programdata\WindSolutions
2010-06-07 20:08 . 2009-11-21 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 14:40 . 2009-12-18 20:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-05 19:59 . 2010-04-14 12:18 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Mumble
2010-06-04 14:14 . 2009-12-02 21:26 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\dvdcss
2010-06-03 16:30 . 2010-01-04 19:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-03 16:29 . 2009-11-19 21:00 -------- d-----w- c:\programdata\Xfire
2010-06-03 06:39 . 2009-11-19 21:00 -------- d-----w- c:\program files\Xfire
2010-06-01 19:07 . 2009-12-18 11:22 -------- d-----w- c:\program files\Metin2_France
2010-05-27 17:39 . 2009-11-29 14:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-10 08:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 11:33 . 2010-01-04 19:09 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TS3Client
2010-05-16 20:09 . 2010-05-16 20:08 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Notepad++
2010-05-16 20:08 . 2010-05-16 20:08 -------- d-----w- c:\program files\Notepad++
2010-05-10 01:02 . 2009-12-12 17:43 -------- d-----w- c:\program files\Google
2010-05-08 10:31 . 2010-05-08 09:01 -------- d-----w- c:\program files\E-anim
2010-05-04 05:59 . 2010-06-10 08:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\programdata\ma-config.com
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\program files\ma-config.com
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-27 09:15 . 2010-04-27 09:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Malwarebytes
2010-04-27 09:15 . 2010-04-27 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 09:14 . 2010-04-27 09:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 09:12 . 2010-04-27 08:12 -------- d-sh--w- c:\users\Marc Gilles\AppData\Roaming\lowsec
2010-04-27 08:20 . 2010-04-27 08:12 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\6F9E5444FE4BFD4576F143DADF5C5352
2010-04-25 14:33 . 2010-01-07 11:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\.easytag
2010-04-25 11:58 . 2010-04-25 11:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 20:49 . 2010-04-12 20:48 925449 ----a-w- c:\program files\av voice.rar
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 08:38 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-29 22:46 . 2010-04-27 09:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-27 09:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Marc Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Marc Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,2f,44,e7,3a,0e,cb,01
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-05 3375952]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-24 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{1E47E678-3EB3-45DF-AE37-56E55DC3B86D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED} = 80.10.246.130,80.10.246.3
FF - ProfilePath - c:\users\Marc Gilles\AppData\Roaming\Mozilla\Firefox\Profiles\m2qvheo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-zkdztsvmpxff - c:\windows\system32\zkdztsvmpxff.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 13:01
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-06-18 13:05:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-18 11:05
ComboFix2.txt 2010-06-18 09:32
ComboFix3.txt 2010-04-27 13:54
Avant-CF: 456 828 796 928 octets libres
Après-CF: 456 815 632 384 octets libres
- - End Of File - - B27E4A5B7AD5624C3664F1E20989C098
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2107 [GMT 2:00]
Lancé depuis: c:\users\Marc Gilles\Desktop\COlaF.exe
Commutateurs utilisés :: c:\users\Marc Gilles\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\Drivers\rjmpdyxl.sys"
"c:\windows\system32\zkdztsvmpxff.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\zkdztsvmpxff.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-18 au 2010-06-18 ))))))))))))))))))))))))))))))))))))
.
2010-06-18 10:58 . 2010-06-18 11:01 -------- d-----w- c:\users\Marc Gilles\AppData\Local\temp
2010-06-18 10:58 . 2010-06-18 10:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-18 10:58 . 2010-06-18 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 23:25 . 2010-06-17 23:25 -------- d-----w- c:\users\Marc Gilles\AppData\Local\Apps
2010-06-17 23:08 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-17 23:08 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-17 19:56 . 2010-06-17 19:56 -------- d-----w- c:\program files\Common Files\Java
2010-06-17 19:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-17 17:50 . 2010-06-17 17:50 -------- d-----r- c:\users\Marc Gilles\Games
2010-06-17 17:21 . 2010-06-17 17:21 -------- d-----w- c:\program files\Vista Game Explorer Editor
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 16:22 . 2010-06-17 16:23 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 16:18 . 2010-06-17 16:18 -------- d-----w- c:\windows\system32\SPReview
2010-06-17 16:07 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-06-17 16:07 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-06-17 16:05 . 2009-04-10 21:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-06-17 16:04 . 2009-04-10 21:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-06-17 16:00 . 2010-06-17 16:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 09:00 . 2010-06-17 09:00 -------- d-----w- c:\program files\CCleaner
2010-06-16 15:11 . 2010-06-16 15:11 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\OfficeRecovery
2010-06-16 14:01 . 2010-06-16 14:01 -------- d-----w- c:\programdata\THQ
2010-06-16 10:33 . 2010-06-16 10:41 -------- d-----w- c:\users\Marc Gilles\Nouveau dossier
2010-06-15 10:00 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\program files\QS
2010-06-14 19:21 . 2010-06-14 19:21 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TeamViewer
2010-06-14 19:20 . 2010-06-14 19:20 -------- d-----w- c:\users\Marc Gilles\temp
2010-06-14 08:33 . 2010-06-14 08:33 -------- d-----w- c:\programdata\McAfee
2010-06-12 22:57 . 2007-08-29 13:36 110592 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\aacenc\aacenc.exe
2010-06-10 08:30 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 07:06 . 2010-06-10 07:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Recordpad
2010-06-09 05:00 . 2010-06-09 05:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Software
2010-06-09 05:00 . 2007-08-29 13:36 74240 ----a-w- c:\users\Marc Gilles\AppData\Roaming\NCH Software\Components\oggdec\oggdec.exe
2010-06-09 04:59 . 2010-06-09 04:59 -------- d-----w- c:\program files\NCH Software
2010-06-09 04:59 . 2010-06-16 15:10 -------- d-----w- c:\programdata\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 15:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-09 04:58 . 2010-06-16 06:06 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\NCH Swift Sound
2010-06-07 20:08 . 2010-06-07 20:08 -------- d-----w- c:\program files\Megaupload
2010-06-07 19:52 . 2010-06-07 20:01 -------- d-----w- c:\programdata\DivX
2010-06-07 14:40 . 2010-06-07 14:40 -------- d-----w- c:\program files\iPod
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-07 14:40 . 2010-06-07 14:41 -------- d-----w- c:\program files\iTunes
2010-06-07 14:38 . 2010-06-07 14:38 -------- d-----w- c:\program files\QuickTime
2010-06-07 14:34 . 2010-06-07 14:34 -------- d-----w- c:\program files\Bonjour
2010-06-07 14:27 . 2010-06-07 14:27 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\dods.dll
2010-06-05 19:09 . 2010-06-05 19:09 24744 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\wow.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-06-05 19:09 . 2010-06-05 19:09 21672 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\cs.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-06-05 19:09 . 2010-06-05 19:09 25256 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-06-05 19:09 . 2010-06-05 19:09 22696 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\borderlands.dll
2010-06-05 19:09 . 2010-06-05 19:09 21160 ----a-w- c:\users\Marc Gilles\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-06-03 07:47 . 2010-06-17 18:45 -------- d-----r- c:\users\Marc Gilles\Logiciel
2010-06-03 06:48 . 2010-06-03 06:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-03 06:48 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 06:48 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-03 06:46 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-03 06:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-01 20:55 . 2010-06-01 20:55 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FOG Downloader
2010-06-01 20:55 . 2010-06-07 18:17 -------- d-----w- c:\program files\Runes of Magic
2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-24 12:39 . 2010-05-24 12:39 85504 ----a-w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-24 12:39 . 2010-05-24 12:39 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 11:01 . 2009-12-24 03:22 33449 ----a-w- c:\programdata\nvModes.dat
2010-06-18 10:55 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-18 10:55 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-18 08:31 . 2009-11-19 21:00 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Xfire
2010-06-18 00:21 . 2009-11-19 18:23 1356 ----a-w- c:\users\Marc Gilles\AppData\Local\d3d9caps.dat
2010-06-18 00:04 . 2009-11-29 11:49 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2010-06-17 23:13 . 2009-11-19 18:24 58616 ----a-w- c:\users\Marc Gilles\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-17 23:09 . 2009-12-20 17:23 -------- d-----w- c:\program files\gPotato.eu
2010-06-17 20:53 . 2009-11-20 05:23 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\vlc
2010-06-17 19:56 . 2010-03-03 21:05 -------- d-----w- c:\program files\Java
2010-06-17 17:01 . 2010-04-27 08:47 -------- d-----w- c:\program files\Spyware Doctor
2010-06-17 16:31 . 2009-11-19 18:28 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 16:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-17 16:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 15:57 . 2009-12-06 09:29 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-17 15:56 . 2009-12-06 09:29 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-17 13:03 . 2009-11-21 15:16 -------- d-----w- c:\program files\Steam
2010-06-17 13:02 . 2009-11-21 15:16 -------- d-----w- c:\program files\Common Files\Steam
2010-06-17 08:57 . 2009-11-25 17:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\gtk-2.0
2010-06-16 09:33 . 2009-12-06 13:59 -------- d-----w- c:\program files\Warcraft III
2010-06-14 20:56 . 2009-12-22 01:36 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Skype
2010-06-14 20:28 . 2009-12-22 01:38 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\skypePM
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\WindSolutions
2010-06-09 04:57 . 2010-01-11 18:50 -------- d-----w- c:\programdata\WindSolutions
2010-06-07 20:08 . 2009-11-21 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-07 14:40 . 2009-12-18 20:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-05 19:59 . 2010-04-14 12:18 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Mumble
2010-06-04 14:14 . 2009-12-02 21:26 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\dvdcss
2010-06-03 16:30 . 2010-01-04 19:06 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-03 16:29 . 2009-11-19 21:00 -------- d-----w- c:\programdata\Xfire
2010-06-03 06:39 . 2009-11-19 21:00 -------- d-----w- c:\program files\Xfire
2010-06-01 19:07 . 2009-12-18 11:22 -------- d-----w- c:\program files\Metin2_France
2010-05-27 17:39 . 2009-11-29 14:22 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\FileZilla
2010-05-26 17:06 . 2010-06-10 08:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 11:33 . 2010-01-04 19:09 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\TS3Client
2010-05-16 20:09 . 2010-05-16 20:08 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Notepad++
2010-05-16 20:08 . 2010-05-16 20:08 -------- d-----w- c:\program files\Notepad++
2010-05-10 01:02 . 2009-12-12 17:43 -------- d-----w- c:\program files\Google
2010-05-08 10:31 . 2010-05-08 09:01 -------- d-----w- c:\program files\E-anim
2010-05-04 05:59 . 2010-06-10 08:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\programdata\ma-config.com
2010-04-27 13:59 . 2009-11-21 20:49 -------- d-----w- c:\program files\ma-config.com
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-27 09:15 . 2010-04-27 09:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\Malwarebytes
2010-04-27 09:15 . 2010-04-27 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 09:14 . 2010-04-27 09:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-27 09:12 . 2010-04-27 08:12 -------- d-sh--w- c:\users\Marc Gilles\AppData\Roaming\lowsec
2010-04-27 08:20 . 2010-04-27 08:12 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\6F9E5444FE4BFD4576F143DADF5C5352
2010-04-25 14:33 . 2010-01-07 11:15 -------- d-----w- c:\users\Marc Gilles\AppData\Roaming\.easytag
2010-04-25 11:58 . 2010-04-25 11:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-16 06:33 . 2010-04-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 20:49 . 2010-04-12 20:48 925449 ----a-w- c:\program files\av voice.rar
2010-04-08 11:20 . 2010-04-08 11:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 08:38 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-29 22:46 . 2010-04-27 09:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-04-27 09:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Marc Gilles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Marc Gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-02 17:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-07 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,2f,44,e7,3a,0e,cb,01
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 135664]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-05 3375952]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-24 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 Vcs;Vcs support;c:\windows\system32\Drivers\Vcs.sys [2002-12-10 6852]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'Tâches planifiées'
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:43]
2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{1E47E678-3EB3-45DF-AE37-56E55DC3B86D}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {D1F672EE-60B6-44D6-BA64-DB1DA8FD17ED} = 80.10.246.130,80.10.246.3
FF - ProfilePath - c:\users\Marc Gilles\AppData\Roaming\Mozilla\Firefox\Profiles\m2qvheo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-zkdztsvmpxff - c:\windows\system32\zkdztsvmpxff.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 13:01
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-06-18 13:05:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-18 11:05
ComboFix2.txt 2010-06-18 09:32
ComboFix3.txt 2010-04-27 13:54
Avant-CF: 456 828 796 928 octets libres
Après-CF: 456 815 632 384 octets libres
- - End Of File - - B27E4A5B7AD5624C3664F1E20989C098
Alors enfaite sur Vista il y a un gestionnaire de jeu (ou explorateur de jeu),c'est une un sorte de dossier ou son mis les raccourci de jeu qui ont été installer.
Avant je m'en servais nikel ,mais depuis quelle jour je ne plus plus lancer les jeux avec un double clic (mais je peux avec le bouton "Lancer" dans le menu ,mais c'est pas pratique) ,je peux pas non plus faire de clic droit sur un icone (je le fait et rien ne se passe) et quand je sélectionne un icone et que j'appuie sur la touche "Supp" ,ba j'ai un petit son windows et rien ne sa passe.
Voilà !
Avant je m'en servais nikel ,mais depuis quelle jour je ne plus plus lancer les jeux avec un double clic (mais je peux avec le bouton "Lancer" dans le menu ,mais c'est pas pratique) ,je peux pas non plus faire de clic droit sur un icone (je le fait et rien ne se passe) et quand je sélectionne un icone et que j'appuie sur la touche "Supp" ,ba j'ai un petit son windows et rien ne sa passe.
Voilà !
Ok, on va regarder s'il ne reste pas autre chose:
Télécharge OTL(de OldTimer) sur ton Bureau.
Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
Coche également les cases à côté de Recherche Lop et Recherche Purity.
Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
Héberge les rapports, puis donne leurs liens.
Télécharge OTL(de OldTimer) sur ton Bureau.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBureau vide clic droit impossible
- ForumDisparition icone bureau xp clic droit impossible
- ForumExplorer.exe clic droit impossible
- ForumBureau sans icones et clic droit impossible
- ForumClic droit impossible sur le bureau
- ForumClic droit impossible
- ForumClic droit en anglais vista
- ForumMessage d'erreur clic droit vista
- ForumPas de nouveau sur clic droit vista
- ForumProbleme clic droit vista
- Voir plus
