Mon PC Rame A Mort...
Dernière réponse : dans Sécurité
Salut,
j'aurais besoin de quelques conseils, mon pc rame a mort avec un processeur sollicité à 100% et une barre de langue qui joue des tours, en effet, elle apparait et disparait intenpestivement lorsque je j'execute des programmes, je presume que c'est une saleté de troyen ou virus ou autre qui fout la groulle mais jusqu'ici mes multiples scan aussi bien en ligne que par mon antivirus n'en sont pas venu a bout...que faire svp?
j'aurais besoin de quelques conseils, mon pc rame a mort avec un processeur sollicité à 100% et une barre de langue qui joue des tours, en effet, elle apparait et disparait intenpestivement lorsque je j'execute des programmes, je presume que c'est une saleté de troyen ou virus ou autre qui fout la groulle mais jusqu'ici mes multiples scan aussi bien en ligne que par mon antivirus n'en sont pas venu a bout...que faire svp?
Autres pages sur : rame mort
Lassé par la pub ? Créez un compte
Bonjour
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)
1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
merci Sham_Rock
voici les log générés par DDS, CATCHME et A-SQUARED
DDS
DDS (Ver_09-12-01.01) - NTFSx86
Run by seb at 23:58:30,91 on 12/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1877 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\seb\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\splitcam toolbar\tbhelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\splitcam toolbar\tbcore3.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: SplitCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\splitcam toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Presto! PVR Monitor] c:\program files\newsoft\presto! pvr\Monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ChangeFilterMerit] c:\program files\newsoft\presto! pvr\ChangeFilterMerit.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\gprs.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\quickscan
Trusted Zone: eset32.fr\www
Trusted Zone: internet
Trusted Zone: live.com\onecare
Trusted Zone: mcafee.com
Trusted Zone: netflame.cc\ssl-hints
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\seb\appdata\roaming\mozilla\firefox\profiles\fx2wjf1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-6-26 72200]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 83208]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-2-9 360538]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-2-9 131160]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 153448]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-10 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S0 KAVBootC;KAVBootC;c:\windows\system32\drivers\KAVBootC.sys [2010-2-22 34856]
S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-26 183880]
S3 Flash1;Flash1;c:\swsetup\sp45070\winphlash\FLASH1.sys [2007-6-20 2816]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
============== File Associations ===============
txtfile=NotePad.exe "%1" %*
=============== Created Last 30 ================
2010-03-10 22:38:32 0 d-----w- c:\users\seb\appdata\roaming\Malwarebytes
2010-03-10 22:38:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 22:38:23 0 d-----w- c:\programdata\Malwarebytes
2010-03-10 22:38:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 22:38:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 02:49:30 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-03-10 02:49:28 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-03-10 02:16:03 0 d-----w- c:\program files\Spyware Doctor
2010-03-09 06:34:32 32170 ----a-w- C:\150120102224330797.jpg
2010-03-08 03:52:19 0 d-----w- c:\program files\CFWebAdvancedU
2010-03-07 20:13:01 0 d-----w- c:\windows\CheckSur
2010-03-07 14:18:41 0 d-----w- c:\program files\CpuBooster
2010-03-04 14:03:29 121 ----a-w- c:\windows\bdagent.INI
2010-03-04 13:36:22 293154406 ----a-w- c:\windows\MEMORY.DMP
2010-03-04 11:42:38 5014 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-02 17:46:48 0 d-----w- C:\NEU
2010-03-02 14:11:29 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2010-03-02 14:11:29 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-03-02 14:06:02 0 d-----w- c:\users\seb\appdata\roaming\BitDefender
2010-03-02 14:05:15 0 d-----w- c:\programdata\BitDefender
2010-03-02 14:04:18 0 d-----w- c:\program files\common files\BitDefender
2010-03-02 13:28:17 38 ----a-w- C:\BdUninstallTool2010.03.02-02.28.17.reg
2010-03-01 04:02:43 0 d-----w- c:\program files\KOS
2010-02-28 05:50:45 0 d-----w- c:\users\seb\appdata\roaming\ArcaVirMicroScan
2010-02-28 00:10:12 0 d-sh--w- C:\AUKDBA
2010-02-27 20:29:42 0 d-----w- c:\program files\snaline
2010-02-27 20:18:35 1433600 ----a-w- c:\windows\system32\Vet.dat
2010-02-27 20:18:15 337192 ----a-w- c:\windows\system32\arclib.dll
2010-02-27 20:17:06 1541416 ----a-w- c:\windows\system32\VetE.dll
2010-02-27 20:16:51 122496 ----a-w- c:\windows\system32\Inocmd32.exe
2010-02-27 20:16:38 139264 ----a-w- c:\windows\system32\InoScan.dll
2010-02-27 20:16:33 242 ----a-w- c:\windows\system32\siglist.bak
2010-02-27 19:16:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-27 05:40:24 0 d-----w- c:\users\seb\appdata\roaming\Jiangmin
2010-02-27 05:40:24 0 d-----w- c:\programdata\Jiangmin
2010-02-27 05:40:21 248352 ----a-w- c:\windows\system32\KVInstall_1.dll
2010-02-27 05:40:18 0 d-----w- C:\KV-Back.vir
2010-02-27 05:40:17 0 d-----w- c:\windows\KVLog
2010-02-27 04:51:09 0 d-----w- c:\users\seb\appdata\roaming\QuickScan
2010-02-27 04:03:34 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-25 23:38:12 0 d-----w- c:\users\seb\appdata\roaming\McAfee
2010-02-25 23:37:15 0 d-----w- c:\programdata\McAfee
2010-02-25 23:37:15 0 d-----w- c:\program files\McAfee
2010-02-22 20:40:04 0 d-----w- c:\users\seb\appdata\roaming\com.nasteo.IziContactMessenger1.63A678EB4F5C581A207AE085D2B2ADCFD60BF90E.1
2010-02-22 20:39:32 0 d-----w- c:\program files\IziDate Messenger
2010-02-22 01:38:00 0 d-----w- c:\programdata\F-Secure
2010-02-22 00:27:27 0 d-----w- c:\program files\PCPitstop
2010-02-21 23:17:04 17920 ----a-w- c:\windows\system32\ATSpy.sys
2010-02-21 23:17:02 34856 ----a-w- c:\windows\system32\drivers\KAVBootC.sys
2010-02-21 22:55:29 0 d-----w- c:\programdata\Kingsoft
2010-02-21 22:55:18 0 d-----w- c:\program files\kingsoft
2010-02-21 06:19:40 0 d-----w- c:\programdata\CA
2010-02-20 21:43:20 0 d---a-w- c:\programdata\Temp
2010-02-16 01:53:54 0 d-----w- c:\programdata\WindowsSearch
2010-02-13 01:52:00 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-13 01:44:21 0 d-----w- c:\program files\Clean Up
2010-02-11 01:51:16 0 d-----w- c:\programdata\Google
==================== Find3M ====================
2010-03-12 22:13:20 48513 ----a-w- c:\programdata\nvModes.dat
2010-03-09 21:14:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-09 21:14:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-09 21:14:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-04 19:37:53 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-04 19:37:51 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-04 19:37:39 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-04 19:37:08 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-03-04 11:42:39 718018 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-04 11:42:39 138374 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-26 03:26:02 174 --sha-w- c:\program files\desktop.ini
2010-02-09 17:35:28 14 ----a-w- c:\windows\system32\drivers\S810
2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-02 06:10:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-27 23:04:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-27 00:35:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-12-27 00:35:41 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-12-26 22:41:39 10405104 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2009-12-26 22:33:20 12486656 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-12-23 04:05:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-08-11 07:24:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-08-11 07:24:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-08-11 07:24:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-08-11 07:24:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-11 07:29:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 23:58:51,59 ===============
CATCHME
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 23:34:05
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186307768]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
A-SQUARED
MalAware - Version 1.0.0.4
Dernière mise à jour : 03/03/2010 23:13:59
Paramètres du balayage :
Type de balayage : Balayage Rapide
Objets : Mémoire, Traces
Nettoyage : Désactiver
Début du balayage : 04/03/2010 07:50:57
Déjà scanné
Fichiers : 506
Traces : 50333
Cookies : 0
Processus : 99
Trouvé
Fichiers : 0
Traces : 0
Cookies : 0
Processus : 0
Fin du balayage : 04/03/2010 07:51:53
Durée du 00:00:56
voici les log générés par DDS, CATCHME et A-SQUARED
DDS
DDS (Ver_09-12-01.01) - NTFSx86
Run by seb at 23:58:30,91 on 12/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1877 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\system32\CLWatson.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Windows\system32\CLWatson.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\seb\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
uSearch Bar =
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\splitcam toolbar\tbhelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\splitcam toolbar\tbcore3.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: SplitCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\splitcam toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Presto! PVR Monitor] c:\program files\newsoft\presto! pvr\Monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ChangeFilterMerit] c:\program files\newsoft\presto! pvr\ChangeFilterMerit.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\gprs.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: bitdefender.com\quickscan
Trusted Zone: eset32.fr\www
Trusted Zone: internet
Trusted Zone: live.com\onecare
Trusted Zone: mcafee.com
Trusted Zone: netflame.cc\ssl-hints
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\seb\appdata\roaming\mozilla\firefox\profiles\fx2wjf1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-6-26 72200]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 83208]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-2-9 360538]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-2-9 131160]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 153448]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-10 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S0 KAVBootC;KAVBootC;c:\windows\system32\drivers\KAVBootC.sys [2010-2-22 34856]
S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-26 183880]
S3 Flash1;Flash1;c:\swsetup\sp45070\winphlash\FLASH1.sys [2007-6-20 2816]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
============== File Associations ===============
txtfile=NotePad.exe "%1" %*
=============== Created Last 30 ================
2010-03-10 22:38:32 0 d-----w- c:\users\seb\appdata\roaming\Malwarebytes
2010-03-10 22:38:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 22:38:23 0 d-----w- c:\programdata\Malwarebytes
2010-03-10 22:38:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 22:38:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 02:49:30 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-03-10 02:49:28 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-03-10 02:16:03 0 d-----w- c:\program files\Spyware Doctor
2010-03-09 06:34:32 32170 ----a-w- C:\150120102224330797.jpg
2010-03-08 03:52:19 0 d-----w- c:\program files\CFWebAdvancedU
2010-03-07 20:13:01 0 d-----w- c:\windows\CheckSur
2010-03-07 14:18:41 0 d-----w- c:\program files\CpuBooster
2010-03-04 14:03:29 121 ----a-w- c:\windows\bdagent.INI
2010-03-04 13:36:22 293154406 ----a-w- c:\windows\MEMORY.DMP
2010-03-04 11:42:38 5014 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-02 17:46:48 0 d-----w- C:\NEU
2010-03-02 14:11:29 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2010-03-02 14:11:29 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-03-02 14:06:02 0 d-----w- c:\users\seb\appdata\roaming\BitDefender
2010-03-02 14:05:15 0 d-----w- c:\programdata\BitDefender
2010-03-02 14:04:18 0 d-----w- c:\program files\common files\BitDefender
2010-03-02 13:28:17 38 ----a-w- C:\BdUninstallTool2010.03.02-02.28.17.reg
2010-03-01 04:02:43 0 d-----w- c:\program files\KOS
2010-02-28 05:50:45 0 d-----w- c:\users\seb\appdata\roaming\ArcaVirMicroScan
2010-02-28 00:10:12 0 d-sh--w- C:\AUKDBA
2010-02-27 20:29:42 0 d-----w- c:\program files\snaline
2010-02-27 20:18:35 1433600 ----a-w- c:\windows\system32\Vet.dat
2010-02-27 20:18:15 337192 ----a-w- c:\windows\system32\arclib.dll
2010-02-27 20:17:06 1541416 ----a-w- c:\windows\system32\VetE.dll
2010-02-27 20:16:51 122496 ----a-w- c:\windows\system32\Inocmd32.exe
2010-02-27 20:16:38 139264 ----a-w- c:\windows\system32\InoScan.dll
2010-02-27 20:16:33 242 ----a-w- c:\windows\system32\siglist.bak
2010-02-27 19:16:31 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-27 05:40:24 0 d-----w- c:\users\seb\appdata\roaming\Jiangmin
2010-02-27 05:40:24 0 d-----w- c:\programdata\Jiangmin
2010-02-27 05:40:21 248352 ----a-w- c:\windows\system32\KVInstall_1.dll
2010-02-27 05:40:18 0 d-----w- C:\KV-Back.vir
2010-02-27 05:40:17 0 d-----w- c:\windows\KVLog
2010-02-27 04:51:09 0 d-----w- c:\users\seb\appdata\roaming\QuickScan
2010-02-27 04:03:34 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-25 23:38:12 0 d-----w- c:\users\seb\appdata\roaming\McAfee
2010-02-25 23:37:15 0 d-----w- c:\programdata\McAfee
2010-02-25 23:37:15 0 d-----w- c:\program files\McAfee
2010-02-22 20:40:04 0 d-----w- c:\users\seb\appdata\roaming\com.nasteo.IziContactMessenger1.63A678EB4F5C581A207AE085D2B2ADCFD60BF90E.1
2010-02-22 20:39:32 0 d-----w- c:\program files\IziDate Messenger
2010-02-22 01:38:00 0 d-----w- c:\programdata\F-Secure
2010-02-22 00:27:27 0 d-----w- c:\program files\PCPitstop
2010-02-21 23:17:04 17920 ----a-w- c:\windows\system32\ATSpy.sys
2010-02-21 23:17:02 34856 ----a-w- c:\windows\system32\drivers\KAVBootC.sys
2010-02-21 22:55:29 0 d-----w- c:\programdata\Kingsoft
2010-02-21 22:55:18 0 d-----w- c:\program files\kingsoft
2010-02-21 06:19:40 0 d-----w- c:\programdata\CA
2010-02-20 21:43:20 0 d---a-w- c:\programdata\Temp
2010-02-16 01:53:54 0 d-----w- c:\programdata\WindowsSearch
2010-02-13 01:52:00 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-13 01:44:21 0 d-----w- c:\program files\Clean Up
2010-02-11 01:51:16 0 d-----w- c:\programdata\Google
==================== Find3M ====================
2010-03-12 22:13:20 48513 ----a-w- c:\programdata\nvModes.dat
2010-03-09 21:14:35 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-09 21:14:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-09 21:14:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-04 19:37:53 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-04 19:37:51 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-04 19:37:39 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-04 19:37:08 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-03-04 11:42:39 718018 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-04 11:42:39 138374 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-26 03:26:02 174 --sha-w- c:\program files\desktop.ini
2010-02-09 17:35:28 14 ----a-w- c:\windows\system32\drivers\S810
2010-02-02 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-02 06:10:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-27 23:04:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-27 00:35:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-12-27 00:35:41 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-12-26 22:41:39 10405104 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2009-12-26 22:33:20 12486656 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-12-23 04:05:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-08-11 07:24:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-08-11 07:24:35 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-08-11 07:24:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-08-11 07:24:35 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-11 07:29:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 23:58:51,59 ===============
CATCHME
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 23:34:05
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186307768]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186307768]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
A-SQUARED
MalAware - Version 1.0.0.4
Dernière mise à jour : 03/03/2010 23:13:59
Paramètres du balayage :
Type de balayage : Balayage Rapide
Objets : Mémoire, Traces
Nettoyage : Désactiver
Début du balayage : 04/03/2010 07:50:57
Déjà scanné
Fichiers : 506
Traces : 50333
Cookies : 0
Processus : 99
Trouvé
Fichiers : 0
Traces : 0
Cookies : 0
Processus : 0
Fin du balayage : 04/03/2010 07:51:53
Durée du 00:00:56
bonsoir
Désactive l'UAC le temps de la désinfection.
Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
Choisis la langue F pour français.
Au menu principal, choisis l'option L.
/!\ Laisse travailler l'outil /!\
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Cette saloperie me bloque meme antimalware ce dernier plan en plein scan....help
voila le log AD-R
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15/03/10 à 17:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:31:02 le 16/03/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows Vista™ HomeBasic Service Pack 2
Nom du PC: PC-DE-SEB | Utilisateur actuel: seb (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Program Files\Ask & Record Toolbar
C:\Program Files\Ask.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ask & Record Toolbar
C:\Users\Administrateur\AppData\LocalLow\AskToolbar
C:\Users\seb\AppData\LocalLow\AskToolbar
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
.
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\AppDataLow\Software\AskToolbar
HKCU\Software\Ask.com
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\ComObject.DeskbarEnabler
HKLM\Software\Classes\ComObject.DeskbarEnabler.1
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\Software\Viewpoint
HKU\.DEFAULT\Software\Ask.com
HKU\S-1-5-18\Software\Ask.com
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\TaskScheduler.exe
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6 (fr) *
.
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.download.lastDir: C:\\Users\\seb\\Desktop
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.search.defaultenginename: Google
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}?s_src=newtab
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Users\seb\AppData\Roaming\HouseCall 6.6\patch.exe
C:\Users\seb\Favorites\Newpharma Patches.url
.
========================================
.
C:\Users\seb\AppData\Local\Temp: 158 Fichier(s), 17 Dossier(s)
C:\Windows\temp: 30 Fichier(s), 25 Dossier(s)
C:\Users\seb\AppData\Roaming\Microsoft\Windows\Cookies: 48 Fichier(s), 2 Dossier(s)
Temporary Internet Files: 425 Fichier(s), 49 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 5566 Octet(s)
.
Fin à: 12:35:31, 16/03/2010
.
============== E.O.F - SCAN[1] ==============
voila le log AD-R
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,A | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 15/03/10 à 17:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:31:02 le 16/03/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
Système d'exploitation: Microsoft® Windows Vista™ HomeBasic Service Pack 2
Nom du PC: PC-DE-SEB | Utilisateur actuel: seb (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Program Files\Ask & Record Toolbar
C:\Program Files\Ask.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ask & Record Toolbar
C:\Users\Administrateur\AppData\LocalLow\AskToolbar
C:\Users\seb\AppData\LocalLow\AskToolbar
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar
.
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\AppDataLow\Software\AskToolbar
HKCU\Software\Ask.com
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\ComObject.DeskbarEnabler
HKLM\Software\Classes\ComObject.DeskbarEnabler.1
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\Software\Viewpoint
HKU\.DEFAULT\Software\Ask.com
HKU\S-1-5-18\Software\Ask.com
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\GenericAskToolbar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Ask.com\TaskScheduler.exe
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6 (fr) *
.
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.download.lastDir: C:\\Users\\seb\\Desktop
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.search.defaultenginename: Google
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/
C:\Users\seb\..\fx2wjf1f.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Presario&pf=cnnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: hxxp://www.bigseekpro.com/splitcam/{591DF08E-57E8-48C0-861B-CE2350D905CA}?s_src=newtab
Blank: res://mshtml.dll/blank.htm
.
============== SUSPECT(S) ==============
.
C:\Users\seb\AppData\Roaming\HouseCall 6.6\patch.exe
C:\Users\seb\Favorites\Newpharma Patches.url
.
========================================
.
C:\Users\seb\AppData\Local\Temp: 158 Fichier(s), 17 Dossier(s)
C:\Windows\temp: 30 Fichier(s), 25 Dossier(s)
C:\Users\seb\AppData\Roaming\Microsoft\Windows\Cookies: 48 Fichier(s), 2 Dossier(s)
Temporary Internet Files: 425 Fichier(s), 49 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 5566 Octet(s)
.
Fin à: 12:35:31, 16/03/2010
.
============== E.O.F - SCAN[1] ==============
je me retrouve avec des erreur de page internet explorer du genre
cet objet ne gere pas cette propriété ou cette methode
combo ligne 12
code 0 character 2157
URI: http://yui.yahooapis.com/combo?2.7.0/build etc....
et tout une collection
cet objet ne gere pas cette propriété ou cette methode
combo ligne 12
code 0 character 2157
URI: http://yui.yahooapis.com/combo?2.7.0/build etc....
et tout une collection
re
1
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
Choisis la langue F pour français.
Au menu principal, choisis l'option Nettoyer.
/!\ Laisse travailler l'outil /!\
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
2
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
1
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
2
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Lassé par la pub ? Créez un compte
