S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
412 utilisateurs connectés
Forum de 01net / Sécurité / j'ai un virus qui change mes recherche dans google

j'ai un virus qui change mes recherche dans google

mastodonde le 13 octobre 2008 à 18h36
bonjour j'ai un virus qui m'envoye toujours sur une page quand je vais sur google et dit que ce se site qui ma infester et il n'arrete pas de le faire sur chaque recherche
-->Message édité par mastodonde le 14/10/2008 04:12:48<--
répondre
naheulbeuk le 14 octobre 2008 à 07h33
bonjour,

Télécharge ComboFix (créé par sUBs) sur ton Bureau

Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)


  • Double clique combofix.exe.
  • Tape sur la touche 1 pour démarrer le scan puis laisse toi guider.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

    • NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    :super:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    répondre
    mastodonde le 15 octobre 2008 à 00h00
    ComboFix 08-10-14.03 - Propriétaire 2008-10-14 18:09:24.1 - NTFSx86 MINIMAL
    Lancé depuis: C:\Users\Propriétaire\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\PROPRI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Search Online.url
    C:\Users\PROPRI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\VIP Casino.url
    C:\Users\PROPRI~1\FAVORI~1\Search Online.url
    C:\Users\PROPRI~1\FAVORI~1\VIP Casino.url
    C:\Users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Search Online.url
    C:\Users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\VIP Casino.url
    C:\Users\Propriétaire\Favorites\Search Online.url
    C:\Users\Propriétaire\Favorites\VIP Casino.url
    C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    C:\Windows\k.txt
    C:\Windows\system32\c.ico
    C:\Windows\system32\m.ico
    C:\Windows\system32\msysamd32.dll
    C:\Windows\system32\s.ico

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans ce laps de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 22:12 51,380,224 --sha-w C:\Users\Propriétaire\NTUSER.DAT
    2008-10-14 22:12 51,380,224 --sha-w C:\Users\Propriétaire\NTUSER.DAT
    2008-10-14 22:04 --------- dc--a-w C:\PROGRA~2\TEMP
    2008-10-14 22:04 --------- dc----w C:\Program Files\Spyware Doctor
    2008-10-14 21:47 --------- dc----w C:\Program Files\Steam
    2008-10-14 03:32 --------- dc----w C:\PROGRA~2\TrackMania
    2008-10-13 16:37 --------- dc----w C:\Program Files\Illusion
    2008-10-13 16:29 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Azureus
    2008-10-13 16:29 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Azureus
    2008-10-11 16:20 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Adobe
    2008-10-11 00:20 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\LimeWire
    2008-10-11 00:20 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\LimeWire
    2008-10-11 00:19 --------- dc----w C:\Program Files\MagicDisc
    2008-10-10 21:35 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\BudgetExpress 3
    2008-10-10 21:35 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\BudgetExpress 3
    2008-10-10 21:28 --------- dc----w C:\Program Files\BudgetExpress 3
    2008-10-10 21:26 --------- dc----w C:\Program Files\Documents To Go
    2008-10-10 02:52 --------- dc----w C:\Program Files\Common Files\Steam
    2008-10-10 00:53 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Nexon
    2008-10-10 00:53 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Nexon
    2008-10-10 00:52 --------- dc----w C:\Program Files\Common Files\INCA Shared
    2008-10-08 01:13 --------- dc----w C:\Program Files\iTunes
    2008-10-08 01:13 --------- dc----w C:\Program Files\iPod
    2008-10-08 01:13 --------- dc----w C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-08 01:12 --------- dc----w C:\Program Files\Bonjour
    2008-10-06 21:01 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Screaming Bee
    2008-10-06 21:01 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Screaming Bee
    2008-10-06 02:04 --------- dc----w C:\PROGRA~2\Screaming Bee
    2008-10-06 01:59 --------- dc----w C:\Program Files\Screaming Bee
    2008-10-05 22:14 472,576 -c--a-w C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe
    2008-10-05 22:14 --------- dc----w C:\Program Files\Nvidia Omega Drivers
    2008-10-05 02:05 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Ventrilo
    2008-10-05 02:05 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Ventrilo
    2008-10-05 00:35 --------- dc----w C:\Program Files\Ventrilo
    2008-10-05 00:34 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-04 20:05 --------- dc----w C:\Program Files\Autodesk
    2008-10-03 03:46 --------- dc----w C:\Program Files\Lavasoft
    2008-10-02 01:11 139,664 -c--a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-10-02 01:11 111,928 -c--a-w C:\Windows\System32\PnkBstrB.exe
    2008-10-01 23:36 107,888 -c--a-w C:\Windows\System32\CmdLineExt.dll
    2008-10-01 22:31 --------- dc----w C:\PROGRA~2\WinZip
    2008-09-29 02:47 --------- dc----w C:\Program Files\Common Files\Autodesk Shared
    2008-09-28 21:13 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-09-28 21:03 86,016 -c--a-w C:\Windows\System32\OpenAL32.dll
    2008-09-28 21:03 262,144 -c--a-w C:\Windows\System32\wrap_oal.dll
    2008-09-28 20:51 --------- dc----w C:\Program Files\Aspyr Media, Inc
    2008-09-28 20:16 --------- dc----w C:\Program Files\LimeWire
    2008-09-28 20:05 --------- dc----w C:\Program Files\QuickTime
    2008-09-28 20:05 --------- dc----w C:\Program Files\Common Files\Apple
    2008-09-28 20:04 --------- dc----w C:\Program Files\Apple Software Update
    2008-09-28 19:45 --------- dc----w C:\PROGRA~2\Lx_cats
    2008-09-28 19:32 --------- dc----w C:\Program Files\Palm
    2008-09-28 02:04 --------- dc----w C:\Program Files\Starcraft
    2008-09-27 23:17 67,584 -c--a-w C:\Windows\ScUnin.exe
    2008-09-21 20:11 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\SPORE
    2008-09-21 20:11 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\SPORE
    2008-09-20 21:07 --------- dc----w C:\Program Files\Electronic Arts
    2008-09-20 20:35 7,096 -c--a-w C:\Windows\System32\ealregsnapshot1.reg
    2008-09-20 20:35 --------- dc----w C:\PROGRA~2\Electronic Arts
    2008-09-19 21:50 --------- dcs---w C:\Users\Propriétaire\AppData\Roaming\Microsoft
    2008-09-16 21:08 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Lexmark Productivity Studio
    2008-09-16 21:08 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Lexmark Productivity Studio
    2008-09-10 20:45 --------- dc----w C:\Program Files\Microsoft Works
    2008-09-07 17:22 --------- dc----w C:\Program Files\Lexmark 3500-4500 Series
    2008-09-07 16:22 --------- dc----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-09-07 03:40 --------- dc----w C:\Program Files\BestGameEver
    2008-09-06 02:30 --------- dc----w C:\Program Files\Common Files\logishrd
    2008-09-06 02:28 --------- dc----w C:\Program Files\Logitech
    2008-09-06 02:28 --------- dc----w C:\PROGRA~2\Logishrd
    2008-09-06 02:07 --------- dc----w C:\PROGRA~2\Logitech
    2008-09-01 20:57 --------- dc----w C:\Program Files\Trend Micro
    2008-09-01 15:36 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Media Center Programs
    2008-09-01 15:36 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Media Center Programs
    2008-09-01 02:02 --------- dc----w C:\Users\Propriétaire\AppData\Roaming\Apple Computer
    2008-09-01 02:02 --------- dc----w C:\Users\PROPRI~1\AppData\Roaming\Apple Computer
    2008-08-29 14:18 87,336 -c--a-w C:\Windows\System32\dns-sd.exe
    2008-08-29 13:53 61,440 -c--a-w C:\Windows\System32\dnssd.dll
    2008-08-28 17:18 --------- dc----w C:\Program Files\EA GAMES
    2008-08-26 14:22 --------- dc----w C:\Program Files\Bethesda Softworks
    2008-08-22 14:32 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-21 19:26 --------- dc----w C:\Program Files\LimewireFasterDownloads
    2008-08-20 19:26 --------- dc----w C:\Program Files\Abbyy FineReader 6.0 Sprint
    2008-08-20 07:08 --------- dc----w C:\Program Files\Microsoft Silverlight
    2008-08-19 02:49 --------- dc----w C:\Program Files\SDFix
    2008-08-17 19:01 38,472 -c--a-w C:\Windows\system32\drivers\mbamswissarmy.sys
    2008-08-17 19:01 17,144 -c--a-w C:\Windows\system32\drivers\mbam.sys
    2008-08-17 02:46 --------- dc----w C:\Program Files\Windows Mail
    2008-08-02 03:26 36,864 -c--a-w C:\Windows\System32\cdd.dll
    2008-07-31 06:57 6,656 -c--a-w C:\Windows\System32\haspvdd.dll
    2008-07-31 03:32 460,288 -c--a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 28,160 -c--a-w C:\Windows\System32\Apphlpdm.dll
    2008-07-31 03:32 2,154,496 -c--a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 -c--a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-31 01:13 4,240,384 -c--a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-07-26 15:26 490,008 -c--a-w C:\Windows\System32\LVUI2.dll
    2008-07-26 15:26 465,432 -c--a-w C:\Windows\System32\LVUI2RC.dll
    2008-07-26 15:23 416,280 -c--a-w C:\Windows\System32\LVCodec2.dll
    2008-07-26 15:23 195,096 -c--a-w C:\Windows\System32\lvci11801048.dll
    2008-07-26 14:46 25,974 -c--a-w C:\Windows\System32\Repository.reg
    2008-07-19 05:10 53,448 -c--a-w C:\Windows\System32\wuauclt.exe
    2008-01-29 22:36 220 -csha-w C:\Windows\dwin.sys
    2008-03-30 00:37 16,384 -csha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    2008-03-27 03:31 32,768 -csha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032620080327\index.dat
    2008-03-28 21:24 32,768 -csha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032820080329\index.dat
    2008-03-30 00:37 32,768 -csha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032920080330\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
    "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 180269]
    "FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
    "lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\WINDOWS\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    C:\Users\Propri‚taire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-10-10 575488]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2008-01-19 28672]
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 1392640]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-10-01 389120]

    C:\Users\PROPRI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-10-10 575488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "SENTINEL"= snti386.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E5517AD5-C1E5-43A4-903A-E581430A9A38}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9950FF94-BE49-4F38-BA1A-98A84C27243F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{5DD50EFD-7F7D-428A-9829-618EC419ED05}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{1109411C-0752-47AB-89A4-70AF37B96A29}C:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
    "UDP Query User{CF6E310A-084B-45C8-ACAB-7A20DF73397C}C:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
    "TCP Query User{FB420198-A85F-47F2-B36A-0BDD3D3314F3}C:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
    "UDP Query User{92673B73-694A-4DA5-A80D-84BE002C3152}C:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
    "TCP Query User{C977385D-4445-4200-AAF4-3F7B41BB26A7}C:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
    "UDP Query User{017460F6-1C49-467B-A5D7-6124729324D8}C:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
    "TCP Query User{EB7913C3-5497-440B-8F52-6A3764565B7B}C:\\program files\\ea games\\mohaa\\moh_breakthrough.exe"= UDP:C:\program files\ea games\mohaa\moh_breakthrough.exe:Medal of Honor Allied Assault(tm) Breakthrough
    "UDP Query User{E9513991-FBF2-4931-9A57-0EAEFF4746FC}C:\\program files\\ea games\\mohaa\\moh_breakthrough.exe"= TCP:C:\program files\ea games\mohaa\moh_breakthrough.exe:Medal of Honor Allied Assault(tm) Breakthrough
    "TCP Query User{17807D8D-AE17-4BD4-B89A-7276B2E68D1A}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "UDP Query User{D2E2CE20-09E1-49FC-9E94-EC96F57145AB}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "TCP Query User{91646EE5-969A-49D9-8D0B-E03F8B6E5963}C:\\program files\\call of duty game of the year edition\\coduomp.exe"= UDP:C:\program files\call of duty game of the year edition\coduomp.exe:CoDUOMP
    "UDP Query User{E06533D1-A19A-4CAB-ABCC-865B68BACBE3}C:\\program files\\call of duty game of the year edition\\coduomp.exe"= TCP:C:\program files\call of duty game of the year edition\coduomp.exe:CoDUOMP
    "TCP Query User{78CE9069-20A6-4199-ABD2-DBD76A907819}C:\\program files\\steam\\steamapps\\common\\trackmania united\\tmunited.exe"= UDP:C:\program files\steam\steamapps\common\trackmania united\tmunited.exe:TmUnited
    "UDP Query User{09D77CE5-5D3C-4365-A4B6-C41B05D7F29B}C:\\program files\\steam\\steamapps\\common\\trackmania united\\tmunited.exe"= TCP:C:\program files\steam\steamapps\common\trackmania united\tmunited.exe:TmUnited
    "TCP Query User{23CD5EDD-D717-4800-B376-6EBD0E446B3C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{36A47FD7-A5C3-44F8-B1A9-B7DB01FF8C79}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{0A42D086-AA95-447B-B422-DE7E538FE485}C:\\program files\\steam\\steamapps\\mastodonde\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\day of defeat source\hl2.exe:hl2
    "UDP Query User{9890CB92-D9A2-4CC9-B891-4DC442B856FD}C:\\program files\\steam\\steamapps\\mastodonde\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\day of defeat source\hl2.exe:hl2
    "TCP Query User{4620F004-A337-4DB5-AC89-3D19A1BD1914}C:\\program files\\call of duty game of the year edition\\codmp.exe"= UDP:C:\program files\call of duty game of the year edition\codmp.exe:CoDMP
    "UDP Query User{0DD3DE9D-7EF6-428C-BAA6-3CB3032ED412}C:\\program files\\call of duty game of the year edition\\codmp.exe"= TCP:C:\program files\call of duty game of the year edition\codmp.exe:CoDMP
    "TCP Query User{917A6E31-71F0-43DF-BAED-4F0CBE34A9B7}C:\\program files\\steam\\steamapps\\common\\flatout2\\flatout2.exe"= UDP:C:\program files\steam\steamapps\common\flatout2\flatout2.exe:FlatOut2
    "UDP Query User{79D14AEA-F3E7-465C-B48C-7CDF570D8710}C:\\program files\\steam\\steamapps\\common\\flatout2\\flatout2.exe"= TCP:C:\program files\steam\steamapps\common\flatout2\flatout2.exe:FlatOut2
    "TCP Query User{36CBFE26-6690-4BCF-BCFF-B8C505F52E09}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
    "UDP Query User{2CDDED1F-4638-42B4-A147-507232AA3233}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
    "TCP Query User{FE7E380C-EE68-4F9F-B787-59B9FE14277D}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{5DAFA31C-6E59-4631-B3FC-B1AA44D390F2}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "{833A351C-FFA1-4ECA-B875-442E48B24AD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1B655591-4432-4B7B-9B32-B7BCBB9A448E}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{53513163-D30E-4E5D-B01F-D46A024EFD85}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
    "{2C924E3C-D038-41B6-9F57-7A41AA0AF14B}"= UDP:C:\Users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
    "{77F747CE-87B5-4A21-86D6-E8D6FE4B92CF}"= TCP:C:\Users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
    "{548DE02C-2A34-46B5-9884-37B1E394E878}"= UDP:C:\WINDOWS\System32\lxdicfg.exe:Printer Communication System
    "{3E49D333-2121-4244-85A8-DD71EA1C4CCF}"= TCP:C:\WINDOWS\System32\lxdicfg.exe:Printer Communication System
    "{0D864DD7-0FC0-477E-AE3C-F5475428E36F}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{276A91F6-0536-4E5E-B9AB-5A04CD409EB1}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{CE003CBC-DC10-4AB0-9C5D-AF26D9B09715}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{082142F4-4732-42FF-9873-31C819B3F860}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{F96CC7DC-5F05-4E28-959C-E2627549C748}"= UDP:C:\WINDOWS\System32\lxdiih.exe:Printer Communication System
    "{62F58B2E-B26F-4914-BBBF-2213D90D9665}"= TCP:C:\WINDOWS\System32\lxdiih.exe:Printer Communication System
    "{92434384-A92B-4BDB-AACD-172F5728C9AE}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{1369D0B8-5975-4DB8-8FF5-BA89CAFBC63D}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{6863B992-C2D9-4914-8F7B-663B486EA715}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{4D39E4FA-3376-4A3E-B3D8-C1590EF548C9}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "TCP Query User{69C9A7D0-53EB-4BFC-8C80-EB95E0875F41}C:\\program files\\steam\\steamapps\\common\\trackmania united\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania united\tmforever.exe:TmForever
    "UDP Query User{558295FD-4BDE-47F1-B977-90D5132CBE49}C:\\program files\\steam\\steamapps\\common\\trackmania united\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania united\tmforever.exe:TmForever
    "TCP Query User{50F53A4B-BDF9-4DD8-B9AC-B39A8E3BEDA8}C:\\users\\propriétaire\\appdata\\local\\temp\\rar$ex02.338\\counterstrike2d.exe"= UDP:C:\users\propriétaire\appdata\local\temp\rar$ex02.338\counterstrike2d.exe:counterstrike2d.exe
    "UDP Query User{10DC0FB4-1B6F-4B4C-AE23-F7A7B389553D}C:\\users\\propriétaire\\appdata\\local\\temp\\rar$ex02.338\\counterstrike2d.exe"= TCP:C:\users\propriétaire\appdata\local\temp\rar$ex02.338\counterstrike2d.exe:counterstrike2d.exe
    "{1DAB318E-841F-4E83-9558-2715B2A58CDE}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{72741D36-7892-4CB4-B381-D3B2E520616C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{F80D73A9-050B-43E7-BEB2-FF1D84FF9FF4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{EE2687D8-7831-47A5-8E36-0996D39A284E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "TCP Query User{E2E36D9E-E697-4DA1-A8C7-F828D77170C9}C:\\program files\\autodesk\\maya 8.5 personal learning edition\\bin\\maya.exe"= UDP:C:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe:Maya
    "UDP Query User{39C55C72-E129-449A-A14E-F3014BBD3BB6}C:\\program files\\autodesk\\maya 8.5 personal learning edition\\bin\\maya.exe"= TCP:C:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe:Maya
    "{F4F49337-C10F-46E5-9AEE-892F3E05F41E}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
    "{FE66343E-BB2C-47EA-AB83-0E65E26BB7E1}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
    "TCP Query User{08B5BB22-BFEF-442E-8088-B9D6DDB75F5E}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "UDP Query User{1C756A81-4A15-4088-AB5C-D2AD9752B0D4}C:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:C:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
    "TCP Query User{A4DA7BF6-94EF-4B34-AE58-4F47093AD2D1}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{136C90B5-5672-4F7E-847C-A60FE0A68C1A}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
    "{759DCD55-4BD5-4651-80AA-CB8B13106C7C}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{A23A55CA-ECF6-4F0F-86DD-6F21DF8A8DA9}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
    "{2E990026-19B3-4852-923E-C692E46D2FBD}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{897AC39F-A5C1-42BF-A680-EB537865C953}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
    "{36B635F0-EB72-4094-AB13-937B9D6E1D90}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
    "{BF558922-F8D6-4BBF-9D94-43791C986EE1}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
    "TCP Query User{3DDBCE1D-4656-46A1-8E17-2A10135F88A6}C:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= UDP:C:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
    "UDP Query User{18536736-3936-4520-AF39-1AF3950B10D1}C:\\program files\\ea games\\command & conquer generals zero hour\\game.dat"= TCP:C:\program files\ea games\command & conquer generals zero hour\game.dat:game.dat
    "{C5F6522A-4337-43F3-AE85-9699F694210E}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
    "{47919CD0-7AB0-4B33-B362-0A976C31C6F1}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
    "{07A851BD-F743-4038-9E23-F9E5F9DB80E3}"= UDP:C:\Users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
    "{3EB8E6EF-0EBC-4180-A8B6-03D852F2926A}"= TCP:C:\Users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
    "TCP Query User{37C2E56A-C6D7-46CA-8CC6-7719149E9283}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya
    "UDP Query User{16ACB2C9-CD0D-44E8-AB07-8D978A40AD36}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya
    "TCP Query User{1A4C41B9-CF7E-42B0-A734-CBE331DE3355}C:\\program files\\steam\\steamapps\\mastodonde\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\half-life 2 deathmatch\hl2.exe:hl2
    "UDP Query User{B1AC948B-DB13-4E40-A988-9C83D08994D9}C:\\program files\\steam\\steamapps\\mastodonde\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\half-life 2 deathmatch\hl2.exe:hl2
    "TCP Query User{E24E9148-6FB5-4938-9BE3-7F55DC4C9860}C:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
    "UDP Query User{195EEF21-F54C-4EDF-8EAB-E85468D1BCE4}C:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
    "{1BDF298F-F883-4D82-947D-FA20F57C0A00}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{B4BB621F-7BEF-4E49-93C4-D0D02612035C}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{6FC70A40-59A8-48F5-94DB-9B977B3E15D7}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{EA0ADBCF-55C3-429D-91F0-0CB2A84AD0C6}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{734D14BE-5DCE-489D-BF1E-13F8B6C927C7}"= UDP:C:\WINDOWS\System32\lxdicoms.exe:Lexmark Communications System
    "{7D04F181-A884-4E19-B7E7-F975E133F905}"= TCP:C:\WINDOWS\System32\lxdicoms.exe:Lexmark Communications System
    "{4D875B5E-06DF-475F-AA00-DBA1104893F4}"= UDP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window
    "{73BE0D99-1E72-43DA-A8D8-EA6E8AB5BADD}"= TCP:C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window
    "TCP Query User{20A89D8E-7E36-4153-BAD7-6604191ECED3}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
    "UDP Query User{646C5F22-6649-4BE9-87A8-5BC45324B478}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
    "TCP Query User{4F71085B-5E0D-4F06-9344-1A595C8E9DE7}C:\\users\\propriétaire\\documents\\azureus downloads\\counter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\propriétaire\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe
    "UDP Query User{F87567F8-9F64-42EE-8CB9-CC649281AA7E}C:\\users\\propriétaire\\documents\\azureus downloads\\counter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\propriétaire\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe
    "TCP Query User{5BDD4604-4CEA-4AF4-ADA5-9904BD27615E}C:\\users\\propriétaire\\desktop\\counter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\propriétaire\desktop\counter-strike 1.6 + half-life\hl.exe:hl.exe
    "UDP Query User{EA075761-F0E0-49F8-8680-F70CE1CA19E5}C:\\users\\propriétaire\\desktop\\counter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\propriétaire\desktop\counter-strike 1.6 + half-life\hl.exe:hl.exe
    "TCP Query User{322905A9-D55D-4D94-8E19-736A4390173D}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{9D9711A6-0FE2-471A-A8E4-A10A670544F9}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "TCP Query User{47FD5E6D-02C7-437C-B2A0-6803176A420C}C:\\program files\\steam\\steamapps\\cptbobox\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\cptbobox\counter-strike source\hl2.exe:hl2
    "UDP Query User{70885A22-102B-4C3D-88DE-46731057CED2}C:\\program files\\steam\\steamapps\\cptbobox\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\cptbobox\counter-strike source\hl2.exe:hl2
    "TCP Query User{9ACD5D6B-08EB-4349-A01A-8AE1D6703501}C:\\program files\\codemasters\\rf online;\\rf.exe"= UDP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
    "UDP Query User{084B8471-B8A7-406E-888E-BA7886334696}C:\\program files\\codemasters\\rf online;\\rf.exe"= TCP:C:\program files\codemasters\rf online;\rf.exe:RFLauncher
    "TCP Query User{B8F9EACF-CD6D-40B6-9C81-116E338C1DAC}C:\\program files\\steam\\steamapps\\cptbobox\\garrysmod\\hl2.exe"= UDP:C:\program files\steam\steamapps\cptbobox\garrysmod\hl2.exe:hl2
    "UDP Query User{28D209B3-D40E-419C-BD4E-2CAC1B17E710}C:\\program files\\steam\\steamapps\\cptbobox\\garrysmod\\hl2.exe"= TCP:C:\program files\steam\steamapps\cptbobox\garrysmod\hl2.exe:hl2
    "TCP Query User{C3617F6D-F4D2-4CE9-AE53-22B809251CD7}C:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
    "UDP Query User{4DB74290-5BF8-43F0-9253-6E5F88310DA4}C:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
    "TCP Query User{F528DE7A-A986-4A2C-820D-C0623FE7E738}C:\\users\\propriétaire\\desktop\\duke nukem 3d winxp & vista (original no mod) - internet multiplayer ready. this is not dnf or forever\\duke3d\\eduke32.exe"= UDP:C:\users\propriétaire\desktop\duke nukem 3d winxp & vista (original no mod) - internet multiplayer ready. this is not dnf or forever\duke3d\eduke32.exe:eduke32.exe
    "UDP Query User{DEFC4648-10D4-4FC5-816D-C6DCAF14DB8A}C:\\users\\propriétaire\\desktop\\duke nukem 3d winxp & vista (original no mod) - internet multiplayer ready. this is not dnf or forever\\duke3d\\eduke32.exe"= TCP:C:\users\propriétaire\desktop\duke nukem 3d winxp & vista (original no mod) - internet multiplayer ready. this is not dnf or forever\duke3d\eduke32.exe:eduke32.exe
    "TCP Query User{9F58F6F7-D9B5-4B7E-B20D-CD644756BE37}C:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
    "UDP Query User{E0AC4CD0-21AF-4664-8940-C2C5A48F820B}C:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
    "TCP Query User{9F94B1BF-5F94-4DF8-A037-81E06497C5CC}C:\\program files\\steam\\steamapps\\mastodonde\\diprip warm up\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\diprip warm up\hl2.exe:hl2
    "UDP Query User{40B06D08-D7F0-45FC-BA18-A8C1DCE267C7}C:\\program files\\steam\\steamapps\\mastodonde\\diprip warm up\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\diprip warm up\hl2.exe:hl2
    "TCP Query User{446550C6-D15C-4C5D-B763-D22E58F5FD74}C:\\program files\\steam\\steamapps\\mastodonde\\age of chivalry\\hl2.exe"= UDP:C:\program files\steam\steamapps\mastodonde\age of chivalry\hl2.exe:hl2
    "UDP Query User{1D4BE4E4-67B4-4E28-B5C5-122B1454717E}C:\\program files\\steam\\steamapps\\mastodonde\\age of chivalry\\hl2.exe"= TCP:C:\program files\steam\steamapps\mastodonde\age of chivalry\hl2.exe:hl2
    "{8743567F-91C2-438C-AAB4-AA7C13779CF6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{16B9D476-53E3-47DE-A806-285E389BCD8E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{0F30E0E3-D86A-44BD-8B84-2530913CCA9C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{D31E5992-DE25-4C56-9719-0C03366B0518}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

    S1 pctfw2;pctfw2;C:\WINDOWS\System32\drivers\pctfw2.sys [2008-08-05 160792]
    S2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-06-11 517040]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    S2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe [2008-01-11 148768]
    S3 LVRS;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
    S3 NETw2v32;Pilote de connexion réseau PRO/Sans fil 2200BG Intel(R) pour Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2008-05-16 21920]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-09 87288]
    S3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    rsmsvcs REG_MULTI_SZ ntmssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee19d7fc-a452-11dc-a16f-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe

    *Newly Created Service* - ECACHE
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-HotSync - C:\Program Files\PalmSource\Desktop\HotSync.exe
    HKLM-RunOnce-<NO NAME> - (no file)


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Users\PROPRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\xitjxg19.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.jeuxvideo.com/etajvbis.htm|http://www.funny-games.biz/|http://www.newgrounds.com/
    FF -: plugin - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-14 18:12:35
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-14 18:13:54
    ComboFix-quarantined-files.txt 2008-10-14 22:13:23
    ComboFix2.txt 2008-07-02 22:52:42

    Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Après-CF: 214,023,061,504 octets libres

    339 --- E O F --- 2008-09-25 21:11:59
    -->Message édité par mastodonde le 15/10/2008 01:06:04<--
    répondre
    naheulbeuk le 15 octobre 2008 à 07h36
    bonjour,

    Télécharge HijackThis

    Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php

    Clique alors sur "Do a system scan and save a logfile"
    Le scan se fait très rapidement, puis un bloc-note apparaît
    (le "logfile")
    Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
    le texte est alors séléctionné, retourne dans "Edition" toujours
    en laissant le texte séléctionné, et clique sur copier.
    Colle le contenu ici dans ta prochaine réponse !

    ;)
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    répondre
    mastodonde le 15 octobre 2008 à 23h55
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:55:04, on 2008-10-15
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CISVC.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\Windows\system32\lxdicoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\cidaemon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Propriétaire\Desktop\Nouveau dossier\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\msfeedssync.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10599 bytes
    répondre
    naheulbeuk le 16 octobre 2008 à 07h32
    bonjour, :)

    Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
    Aide : http://www.site-naheulbeuk.com/malwarebytes.php
    Post moi le rapport généré à la fin dans ta prochaine réponse :)

    :super:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    répondre
    mastodonde le 17 octobre 2008 à 01h25
    "OUIIIIIIIIIN SA LA PRIS 2h50"

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1077
    Windows 6.0.6001 Service Pack 1

    19:24:04 2008-10-16
    mbam-log-10-16-2008 (19-24-04).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 318020
    Temps écoulé: 2 hour(s), 42 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    répondre
    naheulbeuk le 17 octobre 2008 à 09h55
    bonjour, tu as encore des soucis ? :)
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    répondre
    mastodonde le 17 octobre 2008 à 23h05
    non merci
    répondre
    naheulbeuk le 18 octobre 2008 à 11h12
    nickel :super:

  • Suppression des outils :

    • Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner-34055291-avis-opinion(...)

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    Tutorial ici : http://bibou0007.com/tutos-f45/tutorial-toolscleaner-2-t375.htm

  • Supprime tous les rapports qui sont apparus lors des divers scans
  • Edite ton premier post avec < inclued picture > et mets [resolu] devant le titre de ton sujet.

  • Voici quelques liens pour des conseils en sécurité :

    • Mon site Web sur la sécurité informatique !
    Comment protéger son PC pour éviter d'être infecté ?

    < inclued picture >

    Prends le temps de les lire car elles sont très enréchissantes.

  • Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapporte ton infection :
    • - Voir les règles de Malware-Complaints
    - Enregistre sur le forum à partir du bouton register en haut :
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

    Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=553

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://malwarecomplaints.info/phpBB3/viewtopic.php?f=10&t=123

    au plaisir et bon week end :hello:
    -------
    Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
    Et son forum : http://www.site-naheulbeuk.com/forum/
    répondre


    PRODUITS

    TÉLÉCHARGER - LOGICIELS

    JEUX VIDÉOS

    LOISIRS

    01NET PRO

    AVIS ET COMMENTAIRES

    A PROPOS DE 01NET

    Forum de 01net / Sécurité / j'ai un virus qui change mes recherche dans google
    publicité
    > Nouveauté :
    Norton 2010
    Cette année optez pour une sécurité maximale.

    Service 01net
    Newsletters 01net
    abonnez vous gratuitement !
    Actus
    Voir le dernier numéro
    Entreprise
    Voir le dernier numéro
      
    01Informatique
    01 INFORMATIQUE
    L'hebdo de référence des décideurs informatiques.
    Micro Hebdo
    MICRO HEBDO
    L'hebdo qui vous simplifie la micro
    et Internet.
    L'Ordinateur Individuel
    L'ORDINATEUR INDIVIDUEL
    Le mensuel informatique qui vous informe et vous conseille.
    Nous contacter  |  Charte de confiance  |  Voir notice légale

    01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
    Tous droits réservés © 1999 - 2009 Internext - 01net.