Sujet Précédent Sujet Suivant

Pb ac explorer a résoudre d'urgence !!

charly38 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

jai un pb ac certain films lorsque j'ouvre le dossier où ils sont jai un message qui s'affiche " explorer.exe a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru. "

et tout ce ferme donc je ne peux pas accéder aux films, j'ai le meme probleme ac une clé USB a partir du moment ou je copie le film dessu le message s'affiche et puis plus rien...

Aidez moi s'il vous plait !!!!!
Merci d'avance ;)
A voir également:

14 réponses

Réponse 1 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

_________________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
charly38
 
Jai fait ce ke tu m'a dit voila le log.txt:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Vasthie at 2008-12-20 21:02:50
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (3%) free of 153 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:59, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Charly\Mes documents\RSIT.exe
C:\Program Files\trend micro\Vasthie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsnJKz/X5Xzq+7LZ4TLBnbOWNLs/vnWAx1OhewiYSyY22ubI9JDxEm+CItrH9zzjlPOmOdzvbW7Lj+em5uYAezs4jviBl0EN4XySD7hwImTJYPiy4QV4wtichU4cL/KFIzJOVBNOn+GBOU9GtZbscwcxXnWQoyiR8
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: rightonadz browser optimizer - {61c292ce-8943-627d-caf4-9df62e320287} - C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {877B3841-7F5D-4678-8285-7CA6F59C8D7C} - C:\WINDOWS\system32\CML.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adssite - {9c6377dd-7e96-2a40-54d8-2379fbc4cb81} - C:\WINDOWS\system32\nsw29.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsx25.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
O2 - BHO: (no name) - {A9343327-2631-6100-8D1C-D22C29498E18} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wkwyksg] "c:\windows\system32\wkwyksg.exe" wkwyksg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKCU\..\Run: [zomfucfpld] c:\windows\system32\zomfucfpld.exe zomfucfpld
O4 - HKCU\..\Run: [keggddsjzy] c:\windows\system32\keggddsjzy.exe keggddsjzy
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oucmy] "c:\windows\system32\oucmy.exe" oucmy
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Charly')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Charly')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 User Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 User Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Charly')
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Default user')
O4 - .DEFAULT Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://ssl.mgeups.com/vdesk/cachecleaner.cab#version=6010,2007,0223,0315
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ssl.mgeups.com/f5-w-687474703a2f2f446f6d30322e6d67657570732e636f6d$$/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://ssl.mgeups.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0330,0846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://ssl.mgeups.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://ssl.mgeups.com/vdesk/terminal/urxhost.cab#version=6010,2007,0330,0250
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 2 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

__________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\nsw29.dll
C:\WINDOWS\system32\nsx25.dll
c:\windows\system32\wkwyksg.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\Program Files\Fichiers communs\DriveCleaner Free
c:\windows\system32\zomfucfpld.exe
c:\windows\system32\keggddsjzy.exe
c:\windows\system32\oucmy.exe
C:\WINDOWS\system32\rwinnldm.exe
C:\WINDOWS\system32\kmdsrngm.exe
C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61c292ce-8943-627d-caf4-9df62e320287}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{877B3841-7F5D-4678-8285-7CA6F59C8D7C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9343327-2631-6100-8D1C-D22C29498E18}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wkwyksg"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SDR6V_Check"=-
"WA6PV_Check"=-
"zomfucfpld"=-
"keggddsjzy"=-
"oucmy"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
*shinigami* Messages postés 3 Statut Membre
 
ya un pb ac combofix il me met : " erreur de nom CFscript "
0
Réponse 3 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
alors:

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau
sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix
0
Réponse 4 / 14
*shinigami* Messages postés 3 Statut Membre
 
Voila le rapport de combofix:

ComboFix 08-12-20.05 - Charly 2008-12-21 19:49:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.425 [GMT 1:00]
Lancé depuis: c:\documents and settings\Charly\Bureau\antibagle.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware370
c:\documents and settings\All Users\Application Data\Starware370\buttons\findit_music.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\lyrics.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\music_search.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\radio.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware370\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware370\Tem535.tmp
c:\documents and settings\Charly\Application Data\Adssite Advanced Toolbar
c:\documents and settings\Charly\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
c:\documents and settings\Charly\Application Data\Adssite Advanced Toolbar\selected.xml
c:\documents and settings\Charly\Application Data\DriveCleaner Free
c:\documents and settings\Charly\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\Charly\Application Data\Starware370
c:\documents and settings\Charly\Application Data\Starware370\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Charly\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Configurator\Configurator.xml
c:\documents and settings\Charly\Application Data\Starware370\Configurator\Configurator.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Games\GamesOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Games\GamesOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Games\images\active\Games0.bmp
c:\documents and settings\Charly\Application Data\Starware370\Layouts\ToolbarLayout.xml
c:\documents and settings\Charly\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Manager\ManagerOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Manager\ManagerOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Marketing4\images\active\Marketing40.bmp
c:\documents and settings\Charly\Application Data\Starware370\Marketing4\Marketing4Options.xml
c:\documents and settings\Charly\Application Data\Starware370\Marketing4\Marketing4Options.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Movies\images\active\Movies0.bmp
c:\documents and settings\Charly\Application Data\Starware370\Movies\MoviesOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Movies\MoviesOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Radio_FR\Radio_FROptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Charly\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\Toolbar\TBProductsOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Charly\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Charly\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Charly\err.log
c:\documents and settings\Charly\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
c:\documents and settings\Charly\Menu Démarrer\Programmes\Démarrage\TA_Start.lnk
c:\documents and settings\Charly\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\Charly\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
c:\documents and settings\Charly\ResErrors.log
c:\documents and settings\Ellyne\Application Data\DriveCleaner Free
c:\documents and settings\Ellyne\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\Ellyne\Application Data\ShoppingReport
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\persist.dbs
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Ellyne\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Ellyne\Application Data\Starware370
c:\documents and settings\Ellyne\Application Data\Starware370\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Ellyne\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Configurator\Configurator.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Configurator\Configurator.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Games\GamesOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Games\GamesOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Games\images\active\Games0.bmp
c:\documents and settings\Ellyne\Application Data\Starware370\Layouts\ToolbarLayout.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Manager\ManagerOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Manager\ManagerOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Marketing4\images\active\Marketing40.bmp
c:\documents and settings\Ellyne\Application Data\Starware370\Marketing4\Marketing4Options.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Marketing4\Marketing4Options.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Movies\images\active\Movies0.bmp
c:\documents and settings\Ellyne\Application Data\Starware370\Movies\MoviesOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Movies\MoviesOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Radio_FR\Radio_FROptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Ellyne\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\Toolbar\TBProductsOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Ellyne\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Ellyne\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Ellyne\err.log
c:\documents and settings\Ellyne\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
c:\documents and settings\Ellyne\Menu Démarrer\Programmes\Démarrage\TA_Start.lnk
c:\documents and settings\Ellyne\ResErrors.log
c:\documents and settings\Vasthie\Application Data\ShoppingReport
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\persist.dbs
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Vasthie\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Vasthie\Application Data\Starware370
c:\documents and settings\Vasthie\Application Data\Starware370\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Vasthie\Application Data\Starware370\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Configurator\Configurator.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Configurator\Configurator.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Games\GamesOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Games\GamesOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Games\images\active\Games0.bmp
c:\documents and settings\Vasthie\Application Data\Starware370\Layouts\ToolbarLayout.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Lyrics_FR\Lyrics_FROptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Manager\ManagerOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Manager\ManagerOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Marketing4\images\active\Marketing40.bmp
c:\documents and settings\Vasthie\Application Data\Starware370\Marketing4\Marketing4Options.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Marketing4\Marketing4Options.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Movies\images\active\Movies0.bmp
c:\documents and settings\Vasthie\Application Data\Starware370\Movies\MoviesOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Movies\MoviesOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Music_Search_FR\Music_Search_FROptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Radio_FR\Radio_FROptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Radio_FR\Radio_FROptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Vasthie\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\Toolbar\TBProductsOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Vasthie\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Vasthie\Application Data\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Vasthie\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
c:\documents and settings\Vasthie\Menu Démarrer\Programmes\Démarrage\ta_start.lnk
c:\program files\Adssite Advanced Toolbar
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\messengerskinner
c:\program files\messengerskinner\download\defaultPack.cab
c:\program files\messengerskinner\MessengerSkinner.url
c:\program files\messengerskinner\MessengerSkinnerDll.dll
c:\program files\messengerskinner\resources\appconfig.xml
c:\program files\messengerskinner\resources\btn.rgn
c:\program files\messengerskinner\resources\btnBnr.rgn
c:\program files\messengerskinner\resources\btnIn.rgn
c:\program files\messengerskinner\resources\btnInNormal.bmp
c:\program files\messengerskinner\resources\btnInOver.bmp
c:\program files\messengerskinner\resources\btnNormal.bmp
c:\program files\messengerskinner\resources\btnNormal.gif
c:\program files\messengerskinner\resources\btnNormalBnr.bmp
c:\program files\messengerskinner\resources\btnNormalBnr.gif
c:\program files\messengerskinner\resources\btnOver.bmp
c:\program files\messengerskinner\resources\btnOver.gif
c:\program files\messengerskinner\resources\btnOverBnr.bmp
c:\program files\messengerskinner\resources\btnOverBnr.gif
c:\program files\messengerskinner\resources\languages.xml
c:\program files\VirusGarde
c:\program files\VirusGarde\history.db
c:\windows\b.exe
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\pack.epk
c:\windows\smdat32m.sys
c:\windows\system32\adssite-remove.exe
c:\windows\system32\ammekom.dat
c:\windows\system32\ammekom_nav.dat
c:\windows\system32\ammekom_navps.dat
c:\windows\system32\BReWErS.dll
c:\windows\system32\mgeci.dat
c:\windows\system32\mgeci.exe
c:\windows\system32\mgeci_nav.dat
c:\windows\system32\mgeci_navps.dat
c:\windows\system32\msnav32.ax
c:\windows\system32\nsx25.dll
c:\windows\system32\nvs2.inf
c:\windows\system32\opcrarejt.dat
c:\windows\system32\opcrarejt_nav.dat
c:\windows\system32\opcrarejt_navps.dat
c:\windows\system32\oucmy.dat
c:\windows\system32\oucmy.exe
c:\windows\system32\oucmy_nav.dat
c:\windows\system32\oucmy_navps.dat
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\UpMedia
c:\windows\system32\winpfz32.sys
c:\windows\system32\winpfz33.sys
c:\windows\system32\wkwyksg.dat
c:\windows\system32\wkwyksg.exe
c:\windows\system32\wkwyksg_nav.dat
c:\windows\system32\wkwyksg_navps.dat
c:\windows\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FOPF
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 ))))))))))))))))))))))))))))))))))))
.

2008-12-21 15:18 . 2008-12-21 19:32 <REP> d-------- C:\ComboFix
2008-12-20 21:02 . 2008-12-20 21:03 <REP> d-------- C:\rsit
2008-12-20 21:02 . 2008-12-20 21:02 <REP> d-------- c:\program files\trend micro
2008-12-17 18:11 . 2008-12-17 18:11 <REP> d-------- c:\program files\SFR
2008-12-11 07:49 . 2008-12-11 07:50 1,393 --a------ c:\windows\imsins.BAK
2008-11-27 15:31 . 2008-11-27 15:31 675,328 --a------ c:\windows\system32\nsk16.dll
2008-11-26 18:26 . 2008-11-26 18:26 <REP> d-------- c:\program files\iTunes
2008-11-26 18:26 . 2008-11-26 18:26 <REP> d-------- c:\program files\iPod
2008-11-26 18:26 . 2008-11-26 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 18:26 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-26 18:26 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-26 18:25 . 2008-11-26 18:26 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-11-26 18:25 . 2008-11-26 18:25 <REP> d-------- c:\program files\Bonjour
2008-11-26 18:25 . 2008-11-26 18:25 <REP> d-------- c:\program files\Apple Software Update
2008-11-26 18:25 . 2008-11-26 18:25 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-26 18:23 . 2008-11-26 18:23 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-26 18:23 . 2008-11-26 18:23 1,409 --a------ c:\windows\QTFont.for
2008-11-26 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-24 22:01 . 2007-07-16 11:58 29,480 --------- c:\windows\system32\InstHelper.dll
2008-11-24 22:00 . 2008-11-24 22:00 <REP> d-------- c:\program files\Fichiers communs\Deterministic Networks
2008-11-24 22:00 . 2008-11-24 22:00 <REP> d-------- c:\program files\Cisco Systems
2008-11-24 22:00 . 2007-07-16 11:57 306,299 --a------ c:\windows\system32\drivers\CVPNDRVA.sys
2008-11-24 22:00 . 2007-07-16 11:58 197,408 --a------ c:\windows\system32\vpnapi.dll
2008-11-24 22:00 . 2007-07-16 11:58 193,312 --a------ c:\windows\system32\CSGina.dll
2008-11-24 22:00 . 2007-01-24 01:23 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-24 22:00 . 2007-01-24 01:23 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-24 22:00 . 2007-01-18 15:28 5,275 --a------ c:\windows\system32\drivers\CVirtA.sys
2008-11-24 22:00 . 2008-11-24 22:01 8 --a------ c:\windows\system32\success

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 18:39 --------- d-----w c:\documents and settings\Charly\Application Data\LimeWire
2008-12-21 08:23 53,946 ----a-w c:\windows\system32\cont_adssite-remove.exe
2008-12-10 19:05 37,440 ----a-w c:\windows\system32\drivers\pssdklbf.drv
2008-12-10 19:05 30,272 ----a-w c:\windows\system32\drivers\pssdk31.drv
2008-12-05 17:52 --------- d-----w c:\documents and settings\Charly\Application Data\Apple Computer
2008-12-02 21:24 53,248 ----a-w c:\windows\fados.exe
2008-12-02 20:42 --------- d-----w c:\documents and settings\Charly\Application Data\U3
2008-11-26 17:26 --------- d-----w c:\documents and settings\Ellyne\Application Data\Apple Computer
2008-11-26 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-26 17:25 --------- d-----w c:\program files\QuickTime
2008-11-26 17:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 17:36 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-20 20:41 --------- d-----w c:\program files\San Andreas Mod Installer
2008-11-19 20:54 --------- d-----w c:\program files\Fichiers communs\AOL
2008-11-19 20:43 --------- d-----w c:\program files\KM Remote
2008-11-19 20:38 --------- d-----w c:\program files\YouTube Video Downloader
2008-11-19 20:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-19 20:37 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-19 20:37 --------- d-----w c:\program files\GXTranscoder.net AWE
2008-11-19 20:37 --------- d-----w c:\program files\DivX
2008-11-19 20:37 --------- d-----w c:\program files\Counter-Strike Source
2008-11-19 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-17 17:59 --------- d-----w c:\program files\Steam
2008-11-17 15:36 96,088 ----a-w c:\windows\system32\isizpmuktly.dll-uninst.exe
2008-11-09 18:10 720,896 ----a-w c:\windows\iun6002ev.exe
2008-11-06 19:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-05 14:26 --------- d-----w c:\program files\TrackMania Nations ESWC
2008-11-02 19:20 --------- d-----w c:\program files\Copernic Desktop Search 2
2008-10-29 23:08 --------- d-----w c:\documents and settings\Charly\Application Data\Leadertech
2008-10-29 23:07 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-29 23:06 --------- d-----w c:\program files\Logitech
2008-10-29 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-10-28 12:18 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 19:45 45,056 ----a-w c:\windows\system32\drivers\CBUSB.SYS
2008-10-21 19:45 43,520 ----a-w c:\windows\system32\CBNDLL.DLL
2008-10-21 19:45 376,832 ----a-w c:\windows\system32\MPIWIN32.DLL
2008-10-21 17:31 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-02 08:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-06-27 19:51 555 ----a-w c:\documents and settings\Charly\Application Data\internaldb8467.dat
2008-06-27 19:51 374 ----a-w c:\documents and settings\Charly\Application Data\internaldb6334.dat
2008-06-27 19:51 18,432 ----a-w c:\documents and settings\Charly\Application Data\internaldb41.dat
2008-05-17 15:48 251 ----a-w c:\program files\wt3d.ini
2007-09-12 16:37 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-09-12 16:32 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2008-08-29 08:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082920080830\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
2008-11-27 15:31 675328 --a------ c:\windows\system32\nsk16.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-09-18 1698816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-11-24 1544984]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-11-10 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 16:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax
"VIDC.ZMBV"= zmbv.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Games\\Motocross Madness 2\\MCM2.EXE"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Charly\\Mes documents\\TMNEX\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Documents and Settings\\Charly\\Mes documents\\Mes jeux\\Pure\\Pure.Multi-3.Full-Rip.Skullptura.lahrech\\Pure\\Pure.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-07-24 882688]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-07-24 7040]
S3 ldiskl;ldiskl;\??\c:\docume~1\Charly\LOCALS~1\Temp\ldiskl.sys []
S3 PsSdk31;PsSdk31;\??\c:\windows\system32\Drivers\pssdk31.drv [2008-09-16 30272]
S3 PsSdkLBF;PsSdkLBF;\??\c:\windows\system32\Drivers\pssdklbf.drv [2008-09-16 37440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c316f650-7975-11dc-a449-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MSd355.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdb6fcae-e93a-11dc-a51b-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e279c48c-c090-11dd-a6b0-00161787ad66}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{61c292ce-8943-627d-caf4-9df62e320287} - c:\windows\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll
BHO-{877B3841-7F5D-4678-8285-7CA6F59C8D7C} - c:\windows\system32\CML.dll
BHO-{A9343327-2631-6100-8D1C-D22C29498E18} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-wkwyksg - c:\windows\system32\wkwyksg.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

c:\windows\Downloaded Program Files\CONFLICT.1\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\CONFLICT.1\OSDED4D.OSD

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.extrafilm.fr/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\igloader.dll - O16 -: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A}
hxxp://www.miniclip.com/igloader/igloader.CAB
c:\windows\Downloaded Program Files\igloader.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 19:55:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rsvp.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-12-21 20:01:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-21 19:01:37

Avant-CF: 3 922 751 488 octets libres
Après-CF: 5,563,232,256 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

501 --- E O F --- 2008-12-18 21:52:39
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
c:\windows\system32\cont_adssite-remove.
c:\windows\fados.exe
c:\windows\system32\nsk16.dll
:reg
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

_______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
*shinigami*
 
voila rapport de OTMovIt:

========== FILES ==========
File/Folder c:\windows\system32\cont_adssite-remove. not found.
c:\windows\fados.exe moved successfully.
c:\windows\system32\nsk16.dll unregistered successfully.
c:\windows\system32\nsk16.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Charly\LOCALS~1\Temp\hsperfdata_Charly\9276 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Charly\LOCALS~1\Temp\Perflib_Perfdata_524.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_202837

Files moved on Reboot...
File C:\DOCUME~1\Charly\LOCALS~1\Temp\hsperfdata_Charly\9276 not found!
File C:\DOCUME~1\Charly\LOCALS~1\Temp\Perflib_Perfdata_524.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
0
*shinigami* Messages postés 3 Statut Membre
 
Pour info : j'ai toujours le meme pb.. -_-
0
Réponse 6 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
usbfix et rsit?
0
shinigami38
 
Jai fait ce ke tu m'a dit voila le log.txt:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Vasthie at 2008-12-20 21:02:50
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (3%) free of 153 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:59, on 20/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Charly\Mes documents\RSIT.exe
C:\Program Files\trend micro\Vasthie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: rightonadz browser optimizer - {61c292ce-8943-627d-caf4-9df62e320287} - C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {877B3841-7F5D-4678-8285-7CA6F59C8D7C} - C:\WINDOWS\system32\CML.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adssite - {9c6377dd-7e96-2a40-54d8-2379fbc4cb81} - C:\WINDOWS\system32\nsw29.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsx25.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - (no file)
O2 - BHO: (no name) - {A9343327-2631-6100-8D1C-D22C29498E18} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wkwyksg] "c:\windows\system32\wkwyksg.exe" wkwyksg
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKCU\..\Run: [zomfucfpld] c:\windows\system32\zomfucfpld.exe zomfucfpld
O4 - HKCU\..\Run: [keggddsjzy] c:\windows\system32\keggddsjzy.exe keggddsjzy
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oucmy] "c:\windows\system32\oucmy.exe" oucmy
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Charly')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Charly')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 User Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 User Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Charly')
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe (User 'Default user')
O4 - .DEFAULT Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rwinnldm.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\kmdsrngm.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://ssl.mgeups.com/vdesk/cachecleaner.cab#version=6010,2007,0223,0315
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ssl.mgeups.com/f5-w-687474703a2f2f446f6d30322e6d67657570732e636f6d$$/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://ssl.mgeups.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0330,0846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://ssl.mgeups.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://ssl.mgeups.com/vdesk/terminal/urxhost.cab#version=6010,2007,0330,0250
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 14968 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61c292ce-8943-627d-caf4-9df62e320287}]
rightonadz browser optimizer - C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{877B3841-7F5D-4678-8285-7CA6F59C8D7C}]
C:\WINDOWS\system32\CML.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
adssite - C:\WINDOWS\system32\nsw29.dll [2008-11-27 675328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
ads_optimizer - C:\WINDOWS\system32\nsx25.dll [2008-02-07 80896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9343327-2631-6100-8D1C-D22C29498E18}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{968631B6-4729-440D-9BF4-251F5593EC9A} - Copernic Desktop Search - Home - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll [2008-09-18 995328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"wkwyksg"=c:\windows\system32\wkwyksg.exe [2008-12-19 241664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"SDR6V_Check"=C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe []
"WA6PV_Check"=C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe []
"zomfucfpld"=c:\windows\system32\zomfucfpld.exe zomfucfpld []
"keggddsjzy"=c:\windows\system32\keggddsjzy.exe keggddsjzy []
"Copernic Desktop Search 2"=C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe [2008-09-18 1698816]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"oucmy"=c:\windows\system32\oucmy.exe [2008-12-09 288768]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Documents and Settings\Vasthie\Menu Démarrer\Programmes\Démarrage
Deewoo.lnk - C:\WINDOWS\system32\rwinnldm.exe
TA_Start.lnk - C:\WINDOWS\system32\kmdsrngm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2007-03-05 140976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule Plus"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Disabled:Halo"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\Documents and Settings\Charly\Mes documents\My Games\Racer2\racer\tracked.exe"="C:\Documents and Settings\Charly\Mes documents\My Games\Racer2\racer\tracked.exe:*:Disabled:tracked"
"F:\C4SETUP\C4LAN.EXE"="F:\C4SETUP\C4LAN.EXE:*:Disabled:C4LAN"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Disabled:Microsoft® Motocross Madness 2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Documents and Settings\Charly\Mes documents\Mes jeux\Counter Strike\czero.exe"="C:\Documents and Settings\Charly\Mes documents\Mes jeux\Counter Strike\czero.exe:*:Disabled:Condition Zero Launcher"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Documents and Settings\Charly\Mes documents\Mes jeux\Half Life\hlds.exe"="C:\Documents and Settings\Charly\Mes documents\Mes jeux\Half Life\hlds.exe:*:Enabled:hlds"
"C:\Documents and Settings\Charly\Mes documents\Mes jeux\Half Life\hl.exe"="C:\Documents and Settings\Charly\Mes documents\Mes jeux\Half Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Charly\Mes documents\TMNEX\TrackMania Sunrise\TmSunrise.exe"="C:\Documents and Settings\Charly\Mes documents\TMNEX\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Documents and Settings\Charly\Mes documents\Mes jeux\Pure\Pure.Multi-3.Full-Rip.Skullptura.lahrech\Pure\Pure.exe"="C:\Documents and Settings\Charly\Mes documents\Mes jeux\Pure\Pure.Multi-3.Full-Rip.Skullptura.lahrech\Pure\Pure.exe:*:Enabled:Pure"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger"
"C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-20 21:02:50 ----D---- C:\rsit
2008-12-20 21:02:50 ----D---- C:\Program Files\trend micro
2008-12-19 20:51:53 ----A---- C:\WINDOWS\system32\wkwyksg.exe
2008-12-17 18:11:38 ----D---- C:\Program Files\SFR
2008-12-11 07:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:49:30 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 09:49:51 ----A---- C:\WINDOWS\system32\oucmy.exe
2008-11-27 15:31:24 ----A---- C:\WINDOWS\system32\nsw29.dll
2008-11-26 18:26:30 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-11-26 18:26:09 ----D---- C:\Program Files\iPod
2008-11-26 18:26:06 ----D---- C:\Program Files\iTunes
2008-11-26 18:26:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 18:25:55 ----D---- C:\Program Files\Bonjour
2008-11-26 18:25:18 ----D---- C:\Program Files\Apple Software Update
2008-11-26 18:25:03 ----D---- C:\Program Files\Fichiers communs\Apple
2008-11-26 18:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-24 22:01:09 ----N---- C:\WINDOWS\system32\InstHelper.dll
2008-11-24 22:00:36 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-11-24 22:00:36 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-11-24 22:00:36 ----A---- C:\WINDOWS\system32\dneinobj.dll
2008-11-24 22:00:32 ----A---- C:\WINDOWS\system32\vpnapi.dll
2008-11-24 22:00:31 ----D---- C:\Program Files\Fichiers communs\Deterministic Networks
2008-11-24 22:00:31 ----D---- C:\Program Files\Cisco Systems
2008-11-24 22:00:31 ----A---- C:\WINDOWS\system32\CSGina.dll

======List of files/folders modified in the last 1 months======

2008-12-20 21:02:50 ----AD---- C:\Program Files
2008-12-20 21:02:23 ----D---- C:\WINDOWS\Prefetch
2008-12-20 20:42:46 ----D---- C:\WINDOWS\Temp
2008-12-20 19:05:57 ----D---- C:\WINDOWS\system32
2008-12-20 19:05:57 ----A---- C:\WINDOWS\system32\cont_adssite-remove.exe
2008-12-20 18:41:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 18:41:23 ----A---- C:\WINDOWS\ModemLog_Modem 56000 bps Standard.txt
2008-12-20 18:39:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 07:25:01 ----D---- C:\WINDOWS
2008-12-18 22:52:38 ----HD---- C:\WINDOWS\inf
2008-12-18 22:52:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 22:52:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 21:57:08 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-17 18:11:41 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 22:21:11 ----D---- C:\WINDOWS\Debug
2008-12-11 15:18:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 07:49:55 ----D---- C:\Program Files\Internet Explorer
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 14:50:11 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-12-04 21:38:38 ----D---- C:\Documents and Settings\Vasthie\Application Data\Microsoft
2008-12-02 22:24:43 ----A---- C:\WINDOWS\fados.exe
2008-12-02 21:49:35 ----SHD---- C:\WINDOWS\Installer
2008-12-02 21:49:35 ----D---- C:\Config.Msi
2008-11-26 18:26:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 18:26:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-26 18:25:41 ----D---- C:\Program Files\QuickTime
2008-11-26 18:25:20 ----SD---- C:\WINDOWS\Tasks
2008-11-26 18:25:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-26 18:25:03 ----D---- C:\Program Files\Fichiers communs
2008-11-26 18:24:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 22:03:30 ----D---- C:\WINDOWS\Internet Logs
2008-11-22 15:40:33 ----D---- C:\WINDOWS\Help
2008-11-21 18:36:56 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-08-13 240128]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-07-31 132058]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-21 5632]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-07-31 206464]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R3 3xHybrid;Philips SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-24 127376]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-07-31 25578]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-05 9728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-10-07 9856]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-24 5888]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-04-23 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-04-23 2560]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2006-07-24 29184]
S3 ldiskl;ldiskl; \??\C:\DOCUME~1\Charly\LOCALS~1\Temp\ldiskl.sys []
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-07-31 30246]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv []
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\system32\DRIVERS\LVCD.sys [2004-02-14 471712]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-07-10 188416]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-05-23 54784]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-01 180224]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-07-10 77824]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 M1 Server;Serveur Média Intel(R) Viiv(TM); C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-05-26 25600]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-07-10 147456]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-07-10 397312]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-11-03 918016]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-05-21 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

et voila le info.txt :

info.txt logfile of random's system information tool 1.05 2008-12-20 21:03:01

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{9F9BED81-2C7A-4AA2-A136-942168A0085B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0x40c -uninst
Assistant Avery 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB7A2041-6A16-4BAC-8079-43B985673C2C}
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Browser Optimizer Adssite-->C:\WINDOWS\system32\adssite-remove.exe
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Contextual Tool Adssite-->C:\WINDOWS\system32\cont_adssite-remove.exe
Copernic Desktop Search - Home-->C:\Program Files\Copernic Desktop Search 2\uninst.exe
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Counter-Strike: Source-->C:\Program Files\Counter-Strike Source\Uninst.exe
CueClub-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Real\RealGames\CueClub\setup.exe"
Digital Photo Navigator 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\setup.exe" -l0x9
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation Schneider Electric-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04DAB70E-EBD0-49EB-B3C0-8400EC2E6B70}\setup.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Enhancement Browser Tools Rightonadz-->C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll-uninst.exe
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
F-16 Demo-->C:\WINDOWS\IsUninst.exe -f"c:\documents and settings\charly\Uninst.isu"
FBrowsingAdvisor-->"C:\Program Files\FBrowsingAdvisor\unins000.exe"
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free Mp3 Wma Converter V 1.5.5-->"C:\Program Files\Free Audio Pack\unins000.exe"
Gabbasoft Cube Demo-->MsiExec.exe /X{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}
GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) PRO Network Connections-->MsiExec.exe /I{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logiciel Intel® Viiv™-->MsiExec.exe /X{2F2E536D-021E-4B77-94E6-A16AA8D50014} /qb!
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 Un siècle d'aviation-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Motocross Madness 2-->"C:\Program Files\Microsoft Games\Motocross Madness 2\Uninstal.exe" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Monopoly-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\setup.exe" -l0x40c
Mozilla (1.7.13) (fr)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (fr)"
MP3 Player Utilities 3.68-->MsiExec.exe /I{D98BFAD2-0C90-47F4-9D69-2EFF21631884}
MP3 Player Utilities 4.15-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon View 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Otto-->"C:\Program Files\FrenchOtto\uninstallotto.exe"
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Phototool 1.8-->C:\PROGRA~1\PHOTOT~1\UNWISE.EXE C:\PROGRA~1\PHOTOT~1\INSTALL.LOG
Popsicle-->"C:\Documents and Settings\All Users\Documents\Popsicle\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Race Driver 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D474A0E8-4421-43C0-BE8E-F454F91E2E2A} /l1036
Rayman3-->MsiExec.exe /X{BAF5914B-5730-4373-B038-9F436AC6A0D6}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\iruninRCV.ini"
SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Dri
0
Réponse 7 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\CML.dll
C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll
C:\WINDOWS\system32\nsw29.dll
C:\WINDOWS\system32\nsx25.dll
c:\windows\system32\wkwyksg.exe
c:\windows\system32\oucmy.exe
c:\windows\system32\keggddsjzy.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
c:\windows\system32\zomfucfpld.exe
C:\WINDOWS\system32\kmdsrngm.exe
C:\WINDOWS\system32\rwinnldm.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\WINDOWS\system32\cont_adssite-remove.exe
C:\WINDOWS\fados.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61c292ce-8943-627d-caf4-9df62e320287}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{877B3841-7F5D-4678-8285-7CA6F59C8D7C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9343327-2631-6100-8D1C-D22C29498E18}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wkwyksg"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SDR6V_Check"=-
"WA6PV_Check"=-
"zomfucfpld"=-
"keggddsjzy"=-
"oucmy"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et colle un rapport avec antivir que tu as

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
*shinigami*
 
un truc que j'ai remarqué au passage : le message d'erreur ne s'afiche qu'en mode d'affichage miniature, en mode liste par exemple l'ordi ne plante pas . Dc est ce que le pb ne viendrai pas de l'explorer ??
0
*shinigami*
 
Ah par contre le message d'erreur s'affiche lorsque je clique sur le film...
0
Réponse 8 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu as le rapport du message 12???
0
*shinigami*
 
Ya une erreur quand je le fait, la fenetre bleu s'affiche mais sa affiche : Merci de patienter, Combofix s'apprête à démarer et juste après ça j'ai un message d'erreur qui dit : Etiez vous entrain d'executer CFScript ? Le nom CFScript semble être mal écrit je fait ok et tout se ferme dc voila...
0
Réponse 9 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt

http://oldtimer.geekstogo.com/OTMoveIt3.exe

(de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

:processus
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61c292ce-8943-627d-caf4-9df62e320287}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{877B3841-7F5D-4678-8285-7CA6F59C8D7C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9343327-2631-6100-8D1C-D22C29498E18}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"wkwyksg"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SDR6V_Check"=-
"WA6PV_Check"=-
"zomfucfpld"=-
"keggddsjzy"=-
"oucmy"=-
:files
C:\WINDOWS\system32\CML.dll
C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll
C:\WINDOWS\system32\nsw29.dll
C:\WINDOWS\system32\nsx25.dll
c:\windows\system32\wkwyksg.exe
c:\windows\system32\oucmy.exe
c:\windows\system32\keggddsjzy.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
c:\windows\system32\zomfucfpld.exe
C:\WINDOWS\system32\kmdsrngm.exe
C:\WINDOWS\system32\rwinnldm.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\WINDOWS\system32\cont_adssite-remove.exe
C:\WINDOWS\fados.exe
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________

puis remets un rapport rsit
0
*shinigami*
 
Voila le rapport OTMoveIt:

Error: Unable to interpret <:processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61c292ce-8943-627d-caf4-9df62e320287}\\ not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{877B3841-7F5D-4678-8285-7CA6F59C8D7C}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c6377dd-7e96-2a40-54d8-2379fbc4cb81}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9343327-2631-6100-8D1C-D22C29498E18}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wkwyksg not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SDR6V_Check not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WA6PV_Check not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zomfucfpld not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\keggddsjzy not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\oucmy not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\CML.dll not found.
File/Folder C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll not found.
File/Folder C:\WINDOWS\system32\nsw29.dll not found.
File/Folder C:\WINDOWS\system32\nsx25.dll not found.
File/Folder c:\windows\system32\wkwyksg.exe not found.
File/Folder c:\windows\system32\oucmy.exe not found.
File/Folder c:\windows\system32\keggddsjzy.exe not found.
File/Folder C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe not found.
File/Folder c:\windows\system32\zomfucfpld.exe not found.
File/Folder C:\WINDOWS\system32\kmdsrngm.exe not found.
File/Folder C:\WINDOWS\system32\rwinnldm.exe not found.
File/Folder C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe not found.
C:\WINDOWS\system32\cont_adssite-remove.exe moved successfully.
File/Folder C:\WINDOWS\fados.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Charly\LOCALS~1\Temp\WERac10.dir00\nfs.exe.hdmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Charly\LOCALS~1\Temp\WER9582.dir00\nfs.exe.hdmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\63foiodt.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hi48alju.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\T30DebugLogFile.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_152506


Et voila le rapport Rsit:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Vasthie at 2008-12-26 15:34:35
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 42 GB (27%) free of 153 GB
Total RAM: 1022 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:39, on 26/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charly\Mes documents\RSIT.exe
C:\Program Files\trend micro\Vasthie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKCU\..\Run: [zomfucfpld] c:\windows\system32\zomfucfpld.exe zomfucfpld
O4 - HKCU\..\Run: [keggddsjzy] c:\windows\system32\keggddsjzy.exe keggddsjzy
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oucmy] "c:\windows\system32\oucmy.exe" oucmy
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Charly')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'Charly')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray (User 'Charly')
O4 - HKUS\S-1-5-21-1184027975-4157342990-2662757307-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Charly')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe (User 'Charly')
O4 - S-1-5-21-1184027975-4157342990-2662757307-1009 User Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe (User 'Charly')
O4 - S-1-5-18 Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.fr/
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://ssl.mgeups.com/vdesk/cachecleaner.cab#version=6010,2007,0223,0315
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ssl.mgeups.com/f5-w-687474703a2f2f446f6d30322e6d67657570732e636f6d$$/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://ssl.mgeups.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0330,0846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://ssl.mgeups.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://ssl.mgeups.com/vdesk/terminal/urxhost.cab#version=6010,2007,0330,0250
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 10 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
relance hijackhtis fais do a system scan only puis fix ces lignes (fix cheked)

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKCU\..\Run: [zomfucfpld] c:\windows\system32\zomfucfpld.exe zomfucfpld
O4 - HKCU\..\Run: [keggddsjzy] c:\windows\system32\keggddsjzy.exe keggddsjzy

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://ssl.mgeups.com/vdesk/cachecleaner.cab#version=6010,2007,0223,0315
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ssl.mgeups.com/f5-w-687474703a2f2f446f6d30322e6d67657570732e636f6d$$/iNotes6W.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://ssl.mgeups.com/vdesk/terminal/urTermProxy.cab#version=6010,2007,0330,0846
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - https://www.worldwinner.com/frontend_404.shtml
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://ssl.mgeups.com/vdesk/terminal/urxshost.cab#version=6010,2007,0223,0320
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://ssl.mgeups.com/vdesk/terminal/urxhost.cab#version=6010,2007,0330,0250

_____________________

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.

_________________________

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
*shinigami*
 
Pour Hijackhtis je n'ai pas les ligne suivantes:

R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

O4 - HKCU\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKCU\..\Run: [zomfucfpld] c:\windows\system32\zomfucfpld.exe zomfucfpld
O4 - HKCU\..\Run: [keggddsjzy] c:\windows\system32\keggddsjzy.exe keggddsjzy

Est ce normal ??

J'ai un problème avec Navilog lorsque je clique sur l'executable une fenetre bleue s'ouvre avec choisissez votre langue et quand je demande français j'ai un message d'erreur qui me dit :

GetPaths.exe a rencontré un problème et doit fermer. Nous vous prions... etc etc.. et la fenetre bleue se ferme.

Et le lien Hypertexte de Ad-Remover n'est pas le bon, il me met objet introuvable.

Dc voila... si tu pouvais m'expliquer en gros ce que je fait quand je fait les manipes ça serai simpa et ça rassurerai un peu mon père ^^

Merci d'avance.
0
Réponse 11 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pas grave pour hijakchits

pour navilog essaye après desactivation d'antivir

pour ad remover:

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
0
*shinigami*
 
tjs pareil pour Navilog et il n'y a pas de rapport a la fin de Ad-Remover il s'ouvre mais il est vide..
0
Réponse 12 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
zut j'arrive pas a lire tous les rapports un bug

dis moi on avais passé malwarebyte?

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

si c'est pas le cas colle un rapport avec sinon remets un rapport RSIT
0
*shinigami*
 
Voila le rapport malwarebyte:


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1577
Windows 5.1.2600 Service Pack 3

30/12/2008 14:52:49
mbam-log-2008-12-30 (14-52-49).txt

Type de recherche: Examen rapide
Eléments examinés: 80900
Temps écoulé: 13 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c8a568e-4201-478a-8536-526cf371d2e2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab71e94e-3dc4-41eb-bbd5-31e82c9fd1d4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d3b4c621-6024-410b-9f0f-22cbd6981f5e} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware370 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{feb317a6-dd6a-7085-30dc-d24315e63f72}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 13 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais en choisissant un scan complet

puis remets un rapport RSIT et dis tes soucis actuels
0
*shinigami*
 
C'est bon pb résolu ;)

Merci de ton aide j'ai trouvé un forum ou le pb a été résolu en 2 manipe dc jlai fait et ça a marché voila merci encore !!

PS : si jamais jai un autre pb jte recontacte ;)

pour info voila ce ki disait de faire sur le forum :

démarrer>Panneau de configuration>Systeme>Onglet avancé>performance,clic sur parametre>Onglet "prévention de l'éxécution de données la tu a 2 choix clic sur le 2éme en suite coche explorateur windows ta plus qu'a redémarer et plus de probs!
0
Réponse 14 / 14
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok mais vu les infections il fallait nettoyer

et pour verifier:

colle un scan en ligne

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0

Discussions similaires

App explorer Sa sert a quoi ?
Mada_alpha -
SATS_fr -

1 réponse
Écran bleu avec inscription plug in AC
Soskosge -
jeannets -

1 réponse