Changement de DNS

TK -  
 TK -
Bonjour et bonne année à tous,

Mon PC est sous Win XP Pro + SP2 (d'origine), il y a 3 jours j'ai fait une MAJ de ma licence AVG de 7.5 à 8.0 et j'ai (acheté).
Je n'ai pas pu le télécharger sur le site de l'éditeur je l'ai donc fait d'un autre PC, après l'install pas moyen de mettre à jour le soft.

En parallèle j'ai eu également de soucis de pages internet qui s'ouvrent et font de la pub pour de casinos...

Dans les propriétés du réseau les DNS avaient changé pour quelque chose d'exotique pointant en Ukraine.

J'ai fouillé sur la toile (Hijack et autres solutions), mais les problèmes persistent.

Pouvez-vous m'aider je suis à court d'idées.

Merci d'avance.

Voici le log Hijack.

TK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:58, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\TKovats\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108,85.255.112.197
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6966 bytes
Configuration: Windows XP
Firefox 3.0.5

4 réponses

  1. totobetourne Messages postés 5677 Statut Membre 65
     
    bonjour

    Télécharge SmitfraudFix
    Utilitaire de S!Ri: Moe et balltrap34
    http://siri.urz.free.fr/Fix/SmitfraudFix.php
    et télécharge SmitfraudFix.exe.

    Exécute le en choisissant l’option 5,
    il va générer un rapport
    Copie/colle le sur le poste stp.
    0
    1. TK
       
      Salut totobetourne,

      Voici le log.

      En fait je l'avais déjà fait.

      Merci beaucoup.

      TK

      SmitFraudFix v2.388

      Rapport fait à 14:14:44,43, 08/01/2009
      Executé à partir de C:\Documents and Settings\TKovats\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

      Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

      Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 85.255.113.108
      DNS Server Search Order: 85.255.112.197

      Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

      Description: Carte Mini de réseau local sans fil Wireless 1395 de Dell - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 85.255.113.108
      DNS Server Search Order: 85.255.112.197

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.115.155,85.255.112.77
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.108,85.255.112.197
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103

      »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

      Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 62.4.16.70
      DNS Server Search Order: 62.4.17.69
      DNS Server Search Order: 10.1.0.103

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
      0
  2. totobetourne Messages postés 5677 Statut Membre 65
     
    refais un rapport hijack et colle le . merci.
    0
    1. TK
       
      et voilà

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:39:17, on 08/01/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RunDLL32.exe
      C:\WINDOWS\OEM13Mon.exe
      C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
      C:\Program Files\Dell\QuickSet\Quickset.exe
      C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
      C:\Program Files\UGS\UGSLicensing\ugslmd.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\UGS\NX 6.0\UGII\ugraf.exe
      C:\Documents and Settings\TKovats\Bureau\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
      O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
      0
  3. totobetourne Messages postés 5677 Statut Membre 65
     
    niveau infection surement bon.

    on peut ameliorer.

    1)passe cet antimalware, fait comme indique
    Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

    Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
    fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
    COLLE LE RAPPORT APRES SUPPRESSION MERCI.

    garde le et lance un scan tout les mois comme indique.

    si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

    2)pare-feu gratuits:regle un seul pare feu sur un ordi.telecharge un des suivants ensuite deconnecte toi.
    puis desactive le pare feu windows(aller dans le centre de securite puis pare feu windows et la desactive le)
    puis installe celui de ton choix.

    je te conseille un des 2(en anglais mais simple avec le tuto qui est donne)

    Comodo pro Firewall(juste le pare feu)
    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
    Tuto pour la 3.0
    https://infomars.fr/forum/index.php?showtopic=1225

    ou

    OnlineArmor :
    téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall

    tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    :http://www.malekal.com/tutorial_Online_Armor.ph

    il y en a d autres mais d apres les test de matousec en gratuit il n y en a pas bcp d autre.
    http://www.matousec.com/index.html

    3)fait ce qui est indique sur ce lien pour mieux securise firefox.
    https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

    surtout NO SCRIPT

    4)pour enlever les fichiers temporaires

    a passer tout les 15 jours a peu pres.

    • Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
    http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

    • Fermer toutes les applications
    • Lancer CCLeaner
    S'il n'est pas en Français cliquer sur Options, Setting, Language
    et sélectionner Français
    • cocher dans le menu Nettoyeur - onglet Windows :
    Internet Explorer: Fichiers Internet Temporaires, Cookies
    • Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
    • Avancé: Vieilles données du Prefetch
    • Décocher dans le menu Options - sous-menu Avancé :
    Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
    • Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
    • Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
    Firefox/Mozilla: Cache Internet, Cookies
    • Click sur Analyse
    • Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
    • Click sur Registre
    • Sélectionner tout
    • Click sur Chercher des erreurs (En bas)

    Une fois le scan terminé sélectionner tout
    • Click sur Réparer les erreurs sélectionnées

    5)CES 2 PROGRAMMES DOIVENT RESTER A JOUR
    ensuite désinstal java car pas a jours et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    ensuite si c est la version gratuite désinstal adobe reader car pas a jours et telecharge et instal cette version :

    https://get2.adobe.com/reader/otherversions/

    0
    1. TK
       
      Merci, je vais essayer, le link n'est pas valide, je vais le chercher ailleurs.

      TK
      0
      1. TK > TK
         
        Voici ce que donne mabm

        TK


        Malwarebytes' Anti-Malware 1.32
        Version de la base de données: 1631
        Windows 5.1.2600 Service Pack 2

        08/01/2009 16:20:53
        mbam-log-2009-01-08 (16-20-53).txt

        Type de recherche: Examen complet (C:\|F:\|)
        Eléments examinés: 295474
        Temps écoulé: 1 hour(s), 5 minute(s), 43 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 1
        Clé(s) du Registre infectée(s): 1
        Valeur(s) du Registre infectée(s): 0
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 1
        Fichier(s) infecté(s): 16

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

        Clé(s) du Registre infectée(s):
        HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        (Aucun élément nuisible détecté)

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\msqpdxnoeyfsap.dll (Trojan.TDSS) -> Delete on reboot.
        C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
        C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxdonmttoq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxenhyfrrr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxktetqfvk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxlgidoroc.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxmykvvmlj.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxnekdnxco.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxolwosruw.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxqftuwmmt.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\msqpdxsmgpxtfh.sys (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\Temp\tempo-0FB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
        C:\WINDOWS\Temp\tempo-EE9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
        0
      2. TK > TK
         
        Merci beaucoup pour ton aide totobetourne.

        TK
        0
  4. totobetourne Messages postés 5677 Statut Membre 65
     
    peut etre pas fini.passe cela
    1)pour voir télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    2)apres refais moi un rapport hijack.
    0
    1. TK
       
      Bonjour totobetourne,

      J'avais effectivement autre chose du style qui met un c:\resycled et un boot.com

      Voici le log de ComboFix :

      ComboFix 09-01-11.01 - TKovats 2009-01-12 17:20:24.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2492 [GMT 1:00]
      Lancé depuis: c:\documents and settings\TKovats\Bureau\ComboFix.exe
      AV: AVG Internet Security *On-access scanning disabled* (Outdated)
      AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
      FW: AVG Firewall *disabled*
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\autorun.inf
      C:\resycled
      c:\resycled\boot.com
      c:\windows\system32\Agent.OMZ.Fix.exe
      c:\windows\system32\drivers\msqpdxserv.sys
      c:\windows\system32\dumphive.exe
      c:\windows\system32\hpowiax5.dll
      c:\windows\system32\IEDFix.exe
      c:\windows\system32\msrdo20.dll
      c:\windows\system32\Process.exe
      c:\windows\system32\rdocurs.dll
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\tmp.reg
      c:\windows\system32\VCCLSID.exe
      c:\windows\system32\WS2Fix.exe
      c:\windows\Temp\tmp3.tmp
      F:\Autorun.inf
      F:\resycled
      f:\resycled\boot.com

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_AVG


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
      .

      2009-01-12 16:59 . 2009-01-12 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
      2009-01-12 14:01 . 2009-01-12 14:01 <REP> d-------- C:\Projects
      2009-01-12 14:01 . 2009-01-12 14:01 8,590 --a------ c:\windows\hh.dat
      2009-01-12 14:00 . 2009-01-12 14:00 <REP> d-------- c:\documents and settings\TKovats\Application Data\SOLIDCast
      2009-01-12 13:54 . 2009-01-12 14:17 <REP> d-------- c:\program files\SOLIDCast
      2009-01-12 13:54 . 2004-11-28 10:44 89,360 --a------ c:\windows\system32\VB5DB.DLL
      2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- c:\windows\system32\fr-fr
      2009-01-09 16:27 . 2009-01-09 16:27 <REP> d-------- c:\windows\ServicePackFiles
      2009-01-09 16:25 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02950_.tmp
      2009-01-09 09:22 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll
      2009-01-09 09:22 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\dllcache\urlmon.dll
      2009-01-09 09:22 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
      2009-01-09 09:20 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
      2009-01-09 09:20 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
      2009-01-09 09:19 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
      2009-01-09 09:18 . 2008-04-11 20:05 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
      2009-01-09 09:18 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
      2009-01-09 09:18 . 2008-05-01 15:36 331,776 --------- c:\windows\system32\dllcache\msadce.dll
      2009-01-08 17:01 . 2009-01-12 16:00 1,374 --a------ c:\windows\imsins.BAK
      2009-01-08 17:00 . 2009-01-08 17:00 <REP> d-------- c:\program files\MSXML 4.0
      2009-01-08 16:54 . 2009-01-12 17:25 <REP> d-------- c:\windows\system32\drivers\Avg
      2009-01-08 16:54 . 2009-01-08 16:54 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
      2009-01-08 16:54 . 2009-01-08 16:54 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
      2009-01-08 16:54 . 2009-01-08 16:54 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
      2009-01-08 16:54 . 2009-01-08 16:54 10,520 --a------ c:\windows\system32\avgrsstx.dll
      2009-01-08 16:53 . 2009-01-08 16:53 <REP> d-------- c:\program files\AVG
      2009-01-08 16:53 . 2009-01-12 13:58 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
      2009-01-08 16:53 . 2009-01-08 16:53 50,968 --a------ c:\windows\system32\avgfwdx.dll
      2009-01-08 16:53 . 2009-01-08 16:53 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
      2009-01-08 16:34 . 2009-01-08 16:34 <REP> d-------- c:\program files\Java
      2009-01-08 16:34 . 2009-01-08 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
      2009-01-08 16:34 . 2009-01-08 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\TKovats\Application Data\Malwarebytes
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-01-08 14:53 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-01-08 14:53 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-01-08 12:52 . 2009-01-08 12:52 <REP> d-------- c:\windows\BDOSCAN8
      2009-01-08 11:09 . 2009-01-08 12:22 <REP> d-------- c:\program files\Navilog1
      2009-01-08 09:56 . 2009-01-08 09:57 <REP> d-------- c:\program files\Fichiers communs\BitDefender
      2009-01-08 09:28 . 2009-01-08 09:29 <REP> d-------- c:\program files\CCleaner
      2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\windows\SolidWorks
      2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks
      2009-01-07 15:08 . 2009-01-12 17:27 <REP> d-------- c:\documents and settings\TKovats\Application Data\IM
      2009-01-07 12:18 . 2009-01-07 12:18 <REP> d-------- c:\documents and settings\TKovats\Application Data\SpaceClaim
      2009-01-07 12:14 . 2006-06-30 10:39 102,400 --a------ c:\windows\system32\tsccvid.dll
      2009-01-07 12:13 . 2009-01-07 12:22 <REP> d-------- c:\program files\SpaceClaim 2008
      2009-01-07 12:13 . 2009-01-09 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SpaceClaim
      2009-01-07 12:12 . 2009-01-07 12:12 <REP> d-------- c:\program files\MSBuild
      2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\windows\system32\XPSViewer
      2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\program files\Reference Assemblies
      2009-01-07 12:09 . 2009-01-07 12:09 <REP> d-------- c:\temp\NETFX30
      2009-01-06 10:07 . 2009-01-06 10:07 <REP> d-------- c:\program files\Astroburn
      2009-01-05 15:17 . 2009-01-07 14:47 2,392 --a------ C:\autorun.PNF
      2009-01-05 15:16 . 2007-11-02 03:28 970,752 --a------ c:\windows\system32\hpotiop5.dll
      2009-01-05 15:16 . 2007-11-02 03:28 364,544 --a------ c:\windows\system32\hppldcoi.dll
      2009-01-05 15:16 . 2007-11-02 03:28 309,760 --a------ c:\windows\system32\difxapi.dll
      2009-01-05 15:16 . 2007-11-02 03:28 303,104 --a------ c:\windows\system32\hpovst12.dll
      2009-01-05 15:15 . 2009-01-05 15:18 142,919 --a------ c:\windows\hpoins21.dat
      2009-01-05 15:15 . 2008-01-24 03:29 7,262 --------- c:\windows\hpomdl21.dat
      2009-01-02 17:15 . 2009-01-02 17:16 106,253 --a------ c:\windows\hpoins07.dat
      2009-01-02 17:15 . 2005-06-22 03:19 17,505 --------- c:\windows\hpomdl07.dat
      2009-01-02 15:10 . 2009-01-02 15:12 <REP> d-------- c:\windows\system32\oodag
      2009-01-02 12:31 . 2009-01-07 14:23 20,432 --a------ c:\windows\system32\oodbs.lor
      2009-01-02 12:10 . 2009-01-02 12:10 0 --a------ c:\windows\oodcnt.INI
      2009-01-02 11:44 . 2009-01-02 11:44 9,262,879 --a------ C:\reg.cab
      2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
      2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
      2008-12-24 08:42 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
      2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
      2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
      2008-12-24 08:42 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
      2008-12-24 08:42 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
      2008-12-23 09:22 . 2008-12-24 08:50 <REP> d-------- c:\program files\MagicISO

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-01-12 16:18 --------- d-----w c:\program files\Mozilla Thunderbird
      2009-01-12 13:16 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-01-08 15:29 --------- d-----w c:\program files\Fichiers communs\Adobe
      2009-01-07 15:14 --------- d-----w c:\program files\JaBack8
      2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\eaxext_302.set
      2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\bcompbg979.dat
      2009-01-02 15:08 --------- d-----w c:\program files\HP
      2009-01-02 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\HP
      2009-01-02 11:31 --------- d-----w c:\program files\Google
      2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
      2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
      2009-01-02 11:20 --------- d-----w c:\program files\Fichiers communs\HP
      2008-12-10 15:33 --------- d-----w c:\program files\Foxit Software
      2008-12-10 15:32 --------- d-----w c:\documents and settings\TKovats\Application Data\Foxit
      2008-12-10 08:57 --------- d-----w c:\documents and settings\TKovats\Application Data\Nitro PDF
      2008-12-10 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
      2008-11-27 21:46 --------- d-----w c:\program files\GEIT Rhythm
      2008-11-27 15:40 --------- d-----w c:\documents and settings\TKovats\Application Data\Astroburn
      2008-11-27 14:38 --------- d-----w c:\program files\MozBackup
      2008-11-26 20:14 --------- d-----w c:\program files\DAEMON Tools Lite
      2008-11-26 20:09 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
      2008-11-26 20:08 --------- d-----w c:\documents and settings\TKovats\Application Data\DAEMON Tools
      2008-11-20 12:21 --------- d-----w c:\program files\frontend
      2008-11-18 01:51 74,752 ----a-w c:\windows\ST6UNST.EXE
      2008-11-18 01:51 290,816 ------w c:\windows\Setup1.exe
      2008-11-13 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
      2008-11-12 11:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
      "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
      "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
      "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
      "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
      "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
      "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
      "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
      "nwiz"="nwiz.exe" [2008-03-04 c:\windows\system32\nwiz.exe]
      "NVHotkey"="nvHotkey.dll" [2008-03-04 c:\windows\system32\nvhotkey.dll]
      "NvMediaCenter"="NvMCTray.dll" [2008-03-04 c:\windows\system32\nvmctray.dll]
      "RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-01-08 16:54 10520 c:\windows\system32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "SENTINEL"= snti386.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
      --a------ 2008-02-22 12:43 1245184 c:\program files\Dell\QuickSet\quickset.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
      --a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
      "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\program files\UGS\UGSLicensing\lmtools.exe"= c:\program files\UGS\UGSLicensing\lmtools.exe:192.168.2.0/255.255.255.0:Enabled:LMTOOLS
      "c:\program files\UGS\UGSLicensing\ugslmd.exe"= c:\program files\UGS\UGSLicensing\ugslmd.exe:192.168.2.0/255.255.255.0:Enabled:ugslmd
      "c:\program files\UGS\UGSLicensing\lmgrd.exe"= c:\program files\UGS\UGSLicensing\lmgrd.exe:192.168.2.0/255.255.255.0:Enabled:lmgrd
      "c:\\Program Files\\UGS\\NX 6.0\\UGII\\ugraf.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-08 12552]
      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 324872]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 107272]
      R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
      R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-03 48472]
      R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-07-03 43480]
      R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-07-03 7424]
      R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-07-03 235200]
      R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
      R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
      R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2008-04-22 1372160]
      S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      HPService REG_MULTI_SZ HPSLPSVC

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
      \Shell\Open\command - "resycled\b

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c18347a-5329-11dd-85d8-001644c7bb7b}]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
      \Shell\Open\command - g:\resycled\boot.com g:

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509bc2a6-87fd-11dd-8078-00218640e9d1}]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
      \Shell\Open\command - g:\resycled\boot.com g:
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe


      .
      ------- Examen supplémentaire -------
      .
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      mDefault_Search_URL = hxxp://www.google.com/ie
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

      c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
      c:\windows\Downloaded Program Files\live.ini
      c:\windows\Downloaded Program Files\scanoptions.tsi
      c:\windows\Downloaded Program Files\lang.ini
      c:\windows\Downloaded Program Files\ipsupd.dll
      c:\windows\Downloaded Program Files\bdupd.dll
      c:\windows\Downloaded Program Files\libfn.dll
      c:\windows\Downloaded Program Files\bdcore.dll
      c:\windows\Downloaded Program Files\oscan8.ocx
      O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
      hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      c:\windows\Downloaded Program Files\oscan8.inf
      FF - ProfilePath - c:\documents and settings\TKovats\Application Data\Mozilla\Firefox\Profiles\kr04l3wo.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - www.yahoo.fr
      FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
      FF - prefs.js: network.proxy.type - 4
      FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

      ---- FIREFOX POLICIES ----
      pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-12 17:26:44
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
      "OODEFRAG11.00.00.01WORKSTATION"="394579AF296874563B5B744DE25FA22233C5A8A86E4907A06413C812B0817C89C79256B77B6B5019CCEDD11D40D8908B80D43D0E967CBC1DF235ECB610EA3D267786A4BDDCADA740ADA60B723CE95C7962426A8D4A0A6920B9503E7D0B0A4814AA1917C8D1C16431CC5749F5FACBF343F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C72EC6663F6F9EE3C11CFBD9708B7E4ABB5775DF78A953D020355D62919240D9A19F7366656704E38AE36733AD1594FA33EB8F0FDF3374116BA400B3285584AF6DB4EB4204044AEE8FE92A6D1F25703A309281CD1AFAC7524E52C264696D128A60F9B054C1ED30F75AC811AB7FC186D7F3A7AE28B1A7D5ACDC1038BD88FDFD4B8A71D8B5DBC57EF7887B7D2F868D4027F98F60BF4730BF127AEC2E3911CA6872E3F2570F55054D702017C9CD8101B385F117B218B5F08C4B9B17B1ACC481EF6FB1499A26F6F29D09430AA04CA35CE89CEB277F282E679DD81F35360998512610E087552D6930767A6D0315C7978237571B1EF9541F63C4EF04382A83AA9A2074120C7F46A1BF02D2442943CC2E2A3FC61E5FBDEE05E7DA7EC8E572DA7EDC12C6787B04322C8C138EB85EAFBB7602DA8A8CC47E931D3BF83CC6CB2E70DEF3A98C78CE7BAA3C225235043603B1DBFF102C8839495346DDBFC5F140A1B4A30251A1B1F389C4D939B8A9945345BEDB2F698334F360720A97BB266E4E6CAF015730211567E6EAE2AFA10027BB903D6D397FDD21916A2DF671CC8935D653D4BE7E723496C2D780CD86B5A38F7D61C391C7F49036A2F1691EB92E71323388054561CD7DB3ECB475FD4E891607208D4AB6C329612F591CD88DD843B807FA36339707A7CD24FF3AED33946E390C35C9F75060502460DE1004B4C6D71EDDF81FA602D44F0A944D3404A852683536D77321792A03056A959A113269ABFDFD3BF1F60E40B9955662DD8D71A8226A8111007BF9C0546EE66C26ECF40305D4E115EEB83D5B7DFBA25D612443F278404F571DB56150270AF037F6623532684A67072C1CA20863134123B500C9DB6DC4B07FAB3734C3EDCAC6403CA637A44F5CB6EA6446ACA867C0F62D8B6E0C524F05A5220D2E47BB33D6E92D6A49CB6AA76902C37DB473E9CB78DF0C12EA528B986000D68C52D3EAE487038953E0C6C4D4BBFEFF5B5FE48FEDAE53A1BE4F39C92E6FE0B6FD98014533A222671A72565F0C1159F473FDF193AE2C26120CC985C9FDF0E4862A049DE95D06850ACB28CCBB229414A26306FC7ADD0C02CA0191306A742596587EFA3E6BFCD9BCDA0769E31FED56AA11E7E634D8E28F3047B44989C42E4FEA2B3E2E2D8EFF9075C3A4FE98A1A1EA9F7D1E527866271"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1248)
      c:\windows\System32\BCMLogon.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\WLTRYSVC.EXE
      c:\windows\system32\BCMWLTRY.EXE
      c:\windows\system32\Crypserv.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\nvsvc32.exe
      c:\progra~1\AVG\AVG8\avgam.exe
      c:\program files\AVG\AVG8\avgrsx.exe
      c:\progra~1\AVG\AVG8\avgnsx.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\UGS\UGSLicensing\ugslmd.exe
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\rundll32.exe
      c:\program files\DellTPad\hidfind.exe
      c:\program files\DellTPad\ApntEx.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-01-12 17:33:37 - La machine a redémarré [TKovats]
      ComboFix-quarantined-files.txt 2009-01-12 16:33:34

      Avant-CF: 46 277 468 160 octets libres
      Après-CF: 46,292,701,184 octets libres

      308 --- E O F --- 2009-01-12 15:01:02
      ComboFix 09-01-11.01 - TKovats 2009-01-12 17:20:24.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2492 [GMT 1:00]
      Lancé depuis: c:\documents and settings\TKovats\Bureau\ComboFix.exe
      AV: AVG Internet Security *On-access scanning disabled* (Outdated)
      AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
      FW: AVG Firewall *disabled*
      * Un nouveau point de restauration a été créé

      [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\autorun.inf
      C:\resycled
      c:\resycled\boot.com
      c:\windows\system32\Agent.OMZ.Fix.exe
      c:\windows\system32\drivers\msqpdxserv.sys
      c:\windows\system32\dumphive.exe
      c:\windows\system32\hpowiax5.dll
      c:\windows\system32\IEDFix.exe
      c:\windows\system32\msrdo20.dll
      c:\windows\system32\Process.exe
      c:\windows\system32\rdocurs.dll
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\tmp.reg
      c:\windows\system32\VCCLSID.exe
      c:\windows\system32\WS2Fix.exe
      c:\windows\Temp\tmp3.tmp
      F:\Autorun.inf
      F:\resycled
      f:\resycled\boot.com

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_AVG


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
      .

      2009-01-12 16:59 . 2009-01-12 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
      2009-01-12 14:01 . 2009-01-12 14:01 <REP> d-------- C:\Projects
      2009-01-12 14:01 . 2009-01-12 14:01 8,590 --a------ c:\windows\hh.dat
      2009-01-12 14:00 . 2009-01-12 14:00 <REP> d-------- c:\documents and settings\TKovats\Application Data\SOLIDCast
      2009-01-12 13:54 . 2009-01-12 14:17 <REP> d-------- c:\program files\SOLIDCast
      2009-01-12 13:54 . 2004-11-28 10:44 89,360 --a------ c:\windows\system32\VB5DB.DLL
      2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- c:\windows\system32\fr-fr
      2009-01-09 16:27 . 2009-01-09 16:27 <REP> d-------- c:\windows\ServicePackFiles
      2009-01-09 16:25 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02950_.tmp
      2009-01-09 09:22 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll
      2009-01-09 09:22 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\dllcache\urlmon.dll
      2009-01-09 09:22 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
      2009-01-09 09:20 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
      2009-01-09 09:20 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
      2009-01-09 09:20 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
      2009-01-09 09:19 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
      2009-01-09 09:18 . 2008-04-11 20:05 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
      2009-01-09 09:18 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
      2009-01-09 09:18 . 2008-05-01 15:36 331,776 --------- c:\windows\system32\dllcache\msadce.dll
      2009-01-08 17:01 . 2009-01-12 16:00 1,374 --a------ c:\windows\imsins.BAK
      2009-01-08 17:00 . 2009-01-08 17:00 <REP> d-------- c:\program files\MSXML 4.0
      2009-01-08 16:54 . 2009-01-12 17:25 <REP> d-------- c:\windows\system32\drivers\Avg
      2009-01-08 16:54 . 2009-01-08 16:54 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
      2009-01-08 16:54 . 2009-01-08 16:54 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
      2009-01-08 16:54 . 2009-01-08 16:54 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
      2009-01-08 16:54 . 2009-01-08 16:54 10,520 --a------ c:\windows\system32\avgrsstx.dll
      2009-01-08 16:53 . 2009-01-08 16:53 <REP> d-------- c:\program files\AVG
      2009-01-08 16:53 . 2009-01-12 13:58 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
      2009-01-08 16:53 . 2009-01-08 16:53 50,968 --a------ c:\windows\system32\avgfwdx.dll
      2009-01-08 16:53 . 2009-01-08 16:53 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
      2009-01-08 16:34 . 2009-01-08 16:34 <REP> d-------- c:\program files\Java
      2009-01-08 16:34 . 2009-01-08 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
      2009-01-08 16:34 . 2009-01-08 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\TKovats\Application Data\Malwarebytes
      2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-01-08 14:53 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-01-08 14:53 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-01-08 12:52 . 2009-01-08 12:52 <REP> d-------- c:\windows\BDOSCAN8
      2009-01-08 11:09 . 2009-01-08 12:22 <REP> d-------- c:\program files\Navilog1
      2009-01-08 09:56 . 2009-01-08 09:57 <REP> d-------- c:\program files\Fichiers communs\BitDefender
      2009-01-08 09:28 . 2009-01-08 09:29 <REP> d-------- c:\program files\CCleaner
      2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\windows\SolidWorks
      2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks
      2009-01-07 15:08 . 2009-01-12 17:27 <REP> d-------- c:\documents and settings\TKovats\Application Data\IM
      2009-01-07 12:18 . 2009-01-07 12:18 <REP> d-------- c:\documents and settings\TKovats\Application Data\SpaceClaim
      2009-01-07 12:14 . 2006-06-30 10:39 102,400 --a------ c:\windows\system32\tsccvid.dll
      2009-01-07 12:13 . 2009-01-07 12:22 <REP> d-------- c:\program files\SpaceClaim 2008
      2009-01-07 12:13 . 2009-01-09 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SpaceClaim
      2009-01-07 12:12 . 2009-01-07 12:12 <REP> d-------- c:\program files\MSBuild
      2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\windows\system32\XPSViewer
      2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\program files\Reference Assemblies
      2009-01-07 12:09 . 2009-01-07 12:09 <REP> d-------- c:\temp\NETFX30
      2009-01-06 10:07 . 2009-01-06 10:07 <REP> d-------- c:\program files\Astroburn
      2009-01-05 15:17 . 2009-01-07 14:47 2,392 --a------ C:\autorun.PNF
      2009-01-05 15:16 . 2007-11-02 03:28 970,752 --a------ c:\windows\system32\hpotiop5.dll
      2009-01-05 15:16 . 2007-11-02 03:28 364,544 --a------ c:\windows\system32\hppldcoi.dll
      2009-01-05 15:16 . 2007-11-02 03:28 309,760 --a------ c:\windows\system32\difxapi.dll
      2009-01-05 15:16 . 2007-11-02 03:28 303,104 --a------ c:\windows\system32\hpovst12.dll
      2009-01-05 15:15 . 2009-01-05 15:18 142,919 --a------ c:\windows\hpoins21.dat
      2009-01-05 15:15 . 2008-01-24 03:29 7,262 --------- c:\windows\hpomdl21.dat
      2009-01-02 17:15 . 2009-01-02 17:16 106,253 --a------ c:\windows\hpoins07.dat
      2009-01-02 17:15 . 2005-06-22 03:19 17,505 --------- c:\windows\hpomdl07.dat
      2009-01-02 15:10 . 2009-01-02 15:12 <REP> d-------- c:\windows\system32\oodag
      2009-01-02 12:31 . 2009-01-07 14:23 20,432 --a------ c:\windows\system32\oodbs.lor
      2009-01-02 12:10 . 2009-01-02 12:10 0 --a------ c:\windows\oodcnt.INI
      2009-01-02 11:44 . 2009-01-02 11:44 9,262,879 --a------ C:\reg.cab
      2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
      2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
      2008-12-24 08:42 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
      2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
      2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
      2008-12-24 08:42 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
      2008-12-24 08:42 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
      2008-12-23 09:22 . 2008-12-24 08:50 <REP> d-------- c:\program files\MagicISO

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-01-12 16:18 --------- d-----w c:\program files\Mozilla Thunderbird
      2009-01-12 13:16 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-01-08 15:29 --------- d-----w c:\program files\Fichiers communs\Adobe
      2009-01-07 15:14 --------- d-----w c:\program files\JaBack8
      2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\eaxext_302.set
      2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\bcompbg979.dat
      2009-01-02 15:08 --------- d-----w c:\program files\HP
      2009-01-02 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\HP
      2009-01-02 11:31 --------- d-----w c:\program files\Google
      2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
      2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
      2009-01-02 11:20 --------- d-----w c:\program files\Fichiers communs\HP
      2008-12-10 15:33 --------- d-----w c:\program files\Foxit Software
      2008-12-10 15:32 --------- d-----w c:\documents and settings\TKovats\Application Data\Foxit
      2008-12-10 08:57 --------- d-----w c:\documents and settings\TKovats\Application Data\Nitro PDF
      2008-12-10 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
      2008-11-27 21:46 --------- d-----w c:\program files\GEIT Rhythm
      2008-11-27 15:40 --------- d-----w c:\documents and settings\TKovats\Application Data\Astroburn
      2008-11-27 14:38 --------- d-----w c:\program files\MozBackup
      2008-11-26 20:14 --------- d-----w c:\program files\DAEMON Tools Lite
      2008-11-26 20:09 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
      2008-11-26 20:08 --------- d-----w c:\documents and settings\TKovats\Application Data\DAEMON Tools
      2008-11-20 12:21 --------- d-----w c:\program files\frontend
      2008-11-18 01:51 74,752 ----a-w c:\windows\ST6UNST.EXE
      2008-11-18 01:51 290,816 ------w c:\windows\Setup1.exe
      2008-11-13 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
      2008-11-12 11:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
      "ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
      "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
      "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
      "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
      "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
      "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
      "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
      "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
      "nwiz"="nwiz.exe" [2008-03-04 c:\windows\system32\nwiz.exe]
      "NVHotkey"="nvHotkey.dll" [2008-03-04 c:\windows\system32\nvhotkey.dll]
      "NvMediaCenter"="NvMCTray.dll" [2008-03-04 c:\windows\system32\nvmctray.dll]
      "RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
      2009-01-08 16:54 10520 c:\windows\system32\avgrsstx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "SENTINEL"= snti386.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
      --a------ 2008-02-22 12:43 1245184 c:\program files\Dell\QuickSet\quickset.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
      --a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
      "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\program files\UGS\UGSLicensing\lmtools.exe"= c:\program files\UGS\UGSLicensing\lmtools.exe:192.168.2.0/255.255.255.0:Enabled:LMTOOLS
      "c:\program files\UGS\UGSLicensing\ugslmd.exe"= c:\program files\UGS\UGSLicensing\ugslmd.exe:192.168.2.0/255.255.255.0:Enabled:ugslmd
      "c:\program files\UGS\UGSLicensing\lmgrd.exe"= c:\program files\UGS\UGSLicensing\lmgrd.exe:192.168.2.0/255.255.255.0:Enabled:lmgrd
      "c:\\Program Files\\UGS\\NX 6.0\\UGII\\ugraf.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
      "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

      R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-08 12552]
      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 324872]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 107272]
      R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
      R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-03 48472]
      R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-07-03 43480]
      R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-07-03 7424]
      R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-07-03 235200]
      R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
      R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
      R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2008-04-22 1372160]
      S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      HPService REG_MULTI_SZ HPSLPSVC

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
      \Shell\Open\command - "resycled\b

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c18347a-5329-11dd-85d8-001644c7bb7b}]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
      \Shell\Open\command - g:\resycled\boot.com g:

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509bc2a6-87fd-11dd-8078-00218640e9d1}]
      \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
      \Shell\Open\command - g:\resycled\boot.com g:
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe


      .
      ------- Examen supplémentaire -------
      .
      uSearch Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      mDefault_Search_URL = hxxp://www.google.com/ie
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mSearchAssistant = hxxp://www.google.com/ie
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

      c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
      c:\windows\Downloaded Program Files\live.ini
      c:\windows\Downloaded Program Files\scanoptions.tsi
      c:\windows\Downloaded Program Files\lang.ini
      c:\windows\Downloaded Program Files\ipsupd.dll
      c:\windows\Downloaded Program Files\bdupd.dll
      c:\windows\Downloaded Program Files\libfn.dll
      c:\windows\Downloaded Program Files\bdcore.dll
      c:\windows\Downloaded Program Files\oscan8.ocx
      O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
      hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      c:\windows\Downloaded Program Files\oscan8.inf
      FF - ProfilePath - c:\documents and settings\TKovats\Application Data\Mozilla\Firefox\Profiles\kr04l3wo.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - www.yahoo.fr
      FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
      FF - prefs.js: network.proxy.type - 4
      FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

      ---- FIREFOX POLICIES ----
      pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-12 17:26:44
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
      "OODEFRAG11.00.00.01WORKSTATION"="394579AF296874563B5B744DE25FA22233C5A8A86E4907A06413C812B0817C89C79256B77B6B5019CCEDD11D40D8908B80D43D0E967CBC1DF235ECB610EA3D267786A4BDDCADA740ADA60B723CE95C7962426A8D4A0A6920B9503E7D0B0A4814AA1917C8D1C16431CC5749F5FACBF343F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C72EC6663F6F9EE3C11CFBD9708B7E4ABB5775DF78A953D020355D62919240D9A19F7366656704E38AE36733AD1594FA33EB8F0FDF3374116BA400B3285584AF6DB4EB4204044AEE8FE92A6D1F25703A309281CD1AFAC7524E52C264696D128A60F9B054C1ED30F75AC811AB7FC186D7F3A7AE28B1A7D5ACDC1038BD88FDFD4B8A71D8B5DBC57EF7887B7D2F868D4027F98F60BF4730BF127AEC2E3911CA6872E3F2570F55054D702017C9CD8101B385F117B218B5F08C4B9B17B1ACC481EF6FB1499A26F6F29D09430AA04CA35CE89CEB277F282E679DD81F35360998512610E087552D6930767A6D0315C7978237571B1EF9541F63C4EF04382A83AA9A2074120C7F46A1BF02D2442943CC2E2A3FC61E5FBDEE05E7DA7EC8E572DA7EDC12C6787B04322C8C138EB85EAFBB7602DA8A8CC47E931D3BF83CC6CB2E70DEF3A98C78CE7BAA3C225235043603B1DBFF102C8839495346DDBFC5F140A1B4A30251A1B1F389C4D939B8A9945345BEDB2F698334F360720A97BB266E4E6CAF015730211567E6EAE2AFA10027BB903D6D397FDD21916A2DF671CC8935D653D4BE7E723496C2D780CD86B5A38F7D61C391C7F49036A2F1691EB92E71323388054561CD7DB3ECB475FD4E891607208D4AB6C329612F591CD88DD843B807FA36339707A7CD24FF3AED33946E390C35C9F75060502460DE1004B4C6D71EDDF81FA602D44F0A944D3404A852683536D77321792A03056A959A113269ABFDFD3BF1F60E40B9955662DD8D71A8226A8111007BF9C0546EE66C26ECF40305D4E115EEB83D5B7DFBA25D612443F278404F571DB56150270AF037F6623532684A67072C1CA20863134123B500C9DB6DC4B07FAB3734C3EDCAC6403CA637A44F5CB6EA6446ACA867C0F62D8B6E0C524F05A5220D2E47BB33D6E92D6A49CB6AA76902C37DB473E9CB78DF0C12EA528B986000D68C52D3EAE487038953E0C6C4D4BBFEFF5B5FE48FEDAE53A1BE4F39C92E6FE0B6FD98014533A222671A72565F0C1159F473FDF193AE2C26120CC985C9FDF0E4862A049DE95D06850ACB28CCBB229414A26306FC7ADD0C02CA0191306A742596587EFA3E6BFCD9BCDA0769E31FED56AA11E7E634D8E28F3047B44989C42E4FEA2B3E2E2D8EFF9075C3A4FE98A1A1EA9F7D1E527866271"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(1248)
      c:\windows\System32\BCMLogon.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\WLTRYSVC.EXE
      c:\windows\system32\BCMWLTRY.EXE
      c:\windows\system32\Crypserv.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\windows\system32\nvsvc32.exe
      c:\progra~1\AVG\AVG8\avgam.exe
      c:\program files\AVG\AVG8\avgrsx.exe
      c:\progra~1\AVG\AVG8\avgnsx.exe
      c:\program files\AVG\AVG8\avgcsrvx.exe
      c:\program files\UGS\UGSLicensing\ugslmd.exe
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\program files\DellTPad\ApMsgFwd.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\rundll32.exe
      c:\program files\DellTPad\hidfind.exe
      c:\program files\DellTPad\ApntEx.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-01-12 17:33:37 - La machine a redémarré [TKovats]
      ComboFix-quarantined-files.txt 2009-01-12 16:33:34

      Avant-CF: 46 277 468 160 octets libres
      Après-CF: 46,292,701,184 octets libres

      308 --- E O F --- 2009-01-12 15:01:02

      Voici le Hijackthis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:56:33, on 12/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\PROGRA~1\AVG\AVG8\avgfws8.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      C:\Program Files\UGS\UGSLicensing\ugslmd.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\DellTPad\Apoint.exe
      C:\Program Files\DellTPad\ApMsgFwd.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RunDLL32.exe
      C:\Program Files\DellTPad\HidFind.exe
      C:\Program Files\DellTPad\Apntex.exe
      C:\WINDOWS\OEM13Mon.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
      C:\Program Files\Dell\QuickSet\Quickset.exe
      C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\UGS\NX 6.0\UGII\ugraf.exe
      F:\Software\Systeme\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
      O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
      O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
      0