Changement de DNS

TK -
TK - 12 janv. 2009 à 17:57

Bonjour et bonne année à tous,

Mon PC est sous Win XP Pro + SP2 (d'origine), il y a 3 jours j'ai fait une MAJ de ma licence AVG de 7.5 à 8.0 et j'ai (acheté).
Je n'ai pas pu le télécharger sur le site de l'éditeur je l'ai donc fait d'un autre PC, après l'install pas moyen de mettre à jour le soft.

En parallèle j'ai eu également de soucis de pages internet qui s'ouvrent et font de la pub pour de casinos...

Dans les propriétés du réseau les DNS avaient changé pour quelque chose d'exotique pointant en Ukraine.

J'ai fouillé sur la toile (Hijack et autres solutions), mais les problèmes persistent.

Pouvez-vous m'aider je suis à court d'idées.

Merci d'avance.

Voici le log Hijack.

TK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:58, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\TKovats\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.108,85.255.112.197
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.108,85.255.112.197
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Afficher la suite

A voir également:

Changement de DNS
Changer dns - Guide
Dns gratuit - Guide
Flush dns - Guide
Changement d'heure - Guide
Changement de voix - Guide

4 réponses

Réponse 1 / 4

totobetourne Messages postés 5677 Statut Membre 65

bonjour

Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Exécute le en choisissant l’option 5,
il va générer un rapport
Copie/colle le sur le poste stp.

Salut totobetourne,

Voici le log.

En fait je l'avais déjà fait.

Merci beaucoup.

TK

SmitFraudFix v2.388

Rapport fait à 14:14:44,43, 08/01/2009
Executé à partir de C:\Documents and Settings\TKovats\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.113.108
DNS Server Search Order: 85.255.112.197

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Carte Mini de réseau local sans fil Wireless 1395 de Dell - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.113.108
DNS Server Search Order: 85.255.112.197

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F2656CF2-A8D1-43B5-81CB-9AC4F5131500}: DhcpNameServer=85.255.115.155,85.255.112.77
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.108,85.255.112.197
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 62.4.16.70
DNS Server Search Order: 62.4.17.69
DNS Server Search Order: 10.1.0.103

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B8802F4-5C7E-4174-93B9-4F15E76AC8A6}: DhcpNameServer=62.4.16.70 62.4.17.69 10.1.0.103

Réponse 2 / 4

totobetourne Messages postés 5677 Statut Membre 65

refais un rapport hijack et colle le . merci.

et voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:17, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\UGS\NX 6.0\UGII\ugraf.exe
C:\Documents and Settings\TKovats\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Réponse 3 / 4

totobetourne Messages postés 5677 Statut Membre 65

niveau infection surement bon.

on peut ameliorer.

1)passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

2)pare-feu gratuits:regle un seul pare feu sur un ordi.telecharge un des suivants ensuite deconnecte toi.
puis desactive le pare feu windows(aller dans le centre de securite puis pare feu windows et la desactive le)
puis installe celui de ton choix.

je te conseille un des 2(en anglais mais simple avec le tuto qui est donne)

Comodo pro Firewall(juste le pare feu)
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225

ou

OnlineArmor :
téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall

tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:http://www.malekal.com/tutorial_Online_Armor.ph

il y en a d autres mais d apres les test de matousec en gratuit il n y en a pas bcp d autre.
http://www.matousec.com/index.html

3)fait ce qui est indique sur ce lien pour mieux securise firefox.
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

surtout NO SCRIPT

4)pour enlever les fichiers temporaires

a passer tout les 15 jours a peu pres.

• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language
et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)

Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées

5)CES 2 PROGRAMMES DOIVENT RESTER A JOUR
ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite si c est la version gratuite désinstal adobe reader car pas a jours et telecharge et instal cette version :

https://get2.adobe.com/reader/otherversions/

Merci, je vais essayer, le link n'est pas valide, je vais le chercher ailleurs.

TK

TK > TK

Voici ce que donne mabm

TK

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1631
Windows 5.1.2600 Service Pack 2

08/01/2009 16:20:53
mbam-log-2009-01-08 (16-20-53).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 295474
Temps écoulé: 1 hour(s), 5 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\msqpdxnoeyfsap.dll (Trojan.TDSS) -> Delete on reboot.
C:\autorun.inf (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxdonmttoq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxenhyfrrr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxktetqfvk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxlgidoroc.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxmykvvmlj.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxnekdnxco.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxolwosruw.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxqftuwmmt.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxsmgpxtfh.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-0FB.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-EE9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

TK > TK

Merci beaucoup pour ton aide totobetourne.

TK

Réponse 4 / 4

totobetourne Messages postés 5677 Statut Membre 65

peut etre pas fini.passe cela
1)pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

2)apres refais moi un rapport hijack.

Bonjour totobetourne,

J'avais effectivement autre chose du style qui met un c:\resycled et un boot.com

Voici le log de ComboFix :

ComboFix 09-01-11.01 - TKovats 2009-01-12 17:20:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2492 [GMT 1:00]
Lancé depuis: c:\documents and settings\TKovats\Bureau\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Outdated)
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: AVG Firewall *disabled*
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\hpowiax5.dll
c:\windows\system32\IEDFix.exe
c:\windows\system32\msrdo20.dll
c:\windows\system32\Process.exe
c:\windows\system32\rdocurs.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Temp\tmp3.tmp
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
.

2009-01-12 16:59 . 2009-01-12 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-12 14:01 . 2009-01-12 14:01 <REP> d-------- C:\Projects
2009-01-12 14:01 . 2009-01-12 14:01 8,590 --a------ c:\windows\hh.dat
2009-01-12 14:00 . 2009-01-12 14:00 <REP> d-------- c:\documents and settings\TKovats\Application Data\SOLIDCast
2009-01-12 13:54 . 2009-01-12 14:17 <REP> d-------- c:\program files\SOLIDCast
2009-01-12 13:54 . 2004-11-28 10:44 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- c:\windows\system32\fr-fr
2009-01-09 16:27 . 2009-01-09 16:27 <REP> d-------- c:\windows\ServicePackFiles
2009-01-09 16:25 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02950_.tmp
2009-01-09 09:22 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-09 09:22 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-09 09:22 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2009-01-09 09:20 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-09 09:20 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-09 09:19 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-09 09:18 . 2008-04-11 20:05 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-09 09:18 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-09 09:18 . 2008-05-01 15:36 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-08 17:01 . 2009-01-12 16:00 1,374 --a------ c:\windows\imsins.BAK
2009-01-08 17:00 . 2009-01-08 17:00 <REP> d-------- c:\program files\MSXML 4.0
2009-01-08 16:54 . 2009-01-12 17:25 <REP> d-------- c:\windows\system32\drivers\Avg
2009-01-08 16:54 . 2009-01-08 16:54 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-08 16:54 . 2009-01-08 16:54 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-08 16:54 . 2009-01-08 16:54 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 16:54 . 2009-01-08 16:54 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-08 16:53 . 2009-01-08 16:53 <REP> d-------- c:\program files\AVG
2009-01-08 16:53 . 2009-01-12 13:58 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-08 16:53 . 2009-01-08 16:53 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-08 16:53 . 2009-01-08 16:53 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-08 16:34 . 2009-01-08 16:34 <REP> d-------- c:\program files\Java
2009-01-08 16:34 . 2009-01-08 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 16:34 . 2009-01-08 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\TKovats\Application Data\Malwarebytes
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 14:53 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 14:53 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 12:52 . 2009-01-08 12:52 <REP> d-------- c:\windows\BDOSCAN8
2009-01-08 11:09 . 2009-01-08 12:22 <REP> d-------- c:\program files\Navilog1
2009-01-08 09:56 . 2009-01-08 09:57 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-01-08 09:28 . 2009-01-08 09:29 <REP> d-------- c:\program files\CCleaner
2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\windows\SolidWorks
2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks
2009-01-07 15:08 . 2009-01-12 17:27 <REP> d-------- c:\documents and settings\TKovats\Application Data\IM
2009-01-07 12:18 . 2009-01-07 12:18 <REP> d-------- c:\documents and settings\TKovats\Application Data\SpaceClaim
2009-01-07 12:14 . 2006-06-30 10:39 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-01-07 12:13 . 2009-01-07 12:22 <REP> d-------- c:\program files\SpaceClaim 2008
2009-01-07 12:13 . 2009-01-09 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SpaceClaim
2009-01-07 12:12 . 2009-01-07 12:12 <REP> d-------- c:\program files\MSBuild
2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\program files\Reference Assemblies
2009-01-07 12:09 . 2009-01-07 12:09 <REP> d-------- c:\temp\NETFX30
2009-01-06 10:07 . 2009-01-06 10:07 <REP> d-------- c:\program files\Astroburn
2009-01-05 15:17 . 2009-01-07 14:47 2,392 --a------ C:\autorun.PNF
2009-01-05 15:16 . 2007-11-02 03:28 970,752 --a------ c:\windows\system32\hpotiop5.dll
2009-01-05 15:16 . 2007-11-02 03:28 364,544 --a------ c:\windows\system32\hppldcoi.dll
2009-01-05 15:16 . 2007-11-02 03:28 309,760 --a------ c:\windows\system32\difxapi.dll
2009-01-05 15:16 . 2007-11-02 03:28 303,104 --a------ c:\windows\system32\hpovst12.dll
2009-01-05 15:15 . 2009-01-05 15:18 142,919 --a------ c:\windows\hpoins21.dat
2009-01-05 15:15 . 2008-01-24 03:29 7,262 --------- c:\windows\hpomdl21.dat
2009-01-02 17:15 . 2009-01-02 17:16 106,253 --a------ c:\windows\hpoins07.dat
2009-01-02 17:15 . 2005-06-22 03:19 17,505 --------- c:\windows\hpomdl07.dat
2009-01-02 15:10 . 2009-01-02 15:12 <REP> d-------- c:\windows\system32\oodag
2009-01-02 12:31 . 2009-01-07 14:23 20,432 --a------ c:\windows\system32\oodbs.lor
2009-01-02 12:10 . 2009-01-02 12:10 0 --a------ c:\windows\oodcnt.INI
2009-01-02 11:44 . 2009-01-02 11:44 9,262,879 --a------ C:\reg.cab
2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-24 08:42 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-24 08:42 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-24 08:42 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-23 09:22 . 2008-12-24 08:50 <REP> d-------- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 16:18 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-12 13:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 15:29 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-07 15:14 --------- d-----w c:\program files\JaBack8
2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\eaxext_302.set
2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\bcompbg979.dat
2009-01-02 15:08 --------- d-----w c:\program files\HP
2009-01-02 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-01-02 11:31 --------- d-----w c:\program files\Google
2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2009-01-02 11:20 --------- d-----w c:\program files\Fichiers communs\HP
2008-12-10 15:33 --------- d-----w c:\program files\Foxit Software
2008-12-10 15:32 --------- d-----w c:\documents and settings\TKovats\Application Data\Foxit
2008-12-10 08:57 --------- d-----w c:\documents and settings\TKovats\Application Data\Nitro PDF
2008-12-10 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-11-27 21:46 --------- d-----w c:\program files\GEIT Rhythm
2008-11-27 15:40 --------- d-----w c:\documents and settings\TKovats\Application Data\Astroburn
2008-11-27 14:38 --------- d-----w c:\program files\MozBackup
2008-11-26 20:14 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-26 20:09 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-26 20:08 --------- d-----w c:\documents and settings\TKovats\Application Data\DAEMON Tools
2008-11-20 12:21 --------- d-----w c:\program files\frontend
2008-11-18 01:51 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-18 01:51 290,816 ------w c:\windows\Setup1.exe
2008-11-13 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 11:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"nwiz"="nwiz.exe" [2008-03-04 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-03-04 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-03-04 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 16:54 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2008-02-22 12:43 1245184 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\UGS\UGSLicensing\lmtools.exe"= c:\program files\UGS\UGSLicensing\lmtools.exe:192.168.2.0/255.255.255.0:Enabled:LMTOOLS
"c:\program files\UGS\UGSLicensing\ugslmd.exe"= c:\program files\UGS\UGSLicensing\ugslmd.exe:192.168.2.0/255.255.255.0:Enabled:ugslmd
"c:\program files\UGS\UGSLicensing\lmgrd.exe"= c:\program files\UGS\UGSLicensing\lmgrd.exe:192.168.2.0/255.255.255.0:Enabled:lmgrd
"c:\\Program Files\\UGS\\NX 6.0\\UGII\\ugraf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-08 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 324872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 107272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-03 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-07-03 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-07-03 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-07-03 235200]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2008-04-22 1372160]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - "resycled\b

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c18347a-5329-11dd-85d8-001644c7bb7b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509bc2a6-87fd-11dd-8078-00218640e9d1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\TKovats\Application Data\Mozilla\Firefox\Profiles\kr04l3wo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.fr
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 17:26:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="394579AF296874563B5B744DE25FA22233C5A8A86E4907A06413C812B0817C89C79256B77B6B5019CCEDD11D40D8908B80D43D0E967CBC1DF235ECB610EA3D267786A4BDDCADA740ADA60B723CE95C7962426A8D4A0A6920B9503E7D0B0A4814AA1917C8D1C16431CC5749F5FACBF343F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C72EC6663F6F9EE3C11CFBD9708B7E4ABB5775DF78A953D020355D62919240D9A19F7366656704E38AE36733AD1594FA33EB8F0FDF3374116BA400B3285584AF6DB4EB4204044AEE8FE92A6D1F25703A309281CD1AFAC7524E52C264696D128A60F9B054C1ED30F75AC811AB7FC186D7F3A7AE28B1A7D5ACDC1038BD88FDFD4B8A71D8B5DBC57EF7887B7D2F868D4027F98F60BF4730BF127AEC2E3911CA6872E3F2570F55054D702017C9CD8101B385F117B218B5F08C4B9B17B1ACC481EF6FB1499A26F6F29D09430AA04CA35CE89CEB277F282E679DD81F35360998512610E087552D6930767A6D0315C7978237571B1EF9541F63C4EF04382A83AA9A2074120C7F46A1BF02D2442943CC2E2A3FC61E5FBDEE05E7DA7EC8E572DA7EDC12C6787B04322C8C138EB85EAFBB7602DA8A8CC47E931D3BF83CC6CB2E70DEF3A98C78CE7BAA3C225235043603B1DBFF102C8839495346DDBFC5F140A1B4A30251A1B1F389C4D939B8A9945345BEDB2F698334F360720A97BB266E4E6CAF015730211567E6EAE2AFA10027BB903D6D397FDD21916A2DF671CC8935D653D4BE7E723496C2D780CD86B5A38F7D61C391C7F49036A2F1691EB92E71323388054561CD7DB3ECB475FD4E891607208D4AB6C329612F591CD88DD843B807FA36339707A7CD24FF3AED33946E390C35C9F75060502460DE1004B4C6D71EDDF81FA602D44F0A944D3404A852683536D77321792A03056A959A113269ABFDFD3BF1F60E40B9955662DD8D71A8226A8111007BF9C0546EE66C26ECF40305D4E115EEB83D5B7DFBA25D612443F278404F571DB56150270AF037F6623532684A67072C1CA20863134123B500C9DB6DC4B07FAB3734C3EDCAC6403CA637A44F5CB6EA6446ACA867C0F62D8B6E0C524F05A5220D2E47BB33D6E92D6A49CB6AA76902C37DB473E9CB78DF0C12EA528B986000D68C52D3EAE487038953E0C6C4D4BBFEFF5B5FE48FEDAE53A1BE4F39C92E6FE0B6FD98014533A222671A72565F0C1159F473FDF193AE2C26120CC985C9FDF0E4862A049DE95D06850ACB28CCBB229414A26306FC7ADD0C02CA0191306A742596587EFA3E6BFCD9BCDA0769E31FED56AA11E7E634D8E28F3047B44989C42E4FEA2B3E2E2D8EFF9075C3A4FE98A1A1EA9F7D1E527866271"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\UGS\UGSLicensing\ugslmd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
.
**************************************************************************
.
Heure de fin: 2009-01-12 17:33:37 - La machine a redémarré [TKovats]
ComboFix-quarantined-files.txt 2009-01-12 16:33:34

Avant-CF: 46 277 468 160 octets libres
Après-CF: 46,292,701,184 octets libres

308 --- E O F --- 2009-01-12 15:01:02
ComboFix 09-01-11.01 - TKovats 2009-01-12 17:20:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2492 [GMT 1:00]
Lancé depuis: c:\documents and settings\TKovats\Bureau\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Outdated)
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: AVG Firewall *disabled*
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\hpowiax5.dll
c:\windows\system32\IEDFix.exe
c:\windows\system32\msrdo20.dll
c:\windows\system32\Process.exe
c:\windows\system32\rdocurs.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Temp\tmp3.tmp
F:\Autorun.inf
F:\resycled
f:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVG

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-12 au 2009-01-12 ))))))))))))))))))))))))))))))))))))
.

2009-01-12 16:59 . 2009-01-12 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-12 14:01 . 2009-01-12 14:01 <REP> d-------- C:\Projects
2009-01-12 14:01 . 2009-01-12 14:01 8,590 --a------ c:\windows\hh.dat
2009-01-12 14:00 . 2009-01-12 14:00 <REP> d-------- c:\documents and settings\TKovats\Application Data\SOLIDCast
2009-01-12 13:54 . 2009-01-12 14:17 <REP> d-------- c:\program files\SOLIDCast
2009-01-12 13:54 . 2004-11-28 10:44 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- c:\windows\system32\fr-fr
2009-01-09 16:27 . 2009-01-09 16:27 <REP> d-------- c:\windows\ServicePackFiles
2009-01-09 16:25 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0[/u]02950_.tmp
2009-01-09 09:22 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-09 09:22 . 2008-10-16 02:01 620,544 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-09 09:22 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2009-01-09 09:20 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-09 09:20 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-09 09:20 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-09 09:19 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-09 09:18 . 2008-04-11 20:05 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-09 09:18 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-09 09:18 . 2008-05-01 15:36 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-01-08 17:01 . 2009-01-12 16:00 1,374 --a------ c:\windows\imsins.BAK
2009-01-08 17:00 . 2009-01-08 17:00 <REP> d-------- c:\program files\MSXML 4.0
2009-01-08 16:54 . 2009-01-12 17:25 <REP> d-------- c:\windows\system32\drivers\Avg
2009-01-08 16:54 . 2009-01-08 16:54 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-08 16:54 . 2009-01-08 16:54 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-08 16:54 . 2009-01-08 16:54 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 16:54 . 2009-01-08 16:54 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-08 16:53 . 2009-01-08 16:53 <REP> d-------- c:\program files\AVG
2009-01-08 16:53 . 2009-01-12 13:58 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-08 16:53 . 2009-01-08 16:53 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-08 16:53 . 2009-01-08 16:53 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-08 16:34 . 2009-01-08 16:34 <REP> d-------- c:\program files\Java
2009-01-08 16:34 . 2009-01-08 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-08 16:34 . 2009-01-08 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\TKovats\Application Data\Malwarebytes
2009-01-08 14:53 . 2009-01-08 14:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 14:53 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 14:53 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 12:52 . 2009-01-08 12:52 <REP> d-------- c:\windows\BDOSCAN8
2009-01-08 11:09 . 2009-01-08 12:22 <REP> d-------- c:\program files\Navilog1
2009-01-08 09:56 . 2009-01-08 09:57 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-01-08 09:28 . 2009-01-08 09:29 <REP> d-------- c:\program files\CCleaner
2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\windows\SolidWorks
2009-01-07 15:08 . 2009-01-07 15:08 <REP> d-------- c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks
2009-01-07 15:08 . 2009-01-12 17:27 <REP> d-------- c:\documents and settings\TKovats\Application Data\IM
2009-01-07 12:18 . 2009-01-07 12:18 <REP> d-------- c:\documents and settings\TKovats\Application Data\SpaceClaim
2009-01-07 12:14 . 2006-06-30 10:39 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-01-07 12:13 . 2009-01-07 12:22 <REP> d-------- c:\program files\SpaceClaim 2008
2009-01-07 12:13 . 2009-01-09 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\SpaceClaim
2009-01-07 12:12 . 2009-01-07 12:12 <REP> d-------- c:\program files\MSBuild
2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-07 12:10 . 2009-01-07 12:10 <REP> d-------- c:\program files\Reference Assemblies
2009-01-07 12:09 . 2009-01-07 12:09 <REP> d-------- c:\temp\NETFX30
2009-01-06 10:07 . 2009-01-06 10:07 <REP> d-------- c:\program files\Astroburn
2009-01-05 15:17 . 2009-01-07 14:47 2,392 --a------ C:\autorun.PNF
2009-01-05 15:16 . 2007-11-02 03:28 970,752 --a------ c:\windows\system32\hpotiop5.dll
2009-01-05 15:16 . 2007-11-02 03:28 364,544 --a------ c:\windows\system32\hppldcoi.dll
2009-01-05 15:16 . 2007-11-02 03:28 309,760 --a------ c:\windows\system32\difxapi.dll
2009-01-05 15:16 . 2007-11-02 03:28 303,104 --a------ c:\windows\system32\hpovst12.dll
2009-01-05 15:15 . 2009-01-05 15:18 142,919 --a------ c:\windows\hpoins21.dat
2009-01-05 15:15 . 2008-01-24 03:29 7,262 --------- c:\windows\hpomdl21.dat
2009-01-02 17:15 . 2009-01-02 17:16 106,253 --a------ c:\windows\hpoins07.dat
2009-01-02 17:15 . 2005-06-22 03:19 17,505 --------- c:\windows\hpomdl07.dat
2009-01-02 15:10 . 2009-01-02 15:12 <REP> d-------- c:\windows\system32\oodag
2009-01-02 12:31 . 2009-01-07 14:23 20,432 --a------ c:\windows\system32\oodbs.lor
2009-01-02 12:10 . 2009-01-02 12:10 0 --a------ c:\windows\oodcnt.INI
2009-01-02 11:44 . 2009-01-02 11:44 9,262,879 --a------ C:\reg.cab
2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-24 08:42 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-24 08:42 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-24 08:42 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-24 08:42 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-24 08:42 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-23 09:22 . 2008-12-24 08:50 <REP> d-------- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 16:18 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-12 13:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 15:29 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-07 15:14 --------- d-----w c:\program files\JaBack8
2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\eaxext_302.set
2009-01-07 10:07 400 ----a-w c:\windows\system32\drivers\bcompbg979.dat
2009-01-02 15:08 --------- d-----w c:\program files\HP
2009-01-02 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-01-02 11:31 --------- d-----w c:\program files\Google
2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2009-01-02 11:29 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2009-01-02 11:20 --------- d-----w c:\program files\Fichiers communs\HP
2008-12-10 15:33 --------- d-----w c:\program files\Foxit Software
2008-12-10 15:32 --------- d-----w c:\documents and settings\TKovats\Application Data\Foxit
2008-12-10 08:57 --------- d-----w c:\documents and settings\TKovats\Application Data\Nitro PDF
2008-12-10 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-11-27 21:46 --------- d-----w c:\program files\GEIT Rhythm
2008-11-27 15:40 --------- d-----w c:\documents and settings\TKovats\Application Data\Astroburn
2008-11-27 14:38 --------- d-----w c:\program files\MozBackup
2008-11-26 20:14 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-26 20:09 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-26 20:08 --------- d-----w c:\documents and settings\TKovats\Application Data\DAEMON Tools
2008-11-20 12:21 --------- d-----w c:\program files\frontend
2008-11-18 01:51 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-11-18 01:51 290,816 ------w c:\windows\Setup1.exe
2008-11-13 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 11:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-04 13508608]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-02-21 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-15 2183168]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]
"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"nwiz"="nwiz.exe" [2008-03-04 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-03-04 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-03-04 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 16:54 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2008-02-22 12:43 1245184 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\UGS\UGSLicensing\lmtools.exe"= c:\program files\UGS\UGSLicensing\lmtools.exe:192.168.2.0/255.255.255.0:Enabled:LMTOOLS
"c:\program files\UGS\UGSLicensing\ugslmd.exe"= c:\program files\UGS\UGSLicensing\ugslmd.exe:192.168.2.0/255.255.255.0:Enabled:ugslmd
"c:\program files\UGS\UGSLicensing\lmgrd.exe"= c:\program files\UGS\UGSLicensing\lmgrd.exe:192.168.2.0/255.255.255.0:Enabled:lmgrd
"c:\\Program Files\\UGS\\NX 6.0\\UGII\\ugraf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-08 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-08 324872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-08 107272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-07-03 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-07-03 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-07-03 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-07-03 235200]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]
R4 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\UGS\UGSLicensing\lmgrd.exe [2008-04-22 1372160]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-08 29208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - "resycled\b

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c18347a-5329-11dd-85d8-001644c7bb7b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509bc2a6-87fd-11dd-8078-00218640e9d1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com g:
\Shell\Open\command - g:\resycled\boot.com g:
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\documents and settings\TKovats\Application Data\Mozilla\Firefox\Profiles\kr04l3wo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.fr
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 17:26:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="394579AF296874563B5B744DE25FA22233C5A8A86E4907A06413C812B0817C89C79256B77B6B5019CCEDD11D40D8908B80D43D0E967CBC1DF235ECB610EA3D267786A4BDDCADA740ADA60B723CE95C7962426A8D4A0A6920B9503E7D0B0A4814AA1917C8D1C16431CC5749F5FACBF343F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C72EC6663F6F9EE3C11CFBD9708B7E4ABB5775DF78A953D020355D62919240D9A19F7366656704E38AE36733AD1594FA33EB8F0FDF3374116BA400B3285584AF6DB4EB4204044AEE8FE92A6D1F25703A309281CD1AFAC7524E52C264696D128A60F9B054C1ED30F75AC811AB7FC186D7F3A7AE28B1A7D5ACDC1038BD88FDFD4B8A71D8B5DBC57EF7887B7D2F868D4027F98F60BF4730BF127AEC2E3911CA6872E3F2570F55054D702017C9CD8101B385F117B218B5F08C4B9B17B1ACC481EF6FB1499A26F6F29D09430AA04CA35CE89CEB277F282E679DD81F35360998512610E087552D6930767A6D0315C7978237571B1EF9541F63C4EF04382A83AA9A2074120C7F46A1BF02D2442943CC2E2A3FC61E5FBDEE05E7DA7EC8E572DA7EDC12C6787B04322C8C138EB85EAFBB7602DA8A8CC47E931D3BF83CC6CB2E70DEF3A98C78CE7BAA3C225235043603B1DBFF102C8839495346DDBFC5F140A1B4A30251A1B1F389C4D939B8A9945345BEDB2F698334F360720A97BB266E4E6CAF015730211567E6EAE2AFA10027BB903D6D397FDD21916A2DF671CC8935D653D4BE7E723496C2D780CD86B5A38F7D61C391C7F49036A2F1691EB92E71323388054561CD7DB3ECB475FD4E891607208D4AB6C329612F591CD88DD843B807FA36339707A7CD24FF3AED33946E390C35C9F75060502460DE1004B4C6D71EDDF81FA602D44F0A944D3404A852683536D77321792A03056A959A113269ABFDFD3BF1F60E40B9955662DD8D71A8226A8111007BF9C0546EE66C26ECF40305D4E115EEB83D5B7DFBA25D612443F278404F571DB56150270AF037F6623532684A67072C1CA20863134123B500C9DB6DC4B07FAB3734C3EDCAC6403CA637A44F5CB6EA6446ACA867C0F62D8B6E0C524F05A5220D2E47BB33D6E92D6A49CB6AA76902C37DB473E9CB78DF0C12EA528B986000D68C52D3EAE487038953E0C6C4D4BBFEFF5B5FE48FEDAE53A1BE4F39C92E6FE0B6FD98014533A222671A72565F0C1159F473FDF193AE2C26120CC985C9FDF0E4862A049DE95D06850ACB28CCBB229414A26306FC7ADD0C02CA0191306A742596587EFA3E6BFCD9BCDA0769E31FED56AA11E7E634D8E28F3047B44989C42E4FEA2B3E2E2D8EFF9075C3A4FE98A1A1EA9F7D1E527866271"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\UGS\UGSLicensing\ugslmd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
.
**************************************************************************
.
Heure de fin: 2009-01-12 17:33:37 - La machine a redémarré [TKovats]
ComboFix-quarantined-files.txt 2009-01-12 16:33:34

Avant-CF: 46 277 468 160 octets libres
Après-CF: 46,292,701,184 octets libres

308 --- E O F --- 2009-01-12 15:01:02

Voici le Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:33, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\UGS\NX 6.0\UGII\ugraf.exe
F:\Software\Systeme\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\Program Files\UGS\UGSLicensing\lmgrd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Discussions similaires

erreur : DSN PROBE finished no internet

message d'erreur : DNS PROBE FINISHED NO INTERNET

Changement de DNS

4 réponses

Votre réponse

Discussions similaires

Newsletters