Virus, spywares et autres... : problème !

Résolu/Fermé

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 - 19 janv. 2009 à 16:08
lechieur - 27 janv. 2009 à 14:01

Bonjour,
Bon voila je sais qu'il y a déjà beaucoup de topics qui parlent de ça, mais j'ai besoin de votre aide!
Depuis quelques temps des fenêtres s'ouvrent (nouvelle fenêtre firefox et IE).

Je met quelques liens qui apparaissent:

http://89.188.16.28/dot.gif/?ver=120&cmp=profiling4&uid=AD6B42E2BA2311DD909D151624CFFFFF&guid=ED5DC2121A684E1199FF4F3B90ADFC40&affid=175877&rid=zdez&m=an2g&revid=9960&lid=www.google.fr%2Fsearch%3Fhl=fr%26q=pages+web+s%27ouvrant+toutes+seules%26btnG=Recherche+Google%26meta

http://82.98.235.134/go/?cmp=vm_mg_juan&uid=AD6B42E2BA2311DD909D151624CFFFFF&lid=comment+amarche&url=www.google.fr%2Fsearch%3Fhl%3Dfr%26q%3Dcomment%C3%A7amarche%26btnG%3DRecherche+Google%26meta%3D%26aq%3Df%26oq%3D&guid=ED5DC2121A684E1199FF4F3B90ADFC40&affid=175877&rid=zdez&cl=superjuan

http://77.93.75.159/go/?cmp=vm_mg_juan&uid=AD6B42E2BA2311DD909D151624CFFFFF&lid=comment+amarche&url=www.google analytics.com%2F__utm.gif%3Futmwv%3D4.3%26utmn%3D1194056928%26utmhn%3Dwww.commentcamarche.net%26utmcs%3DISO 8859 1%26utmsr%3D1280x800%26utmsc%3D32 bit%26utmul%3Dfr%26utmje%3D1%26utmfl%3D9.0++r115%26utmcn%3D1%26utmdt%3DComment+%C3%87a+Marche+ +Communaut%C3%A9+informatique%26utmhid%3D93026471%26utmr%3Dhttp%3A%2F%2Fwww.google.fr%2Fsearch%3Fhl%3Dfr%26q%3Dcomment%C3%A7amarche%26btnG%3DRecherche+Google%26meta%3D%26aq%3Df%26oq%3D%26utmp%3D%2F%26utmac%3DUA 6560367 1%26utmcc%3D__utma%3D53667770.1532958774.1228723339.1232305002.1232380258.45%3B%2B__utmz%3D53667770.1232380670.45.67.utmcsr%3Dgoogle|utmccn%3D(organic)|utmcmd%3Dorganic|utmctr%3Dcomment%25C3%25A7amarche%3B&guid=ED5DC2121A684E1199FF4F3B90ADFC40&affid=175877&rid=zdez&cl=superjuan

Quand je regarde ces adresses, je vois qu'il y a dessus ou j'ai cliqué sur internet.
Et puis j'ai recherché pour ce mot: superjuan , j'ai trouvé que c'était un spyware (de pub sûrement) pour qu'on sache ce que j'ai fait.
Ps: j'ai 13 ans et je suis un newbie, merci de m'aider :S

J'ai fait aussi un logfile avec hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:03, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\windows\system32\svchost.exe
C:\windows\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97733437-876C-4D23-AD61-751BFAB5D4FD} - C:\windows\system32\byXOhhgd.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S184.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\windows\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: kashjk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\windows\system32\IPSSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

A voir également:

Virus, spywares et autres... : problème !
Youtu.be virus - Accueil - Guide virus
Svchost.exe virus - Guide
Faux message virus ordinateur - Accueil - Arnaque
Softonic virus ✓ - Forum Virus
Faux message virus iphone - Forum iPhone

51 réponses

Réponse 21 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 11:42

Re,

Voila:

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 2

20/01/2009 14:34:45
mbam-log-2009-01-20 (14-34-34).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 117365
Temps écoulé: 47 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kashjk.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{83105550-f5c7-4524-8f4f-fe4fb26d7c34} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kashjk.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135457.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135461.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135462.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135463.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135464.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135465.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{DBDF04D1-11C9-4A6A-A468-8D4BED762C2E}\RP238\A0135466.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ugdadihb.dll (Trojan.Vundo) -> No action taken.

Réponse 22 / 51

Utilisateur anonyme
20 janv. 2009 à 11:43

Re,

▶ Ouvre Malwarebyte,

▶ Clic sur l'onglet Quarantaine,

▶ Supprime tout ce que la quarantaine contient,

▶ Si il te propose de redémarrer ton PC =>Accepte

▶ Si il ne te le propose pas =>Redémarre normalement ton PC

▶ Poste le rapport suite à la suppression sur le forum.

Réponse 23 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 11:52

J'ai tout supprimé, redémarré mon ordinateur, mais j'ai pas eu de rapport.
PS: Je viens de vérifier dans malwarebyte, il n'y a plus rien dans quarantaine.
Je fais quoi maintenant? :D

Réponse 24 / 51

Utilisateur anonyme
20 janv. 2009 à 11:53

Re,

Dans le menu Démarrer, clique droit sur l'icône Poste de travail.
Dans le menu contextuel qui s'affiche, clique sur Propriétés .
Dans l'onglet Restauration du système de la fenêtre qui suit, coche la
case Désactiver la Restauration du système sur tous les lecteurs, clique sur
Appliquer et, quand un message te le demande, confirme la désactivation.
Après quelques secondes d'attente (ou après avoir redémarré le PC), réactive la
Restauration du système en suivant la même procédure que précédemment, mais,
cette fois, en décochant la case Désactiver la Restauration du système sur
tous les lecteurs. Clique sur OK.

Ensuite tu refait un scan complet avec malwarebyte.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 12:59

Re,
Log:

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1668
Windows 5.1.2600 Service Pack 2

20/01/2009 15:57:48
mbam-log-2009-01-20 (15-57-48).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 110646
Temps écoulé: 52 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 26 / 51

Utilisateur anonyme
20 janv. 2009 à 13:00

Re,

Refait un log avec RSIT.

Réponse 27 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 13:10

Re,
voila:

Logfile of random's system information tool 1.05 (written by random/random)
Run by JACQUELINE at 2009-01-20 16:07:46
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 20 GB (28%) free of 72 GB
Total RAM: 510 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:27, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\windows\system32\svchost.exe
C:\windows\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\JACQUELINE\Bureau\LOGICIEL\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\JACQUELINE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97733437-876C-4D23-AD61-751BFAB5D4FD} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S184.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\windows\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: kashjk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\windows\system32\IPSSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 28 / 51

Utilisateur anonyme
20 janv. 2009 à 13:20

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\windows\system32\^^^^^.exe

:commands
[purity]
[emptytemp]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 29 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 13:33

Re,

Voila ton log

========== FILES ==========
File/Folder c:\windows\system32\^^^^^.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\etilqs_jAGzzLkEkgSMPWREMxhR scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF2065.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF20F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF90F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF9110.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DFCAE6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DFD5C9.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_1b0.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\vtclrg41.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_162537

Files moved on Reboot...
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\etilqs_jAGzzLkEkgSMPWREMxhR not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF2065.tmp not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF20F4.tmp not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF90F5.tmp not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF9110.tmp not found!
C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DFCAE6.tmp moved successfully.
C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DFD5C9.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\windows\temp\Perflib_Perfdata_1b0.dat not found!
C:\windows\temp\vtclrg41.tmp moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\XUL.mfl moved successfully.

Réponse 30 / 51

Utilisateur anonyme
20 janv. 2009 à 13:34

Re,

Télécharges MsnCleaner.zip de ElPiedra :

msncleaner

Décompresses le sur ton bureau. (Cliques droit sur le fichier .zip puis "Extraire tout").

Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

· Cliques sur MsnCleaner.exe pour le lancer.
· Sous Language, cliques sur la petite flèche et choisis French.
· Cliques sur le bouton Analyse.
->Si l'outil trouve une infection, cliques sur le bouton Supprimer .
· A la fin du scan un rapport va être créé.

-> Redémarres ton PC ( mode normal ).

Postes le rapport C:\MsnCleaner\MsnCleaner.txt dans ta prochaine réponse ...

Réponse 31 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
20 janv. 2009 à 14:05

Re,

- Rapport MSNCleaner 1.3.7
- Rapport créé: 20/01/2009 on 16:55:10
- Système d'exploitation: Windows XP
- Mode de démarrage: Mode sans échec
_________________________________________

Fichiers détectés: 0
Fichiers supprimés: 0
Fichiers non supprimés: 0

<<<<<<< Pas de fichiers trouvés >>>>>>>

Réponse 32 / 51

Utilisateur anonyme
20 janv. 2009 à 18:42

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\windows\system32\^^^^^.exe

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 33 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
23 janv. 2009 à 15:13

Re V-X, et désolé pour le retard (lundi la rentrée pour moi, obligé de bosser :/ )

Voila le log :

========== FILES ==========
File/Folder c:\windows\system32\^^^^^.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\etilqs_cy6PrE7a6hMiZWY5TL5g scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF3207.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF3288.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF457C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF6975.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF69BA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_1b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\6ABF30A3d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01232009_165815

Files moved on Reboot...
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\etilqs_cy6PrE7a6hMiZWY5TL5g not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF3207.tmp not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF3288.tmp not found!
C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF457C.tmp moved successfully.
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF6975.tmp not found!
File C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\~DF69BA.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\windows\temp\Perflib_Perfdata_1b4.dat moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\6ABF30A3d01 moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\JACQUELINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\XUL.mfl moved successfully.

Réponse 34 / 51

Utilisateur anonyme
23 janv. 2009 à 17:32

Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Réponse 35 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
25 janv. 2009 à 07:43

Tout s'est bien déroulé, maître.

Voila le log:

ComboFix 09-01-21.04 - JACQUELINE 2009-01-25 9:15:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.510.96 [GMT 3:00]
Lancé depuis: c:\documents and settings\JACQUELINE\Bureau\C-Fix.exe
AV: avast! antivirus 4.8.1296 [VPS 090124-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JACQUELINE\Localdir
c:\documents and settings\JACQUELINE\Localdir\setup.exe
c:\documents and settings\JACQUELINE\Localdir\Setup.zip
c:\documents and settings\JACQUELINE\Localdir\winlogo.exe
c:\documents and settings\JACQUELINE\real.txt
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\PRE45
c:\temp\PRE45\pG8.log
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\dghhOXyb.ini
c:\windows\system32\dghhOXyb.ini2
c:\windows\system32\hctwrguo.ini
c:\windows\system32\hodseack.ini
c:\windows\system32\jiulpxcl.ini
c:\windows\system32\win

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 ))))))))))))))))))))))))))))))))))))
.

2009-01-24 19:34 . 2009-01-24 20:00 <REP> d-------- c:\program files\PhotoFiltre
2009-01-22 12:04 . 2009-01-22 12:04 <REP> d-------- c:\program files\IconTweaker
2009-01-22 12:04 . 2009-01-22 12:04 <REP> d-------- c:\documents and settings\JACQUELINE\Application Data\IconTweaker
2009-01-22 12:04 . 2009-01-22 12:04 <REP> d-------- c:\documents and settings\All Users\Application Data\IconTweaker
2009-01-22 10:37 . 2009-01-22 10:37 <REP> d-------- c:\documents and settings\JACQUELINE\Application Data\Apple Computer
2009-01-22 10:35 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-22 10:35 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-22 10:34 . 2009-01-22 10:35 <REP> d-------- c:\program files\iTunes
2009-01-22 10:34 . 2009-01-22 10:34 <REP> d-------- c:\program files\iPod
2009-01-22 10:34 . 2009-01-22 10:34 <REP> d-------- c:\program files\Bonjour
2009-01-22 10:34 . 2009-01-22 10:35 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 10:25 . 2009-01-22 10:25 <REP> d-------- c:\program files\Apple Software Update
2009-01-22 10:24 . 2009-01-22 10:34 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-22 10:24 . 2009-01-22 10:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-21 20:26 . 2009-01-21 20:26 <REP> d-------- c:\program files\YzShadow
2009-01-21 20:26 . 2009-01-21 20:26 <REP> d-------- c:\program files\WinRoll
2009-01-21 20:26 . 2009-01-21 20:26 <REP> d-------- c:\program files\UberIcon
2009-01-21 20:26 . 2009-01-21 20:26 <REP> d-------- c:\program files\Tiger System Preferences v2
2009-01-21 20:26 . 2009-01-21 20:26 <REP> d-------- c:\program files\RK Launcher
2009-01-21 20:25 . 2009-01-21 20:25 <REP> d-------- c:\program files\ObjectDock
2009-01-21 20:21 . 2004-08-05 07:00 219,648 --a------ c:\windows\system32\uxtheme.backup
2009-01-21 20:20 . 2009-01-25 09:25 <REP> d--h----- c:\windows\FlyakiteOSX
2009-01-21 19:01 . 2009-01-21 19:01 <REP> d-------- c:\program files\GIMP-2.0
2009-01-21 17:25 . 2006-11-28 14:20 219,648 --a------ c:\windows\system32\OLDAD77.tmp
2009-01-21 17:22 . 2004-08-05 07:00 340,480 --a------ c:\windows\system32\OLDAD71.tmp
2009-01-21 17:18 . 2004-08-05 07:00 32,256 --a------ c:\windows\system32\OLDAD69.tmp
2009-01-21 17:16 . 2004-08-05 07:00 148,480 --a------ c:\windows\system32\OLDAD5F.tmp
2009-01-21 17:14 . 2004-08-05 07:00 5,632 --a------ c:\windows\system32\OLDAD55.tmp
2009-01-21 17:12 . 2006-11-03 10:03 6,546,432 --a------ c:\windows\system32\OLDAD49.tmp
2009-01-21 17:08 . 2004-08-05 07:00 291,328 --a------ c:\windows\system32\OLDAD3E.tmp
2009-01-21 17:06 . 2004-08-05 07:00 773,632 --a------ c:\windows\system32\OLDAD39.tmp
2009-01-21 17:05 . 2005-04-01 22:34 506,880 --a------ c:\windows\system32\OLDAD33.tmp
2009-01-21 17:02 . 2004-08-05 07:00 660,480 --a------ c:\windows\system32\OLDAD2A.tmp
2009-01-21 17:00 . 2004-08-05 07:00 594,432 --a------ c:\windows\system32\OLDAD23.tmp
2009-01-21 16:59 . 2004-08-05 07:00 465,920 --a------ c:\windows\system32\OLDAD1C.tmp
2009-01-21 16:57 . 2004-08-05 07:00 438,784 --a------ c:\windows\system32\OLDAD17.tmp
2009-01-21 16:55 . 2004-08-05 07:00 281,600 --a------ c:\windows\system32\OLDAD0F.tmp
2009-01-21 16:46 . 2004-08-05 07:00 219,648 --a------ c:\windows\system32\OLDACF1.tmp
2009-01-21 16:45 . 2004-08-05 07:00 578,048 --a------ c:\windows\system32\OLDACEB.tmp
2009-01-21 16:43 . 2004-08-05 07:00 603,136 --a------ c:\windows\system32\OLDACE6.tmp
2009-01-21 16:42 . 2004-08-05 07:00 37,888 --a------ c:\windows\system32\OLDACE1.tmp
2009-01-21 16:41 . 2004-08-05 07:00 240,128 --a------ c:\windows\system32\OLDACDC.tmp
2009-01-21 16:40 . 2004-08-05 07:00 94,208 --a------ c:\windows\system32\OLDACD6.tmp
2009-01-21 16:38 . 2004-08-05 07:00 391,168 --a------ c:\windows\system32\OLDACD1.tmp
2009-01-21 16:37 . 2004-08-05 07:00 28,160 --a------ c:\windows\system32\OLDACCC.tmp
2009-01-21 16:36 . 2004-08-05 07:00 143,360 --a------ c:\windows\system32\OLDACC7.tmp
2009-01-21 16:35 . 2004-08-05 07:00 1,005,056 --a------ c:\windows\system32\OLDACC2.tmp
2009-01-21 16:34 . 2004-08-05 07:00 107,520 --a------ c:\windows\system32\OLDACBC.tmp
2009-01-21 16:33 . 2004-08-05 07:00 305,152 --a------ c:\windows\system32\OLDACB7.tmp
2009-01-21 16:32 . 2004-08-05 07:00 51,200 --a------ c:\windows\system32\OLDACB2.tmp
2009-01-21 16:31 . 2004-08-05 07:00 122,368 --a------ c:\windows\system32\OLDACAD.tmp
2009-01-21 16:30 . 2004-08-05 07:00 57,344 --a------ c:\windows\system32\OLDACA8.tmp
2009-01-21 16:29 . 2004-08-05 07:00 139,264 --a------ c:\windows\system32\OLDACA3.tmp
2009-01-21 16:28 . 2004-08-05 07:00 133,120 --a------ c:\windows\system32\OLDAC9E.tmp
2009-01-21 16:27 . 2004-08-05 07:00 474,112 --a------ c:\windows\system32\OLDAC94.tmp
2009-01-21 16:27 . 2004-08-05 07:00 78,848 --a------ c:\windows\system32\OLDAC99.tmp
2009-01-21 16:26 . 2004-08-05 07:00 440,320 --a------ c:\windows\system32\OLDAC8F.tmp
2009-01-21 16:24 . 2004-08-05 07:00 435,712 --a------ c:\windows\system32\OLDAC7E.tmp
2009-01-21 16:23 . 2004-08-05 07:00 8,440,320 --a------ c:\windows\system32\OLDAC78.tmp
2009-01-21 16:22 . 2004-08-05 07:00 1,483,776 --a------ c:\windows\system32\OLDAC71.tmp
2009-01-21 16:20 . 2004-08-05 07:00 572,416 --a------ c:\windows\system32\OLDAC6C.tmp
2009-01-21 16:19 . 2004-08-05 07:00 142,336 --a------ c:\windows\system32\OLDAC67.tmp
2009-01-21 16:18 . 2004-08-05 07:00 1,003,520 --a------ c:\windows\system32\OLDAC61.tmp
2009-01-21 16:16 . 2004-08-05 07:00 55,296 --a------ c:\windows\system32\OLDAC5B.tmp
2009-01-21 16:12 . 2004-08-05 07:00 61,952 --a------ c:\windows\system32\OLDAC4A.tmp
2009-01-21 16:11 . 2004-08-05 07:00 405,504 --a------ c:\windows\system32\OLDAC44.tmp
2009-01-21 16:09 . 2004-08-05 07:00 685,056 --a------ c:\windows\system32\OLDAC3E.tmp
2009-01-21 16:07 . 2008-05-07 08:15 1,293,824 --a------ c:\windows\system32\OLDAC35.tmp
2009-01-21 16:05 . 2004-08-05 07:00 578,560 --a------ c:\windows\system32\OLDAC2F.tmp
2009-01-21 16:04 . 2004-08-05 07:00 118,272 --a------ c:\windows\system32\OLDAC2A.tmp
2009-01-21 16:02 . 2004-08-05 07:00 172,032 --a------ c:\windows\system32\OLDAC20.tmp
2009-01-21 16:00 . 2004-08-05 07:00 1,281,024 --a------ c:\windows\system32\OLDAC1B.tmp
2009-01-21 15:59 . 2004-08-05 07:00 32,768 --a------ c:\windows\system32\OLDAC16.tmp
2009-01-21 15:58 . 2004-08-05 07:00 97,280 --a------ c:\windows\system32\OLDAC0F.tmp
2009-01-21 15:57 . 2004-08-05 07:00 261,120 --a------ c:\windows\system32\OLDAC09.tmp
2009-01-21 15:56 . 2004-08-05 07:00 145,920 --a------ c:\windows\system32\OLDAC02.tmp
2009-01-21 15:54 . 2004-08-05 07:00 70,656 --a------ c:\windows\OLDABFC.tmp
2009-01-21 15:53 . 2004-08-05 07:00 70,656 --a------ c:\windows\system32\OLDABF7.tmp
2009-01-21 15:52 . 2004-08-05 07:00 251,392 --a------ c:\windows\system32\OLDABF2.tmp
2009-01-21 15:51 . 2004-08-05 07:00 1,723,904 --a------ c:\windows\system32\OLDABED.tmp
2009-01-21 15:50 . 2004-08-05 07:00 885,248 --a------ c:\windows\system32\OLDABE8.tmp
2009-01-21 15:49 . 2004-08-05 07:00 144,896 --a------ c:\windows\system32\OLDABE3.tmp
2009-01-21 15:48 . 2004-08-05 07:00 35,840 --a------ c:\windows\system32\OLDABDE.tmp
2009-01-21 15:47 . 2004-08-05 07:00 91,648 --a------ c:\windows\system32\OLDABD9.tmp
2009-01-21 15:46 . 2004-08-05 07:00 411,648 --a------ c:\windows\system32\OLDABD4.tmp
2009-01-21 15:46 . 2004-08-05 07:00 281,600 --a------ c:\windows\system32\OLDABCF.tmp
2009-01-21 15:45 . 2004-08-05 07:00 347,648 --a------ c:\windows\system32\OLDABCA.tmp
2009-01-21 15:42 . 2004-08-05 07:00 252,416 --a------ c:\windows\system32\OLDABBB.tmp
2009-01-21 15:41 . 2004-08-05 07:00 51,712 --a------ c:\windows\system32\OLDABB6.tmp
2009-01-21 15:38 . 2004-08-05 07:00 1,004,032 --a------ c:\windows\system32\OLDABAC.tmp
2009-01-21 15:37 . 2004-08-05 07:00 848,922 --a------ c:\windows\system32\OLDABA7.tmp
2009-01-21 15:34 . 2004-08-05 07:00 215,552 --a------ c:\windows\system32\OLDAB93.tmp
2009-01-21 15:33 . 2004-08-05 07:00 144,384 --a------ c:\windows\system32\OLDAB8E.tmp
2009-01-21 15:32 . 2004-08-05 07:00 626,176 --a------ c:\windows\system32\OLDAB83.tmp
2009-01-21 15:32 . 2004-08-05 07:00 210,432 --a------ c:\windows\system32\OLDAB88.tmp
2009-01-21 15:31 . 2004-08-05 07:00 816,128 --a------ c:\windows\system32\OLDAB7E.tmp
2009-01-21 15:30 . 2004-08-05 07:00 189,952 --a------ c:\windows\system32\OLDAB76.tmp
2009-01-21 15:29 . 2004-08-05 07:00 515,584 --a------ c:\windows\system32\OLDAB6C.tmp
2009-01-21 15:29 . 2004-08-05 07:00 73,216 --a------ c:\windows\system32\OLDAB71.tmp
2009-01-21 15:28 . 2004-08-05 07:00 221,696 --a------ c:\windows\system32\OLDAB67.tmp
2009-01-21 15:28 . 2004-08-05 07:00 157,184 --a------ c:\windows\system32\OLDAB62.tmp
2009-01-21 15:28 . 2004-08-05 07:00 70,144 --a------ c:\windows\system32\OLDAB5D.tmp
2009-01-21 15:27 . 2004-08-05 07:00 134,144 --a------ c:\windows\system32\OLDAB58.tmp
2009-01-21 15:27 . 2004-08-05 07:00 121,856 --a------ c:\windows\system32\OLDAB53.tmp
2009-01-21 15:26 . 2004-08-05 07:00 359,936 --a------ c:\windows\system32\OLDAB4E.tmp
2009-01-21 15:24 . 2004-08-05 07:00 221,696 --a------ c:\windows\system32\OLDAB44.tmp
2009-01-21 15:24 . 2004-08-05 07:00 73,728 --a------ c:\windows\system32\OLDAB3F.tmp
2009-01-21 15:22 . 2004-08-05 07:00 146,944 --a------ c:\windows\system32\OLDAB37.tmp
2009-01-21 15:21 . 2004-08-05 07:00 336,384 --a------ c:\windows\system32\OLDAB32.tmp
2009-01-21 15:20 . 2004-08-05 07:00 157,184 --a------ c:\windows\system32\OLDAB28.tmp
2009-01-21 15:20 . 2004-08-05 07:00 10,752 --a------ c:\windows\OLDAB2D.tmp
2009-01-21 15:19 . 2004-08-05 07:00 39,424 --a------ c:\windows\system32\OLDAB23.tmp
2009-01-21 15:18 . 2004-08-05 07:00 386,560 --a------ c:\windows\system32\OLDAB1E.tmp
2009-01-21 15:17 . 2004-08-05 07:00 1,036,288 --a------ c:\windows\OLDAB19.tmp
2009-01-21 15:16 . 2004-08-05 07:00 290,816 --a------ c:\windows\system32\OLDAB0F.tmp
2009-01-21 15:15 . 2004-08-05 07:00 138,240 --a------ c:\windows\system32\OLDAB0A.tmp
2009-01-21 15:14 . 2004-08-05 07:00 337,920 --a------ c:\windows\system32\OLDAB05.tmp
2009-01-21 15:13 . 2004-08-05 07:00 165,888 --a------ c:\windows\system32\OLDAB00.tmp
2009-01-21 15:13 . 2004-08-05 07:00 67,072 --a------ c:\windows\system32\OLDAAFB.tmp
2009-01-21 15:12 . 2004-08-05 07:00 851,968 --a------ c:\windows\system32\OLDAAF6.tmp
2009-01-21 15:11 . 2004-08-05 07:00 400,896 --a------ c:\windows\system32\OLDAAEA.tmp
2009-01-21 15:11 . 2004-08-05 07:00 281,088 --a------ c:\windows\system32\OLDAAF0.tmp
2009-01-21 15:10 . 2004-08-05 07:00 65,536 --a------ c:\windows\system32\OLDAAE5.tmp
2009-01-21 15:09 . 2004-08-05 07:00 115,200 --a------ c:\windows\system32\OLDAADB.tmp
2009-01-21 15:09 . 2004-08-05 07:00 80,896 --a------ c:\windows\system32\OLDAAE0.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 06:24 --------- d-----w c:\program files\DNA
2009-01-25 06:24 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\DNA
2009-01-23 16:12 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\gtk-2.0
2009-01-22 07:08 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\Spyware Terminator
2009-01-21 18:05 --------- d-----w c:\program files\FlashGet
2009-01-19 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 12:54 --------- d-----w c:\program files\Warcraft III
2009-01-19 08:00 --------- d-----w c:\program files\Spyware Terminator
2009-01-18 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-24 08:45 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\dvdcss
2008-12-22 07:29 --------- d-----w c:\program files\NifTools
2008-12-22 07:25 --------- d-----w c:\program files\SlySoft
2008-12-21 16:33 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\Dev-Cpp
2008-12-21 16:11 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-12-14 09:52 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2008-12-14 09:48 --------- d-----w c:\program files\Pinnacle
2008-12-14 09:48 --------- d-----w c:\program files\Fichiers communs\Yahoo!
2008-12-14 09:48 --------- d-----w c:\documents and settings\All Users\Application Data\VideoSpin
2008-12-14 09:45 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-11 11:57 333,184 ------w c:\windows\system32\drivers\srv.sys
2008-12-10 17:02 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\Sibelius Software
2008-11-27 14:32 717,296 ------w c:\windows\system32\drivers\sptd.sys
2008-11-27 14:32 --------- d-----w c:\documents and settings\JACQUELINE\Application Data\DAEMON Tools
2008-11-26 09:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-14 14:02 33 ------w c:\documents and settings\JACQUELINE\fff.bat
2008-11-06 08:34 167 ------w c:\documents and settings\JACQUELINE\6101.bat
2008-09-10 10:49 5,817,064 ------w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

------- Sigcheck -------

2005-03-02 22:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2005-03-02 22:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 22:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$NtUninstallKB925902$\user32.dll
2004-08-05 07:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\FlyakiteOSX\Backup\user32.dll
2008-04-14 05:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\user32.dll
2004-08-05 07:00 578048 6e8954c82955a247b48de8a9ff944bf5 c:\windows\system32\user32.dll
2004-08-05 07:00 578048 6e8954c82955a247b48de8a9ff944bf5 c:\windows\system32\dllcache\user32.dll

2004-09-29 22:47 660992 61cdcab341ade3482101da90fcc793ac c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 21:12 662016 66a10b98f18fd804236ab2d90301de04 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-03 00:58 663040 0996b57cc2abcb271872296e98a18db2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
2006-01-09 22:02 666112 5404e2ead19d7e2a5c4086015062343c c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
2007-02-19 18:23 669696 1bde6d5dba35797eca8db8fcb80fc015 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 15:44 669696 a3bf56a786b277e881fd9137f55f0b4b c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-10-11 08:59 670208 0465cde31add22f6233ffb4fe4af01cf c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-07 03:47 670208 c057d734b1951393fd07e2607513d4d9 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
2007-12-07 04:42 825344 f4fd487241d3ac291046a22cebd2cf71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 15:34 827392 5a0093f59b505c008ed0cee615563c72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-21 09:57 670720 f2f343d7ed0223645ba773b840eb4993 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 09:43 670208 7af7d7d178f2863e7e7c880b55c88b76 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 09:30 670720 82b3264706b9921c67b196319fda51de c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-08-20 08:33 671744 aef39ac3bcbafe971155d0073191b5a6 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
2008-08-20 08:10 670208 50d19e569c83a9c1ae7efaef6a93bc50 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
2008-08-20 08:07 670720 96d50aca60da22adbd253f2825c98d1a c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
2008-10-16 13:23 671744 f9ae6dbb4ec5b4d1a82bf2f0cb7ee200 c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
2008-10-16 04:01 670208 05033943ff61abd13b93c00337d04e92 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
2008-10-16 04:04 671232 1c6e9fdab1f4cb983a39efba6f131acc c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
2006-01-09 22:02 1140224 cf4666ac20c321606bfe3ac5f0e5a824 c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 18:04 663040 129a4681b22150d08e35e144494240a2 c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 15:32 663040 ca6f58031096fc2509c57670129469f7 c:\windows\$NtUninstallKB942615$\wininet.dll
2007-10-11 09:13 663552 d2fd027e5d3af96dee6c5cc225079df0 c:\windows\$NtUninstallKB944533$\wininet.dll
2007-12-07 04:07 663552 c5a40de381481d288addee45fc67f652 c:\windows\$NtUninstallKB950759$\wininet.dll
2008-04-21 10:02 663552 355a69cc05045428ce6b9e6bfbd4b74b c:\windows\$NtUninstallKB956390$\wininet.dll
2008-08-20 08:37 663552 adbb0bdb81eb0013942d907e9418ab8b c:\windows\$NtUninstallKB958215$\wininet.dll
2004-08-05 07:00 660480 58fe94ef42e074f4cad8bf02e70e6478 c:\windows\FlyakiteOSX\Backup\wininet.dll
2007-12-07 04:07 663552 c5a40de381481d288addee45fc67f652 c:\windows\ie7updates\KB947864-IE7\wininet.dll
2007-12-07 05:08 824832 4fc90bece54fac81b0090b94e27bfb6b c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2GDR\wininet.dll
2007-12-07 04:42 825344 f4fd487241d3ac291046a22cebd2cf71 c:\windows\SoftwareDistribution\Download\2dce20bc43d87c5ad11562143f87f0c5\SP2QFE\wininet.dll
2007-10-11 02:49 824832 bc5119c53bdd48dabc628d448a3bdccb c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll
2007-10-11 02:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll
2008-04-14 05:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\wininet.dll
2008-03-01 15:58 826368 8e027981ddffa690d456fe18b37415a0 c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2GDR\wininet.dll
2008-03-01 15:34 827392 5a0093f59b505c008ed0cee615563c72 c:\windows\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2QFE\wininet.dll
2004-08-05 07:00 681472 4062df31c13b93bc919e61aa3e329d64 c:\windows\system32\wininet.dll
2004-08-05 07:00 681472 4062df31c13b93bc919e61aa3e329d64 c:\windows\system32\dllcache\wininet.dll

2005-03-02 12:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2008-08-14 16:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 19:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2005-03-02 22:07 2058880 73fa9c95d235844a36968c7852c7dbdd c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 12:13 2059008 5311776074b6c13f983dc75baeac9c0c c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 19:08 2061440 7a56a64eb50399613587e90292dd2aab c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 16:39 2065024 dcbc1a6d150b5ee1bd6257186157b0f3 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 16:39 2065024 dcbc1a6d150b5ee1bd6257186157b0f3 c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
2008-04-14 05:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ntkrnlpa.exe
2009-01-21 20:25 2023040 98dfc6fcb39c514c5938f33445bb9325 c:\windows\system32\ntkrnlpa.exe
2008-08-14 16:39 2023040 8391068a4d59862f2be894900931979c c:\windows\system32\dllcache\ntkrnlpa.exe

2005-03-02 22:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2008-08-14 16:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 19:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2005-03-02 22:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 22:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 19:08 2184192 8e244108562e0e452eb68dff64cb08a9 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 16:39 2188032 c6649255e51f145b6e15c505ab68e459 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 16:39 2188032 c6649255e51f145b6e15c505ab68e459 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
2008-04-14 05:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\ntoskrnl.exe
2009-01-21 20:25 2146048 6b576e428d525cda1d8f7c22249832ca c:\windows\system32\ntoskrnl.exe
2008-08-14 16:39 2146048 3750f5c8fcdb0c7400f6402e930b1271 c:\windows\system32\dllcache\ntoskrnl.exe

2004-08-05 07:00 1369088 ef2ce001276374a5204377dfa70b72f6 c:\windows\explorer.exe
2007-06-13 16:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 07:00 3198464 cdc990fbeceff120d114c94cf07af248 c:\windows\$NtUninstallKB938828$\explorer.exe
2004-08-05 07:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\FlyakiteOSX\Backup\explorer.exe
2008-04-14 05:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\explorer.exe
2004-08-05 07:00 1369088 ef2ce001276374a5204377dfa70b72f6 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"RK Launcher"="c:\program files\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2006-02-24 188416]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-02 15872]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-31 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-28 344064]
"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-15 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-15 98304]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 208896]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256]
"MPTBox"="c:\program files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 167936]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ORAHSSSessionManager"="c:\program files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"SystrayORAHSS"="c:\program files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-03 2957824]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TpShocks"="TpShocks.exe" [2005-08-22 c:\windows\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\JACQUELINE\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 344064]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-07-21 577597]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-06-25 24576]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-03-17 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-07-12 11:06 110688 c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2005-12-15 19:14 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 01:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 00:23 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kashjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli csspwntfy

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JACQUELINE^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=c:\documents and settings\JACQUELINE\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JACQUELINE^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=c:\documents and settings\JACQUELINE\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JACQUELINE^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\JACQUELINE\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
--------- 2005-08-01 23:36 475136 c:\program files\ThinkVantage\AMSG\AMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter]
--------- 2005-07-12 11:00 126050 c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2005-08-02 20:52 1988144 c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
-r------- 2005-07-07 17:22 49152 c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-r-hs---- 2008-01-28 11:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--------- 2008-04-03 18:09 2957824 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--------- 2005-08-24 03:10 40960 c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Diskeeper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14201:TCP"= 14201:TCP:NortonAV
"16397:TCP"= 16397:TCP:NortonAV
"17352:TCP"= 17352:TCP:NortonAV
"18768:TCP"= 18768:TCP:NortonAV
"17836:TCP"= 17836:TCP:NortonAV
"18489:TCP"= 18489:TCP:NortonAV
"15445:TCP"= 15445:TCP:NortonAV
"17961:TCP"= 17961:TCP:NortonAV

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-06-25 59904]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-06-25 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-17 111184]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-06-25 2432]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-06-25 4736]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-03 138752]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-06-25 4442]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-07-17 20560]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-08-02 13184]
R4 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [2005-06-28 46142]
R4 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-08-02 3968]
R4 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 3328]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 17:43]

2008-12-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-08-31 03:10]

2009-01-25 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{97733437-876C-4D23-AD61-751BFAB5D4FD} - (no file)
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{1F9F7980-706A-4633-9C31-CCA2F9ACD183} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
MSConfigStartUp-Norton Ghost 9 - c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\GestMaj.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
FF - ProfilePath - c:\documents and settings\JACQUELINE\Application Data\Mozilla\Firefox\Profiles\q31riubq.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 09:25:49
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\docume~1\JACQUE~1\LOCALS~1\Temp\Perflib_Perfdata_e90.dat 16384 bytes
c:\docume~1\JACQUE~1\LOCALS~1\Temp\Perflib_Perfdata_f40.dat 16384 bytes

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7e,7e,a0,fc,e8,
bc,3c,17,2e,e8,e1,00,eb,16,2b,de,7c,b9,5a,6c,64,7e,7f,95,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,b8,52,28,91,cc,
dc,78,97,46,47,15,b0,92,4b,c7,ef,aa,dd,5c,7c,4c,f6,60,62,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1b,a3,91,74,86,
08,66,a4,7a,45,05,fd,91,e8,6f,31,21,a5,a0,6d,ca,d8,14,15,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9f,01,e9,18,80,
b4,43,82,6b,65,49,6a,7e,99,74,f7,66,8a,c8,7c,d7,2d,65,e9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,78,95,6a,13,a9,
1c,a4,2d,e9,02,6c,fa,fb,1d,47,57,b6,93,5e,ab,ae,ba,2a,d9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fe,76,68,74,5f,
00,11,44,50,93,e5,ab,ec,6a,4e,ab,39,27,d6,f7,a2,fa,25,28,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,eb,3e,02,2a,f5,
c2,58,c1,97,20,4e,9a,c7,f1,35,ee,f4,7a,5d,77,83,16,11,13,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f5,15,a3,6b,22,
2f,69,4a,aa,52,c6,00,84,3c,26,64,45,86,01,fa,7f,c7,f1,5b,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,35,e8,38,7f,52,
fe,9b,80,b2,46,9a,e2,1b,fe,1b,94,c5,4c,73,4c,0d,81,80,2b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,bc,dd,6c,48,15,
72,3e,d0,37,a4,aa,c3,a6,15,56,0a,52,c8,90,06,2c,e7,d8,93,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,b8,64,7f,59,73,
f8,08,a5,f8,31,0f,a9,5f,a0,ec,fb,e4,26,5b,c9,11,58,c3,e5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,d8,55,a1,81,1b,
58,28,d0,05,73,21,dd,54,d8,4a,c5,53,26,6a,17,fb,9c,2a,28,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(1044)
c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll
c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll
c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Canon\MultiPASS4\mpservic.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\program files\Orange HSS\Launcher\Launcher.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-01-25 9:38:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-25 06:38:02

Avant-CF: 27 819 560 960 octets libres
Après-CF: 27,683,725,312 octets libres

583 --- E O F --- 2009-01-14 06:56:49

Réponse 36 / 51

Utilisateur anonyme
25 janv. 2009 à 08:17

Re,

Rdémarre ton pc et refait un log avec RSIT.

Réponse 37 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
25 janv. 2009 à 08:43

Re, bien dormi? ^^

Attend un ptit peu tu peux repartir au lit je télécharge un truc, dans 40min c'est fini ;)

Réponse 38 / 51

Utilisateur anonyme
25 janv. 2009 à 08:45

Re,

OK.

Réponse 39 / 51

free_player Messages postés 35 Date d'inscription lundi 19 janvier 2009 Statut Membre Dernière intervention 15 mai 2010 1
25 janv. 2009 à 09:27

Re, toujours re ^^

Voila:

Logfile of random's system information tool 1.05 (written by random/random)
Run by JACQUELINE at 2009-01-25 11:24:26
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (37%) free of 72 GB
Total RAM: 510 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:46, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\windows\system32\svchost.exe
C:\windows\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\windows\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\JACQUELINE\Bureau\LOGICIEL\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\JACQUELINE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [System Files Updater] C:\windows\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\windows\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: kashjk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\windows\system32\IPSSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 40 / 51

Utilisateur anonyme
25 janv. 2009 à 09:39

Re,

Peut tu le poster en deux fois STP.

il ne passe pas en entier.

Discussions similaires

Est ce que le site tlauncher est dangereux ?

Softonic,est-ce un virus ?

4 virus en raison d’un porno ????

problême Opéra est ce un virus??

Virus MSN Tinyurl