Sujet Précédent Sujet Suivant

J'ai capté virus "flec006&quo

Fermé
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011 - 8 févr. 2009 à 22:34
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011 - 13 févr. 2009 à 01:03
Bonjour,
J'ai un énorme problème avec mon ordi. Environ 2 sem, j'ai capté le virus "flec006" (il revient sans cesse) et mon problème, j'ai perdu mon anti-virus Avast Pro et que je ne suis plus capable de le ré-installer. J'ai également perdu le fonctionnement de Spybot & Destroy. L'ordi est d'une lenteur écoeurante. J'essais d'installer "antivir" et lorsque je l'installe il y a un fichier qui ne veux pas s'installer. C'est marqué IMPOSSIBLE DE CRÉER BASIC \ AVARKT.DLL. Que dois-je faire pour remédier à tout ca. Ce fameux virus flec006 a fait un énorme ravage dans mon ordi et j'essais par plusieurs moyens suivant mes connaissances de réparer cette merde et je n'y arrive pas.
Je possède un Système XP fam. Version 2002 SP3. Mon ordi AMD Athlon (tm) 64 Processor 3500+, 2.21 GHz, 1.00G de ram. Je navigue avec deux navigateurs IE7 et Opera. J'ai fait du téléchargement sur Emule 0.49b et c'est sans doute avec cet Emule que j'ai du attraper ce satané virus.
Je vous suis très reconnaissant du travail que vous faite et je vous en remercie à l'avance.

N.B.: aussi, lorsque j'essai d'installer AvastPro, un cadre identifié Setup Selfextract m'informe : An error 1006 (000003EE) has occured. Last performed operation was: opening the self-extract archive.

Merci sincèrement. J'attend votre réponse.
A voir également:

45 réponses

Réponse 1 / 45
Utilisateur anonyme
9 févr. 2009 à 01:41
Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
1
Réponse 2 / 45
Utilisateur anonyme
8 févr. 2009 à 22:42
Salut,

Si tu as télécharger un crack vire le et fait ce qui suit.

Télécharge FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .


▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Tutoriel

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 3 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
8 févr. 2009 à 23:35
Salut V-X,
Je ne sais pas si j'ai bien procédé mais voici le rapport:
###################### [ FindyKill V4.715 ]

# User : Pierre C - PERSONNE-ADE6CB
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 17:24:55 le 08/02/09
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Saxo\Saxo.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe
C:\Program Files\StartClock\StartClock.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Documents and Settings\Pierre C\Application Data\m\flec006.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Microsoft Référence\Bibliorom\BIBLIROM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


"C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe" (3632)
"C:\Documents and Settings\Pierre C\Application Data\m\flec006.exe" (440)
"C:\WINDOWS\system32\wintems.exe" (4628)


\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\1005640.EXE-0905B248.pf
Found ! - C:\WINDOWS\prefetch\1068890.EXE-069F3681.pf
Found ! - C:\WINDOWS\prefetch\1341953.EXE-1D1595CE.pf
Found ! - C:\WINDOWS\prefetch\15538859.EXE-01BDDC95.pf
Found ! - C:\WINDOWS\prefetch\15565906.EXE-193A13D5.pf
Found ! - C:\WINDOWS\prefetch\15782593.EXE-0F24CE49.pf
Found ! - C:\WINDOWS\prefetch\15917546.EXE-0CA0A1B7.pf
Found ! - C:\WINDOWS\prefetch\1594265.EXE-1D9FF108.pf
Found ! - C:\WINDOWS\prefetch\16167000.EXE-06A80824.pf
Found ! - C:\WINDOWS\prefetch\16212515.EXE-33CBC278.pf
Found ! - C:\WINDOWS\prefetch\192671.EXE-392408F6.pf
Found ! - C:\WINDOWS\prefetch\210703.EXE-0F4AAB4E.pf
Found ! - C:\WINDOWS\prefetch\214296.EXE-21B9B570.pf
Found ! - C:\WINDOWS\prefetch\215421.EXE-206ACE48.pf
Found ! - C:\WINDOWS\prefetch\218187.EXE-0B01AC26.pf
Found ! - C:\WINDOWS\prefetch\231859.EXE-13F5DA24.pf
Found ! - C:\WINDOWS\prefetch\238359.EXE-21C49BCF.pf
Found ! - C:\WINDOWS\prefetch\252921.EXE-0402B3AF.pf
Found ! - C:\WINDOWS\prefetch\256546.EXE-1B984CA4.pf
Found ! - C:\WINDOWS\prefetch\297640.EXE-18CBC0D4.pf
Found ! - C:\WINDOWS\prefetch\470312.EXE-18F920B8.pf
Found ! - C:\WINDOWS\prefetch\520937.EXE-36CB474F.pf
Found ! - C:\WINDOWS\prefetch\550640.EXE-36EEAFC4.pf
Found ! - C:\WINDOWS\prefetch\600906.EXE-13BCF003.pf
Found ! - C:\WINDOWS\prefetch\607375.EXE-1263614C.pf
Found ! - C:\WINDOWS\prefetch\691734.EXE-135BD22B.pf
Found ! - C:\WINDOWS\prefetch\707062.EXE-33A58A73.pf
Found ! - C:\WINDOWS\prefetch\755500.EXE-1F4A828A.pf
Found ! - C:\WINDOWS\prefetch\757343.EXE-165033EB.pf
Found ! - C:\WINDOWS\prefetch\961640.EXE-1248E0DA.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Found ! [08/02/09 16:07] - C:\WINDOWS\system32\mdelk.exe
Found ! [08/02/09 16:07] - C:\WINDOWS\system32\wintems.exe
Found ! [08/02/09 17:09] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Found ! [07/02/09 17:17] - "C:\WINDOWS\system32\drivers\down"

################## [ C:\Documents and Settings\Pierre C\Application Data ]

Found ! [08/02/09 15:53] - "C:\Documents and Settings\Pierre C\Application Data\m\flec006.exe"
Found ! [08/02/09 15:55] - "C:\Documents and Settings\Pierre C\Application Data\m\list.oct"
Found ! [08/02/09 15:56] - "C:\Documents and Settings\Pierre C\Application Data\m\data.oct"
Found ! [08/02/09 15:56] - "C:\Documents and Settings\Pierre C\Application Data\m\srvlist.oct"
Found ! [08/02/09 15:59] - "C:\Documents and Settings\Pierre C\Application Data\m\shared"
Found ! [07/02/09 17:14] - "C:\Documents and Settings\Pierre C\Application Data\m"
Found ! [07/02/09 17:07] - "C:\Documents and Settings\Pierre C\Application Data\drivers"
Found ! [08/02/09 15:50] - "C:\Documents and Settings\Pierre C\Application Data\drivers\srosa2.sys"
Found ! [08/02/09 15:50] - "C:\Documents and Settings\Pierre C\Application Data\drivers\wfsintwq.sys"
Found ! [13/10/05 06:08] - "C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe"
Found ! [08/02/09 16:07] - "C:\Documents and Settings\Pierre C\Application Data\drivers\downld"

################## [ C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Uniblue RegistryBooster2=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
Saxo="C:\Program Files\Saxo\Saxo.exe" regstart
OM_Monitor=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
UniblueSpeedUpMyPC=C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LVCOMSX="C:\WINDOWS\system32\LVCOMSX.EXE"
RemoteControl="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
InCD="C:\Program Files\Ahead\InCD\InCD.exe"
NeroFilterCheck="C:\WINDOWS\system32\NeroCheck.exe"
LogitechVideoRepair="C:\Program Files\Logitech\Video\ISStart.exe"
LogitechVideoTray="C:\Program Files\Logitech\Video\LogiTray.exe"
Device Detector="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
nTrayFw="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
itype="C:\Program Files\Microsoft IntelliType Pro\itype.exe"
Logitech Utility=Logi_MwX.Exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
OM_Monitor="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
FaxCenterServer="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
lxcemon.exe="C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
EzPrint="C:\Program Files\Lexmark 4300 Series\ezprint.exe"
LXCECATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
SoundMan=SOUNDMAN.EXE
NvCplDaemon="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\BackWeb-8876480]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\RtlRack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

EapHost - # Type de démarrage = 3

/!\ Ip6Fw - # Type de démarrage = 4

/!\ SharedAccess - # Type de démarrage = 4

/!\ wuauserv - # Type de démarrage = 4

/!\ wscsvc - # Type de démarrage = 4

/!\ WinDefend - # Type de démarrage = 4


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe

G: - Lecteur fixe


# Contenu de l'autorun : G:\autorun.inf

[autorun]
icon = .\mxoicon2.ico

# presence des fichiers :

Found ! [29/09/05 07:57][--a------] - G:\autorun.inf


\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.715 ! ]
0
Réponse 4 / 45
Utilisateur anonyme
8 févr. 2009 à 23:38
Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 1 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 01:01
Salut V-X,
Je t'envois le deuxième rapport de Findykill:
###################### [ FindyKill V4.715 ]

# User : Pierre C - PERSONNE-ADE6CB
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 18:52:10 the 08/02/09
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\Documents and Settings\Pierre C\Application Data ]

Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\m\srvlist.oct"
Not deleted !! - "C:\Documents and Settings\Pierre C\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Pierre C\Application Data\m"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Pierre C\Application Data\drivers"

################## [ C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp ]


################## [ C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2LIQAFJY\mxd[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\file[1].txt
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HDI4ET1L\servernames[1].htm
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\HIHBAACI\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\W5D031II\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\2QNT8Q7R\servernames[1].htm
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\3NPGAETS\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\66D74OJ9\file[1].txt
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Pierre C\Local Settings\Temporary Internet Files\Content.IE5\VKZLHLC5\mxd[2].jpg

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

WinDefend - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

F: - Lecteur amovible


# deleting files :

Deleted ! - F:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


-> Not found !


\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

d8f3958d C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe
23df44d298f1a9fd16fa87cfeefcc65f C:\Documents and Settings\Pierre C\Application Data\drivers\winupgro.exe

Suspect ! - 23df44d298f1a9fd16fa87cfeefcc65f C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////


################## [ ! End of report # ! ]
0
Réponse 6 / 45
Utilisateur anonyme
9 févr. 2009 à 01:03
Re,

supprime findykill=>option 3.

Ensuite.

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 7 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 01:16
Salut V-X,
Je t'envois le troisième rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:18, on 08/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Saxo] "C:\Program Files\Saxo\Saxo.exe" regstart
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: StartClock.lnk = C:\Program Files\StartClock\StartClock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} (SentinelProxy Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 8 / 45
Utilisateur anonyme
9 févr. 2009 à 01:19
Re,

▶ Démarre Spybot, clique sur Mode, coche Mode avancé

𥭪 gauche, clique sur Outils, puis sur Résident

▶ Décoche la case devant Résident "TeaTimer" :

http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg

▶Quitte Spybot
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 9 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 01:35
Salut V-X,
Quatrième rapport RSIT (1)

info.txt logfile of random's system information tool 1.05 2009-02-08 19:31:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2500 Recettes-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TLC-Edusoft\2500 Recettes\Uninst25R.isu"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
All To MP3 Converter 2.15-->"C:\Program Files\LitexMedia\All To MP3 Converter\unins000.exe"
AnyTV Free 2.28-->"C:\Program Files\FDRLab\AnyTV\unins000.exe"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Bibliorom-->"C:\Program Files\Microsoft Référence\Bibliorom\Setup\install.exe"
CarManager-->C:\PROGRA~1\DDaussy\CarManager\gduninst.exe /d:"C:\Program Files\DDaussy\CarManager\carmanager.ssi" /cpl
CodeBaby Player (Remove Only) 1.0.2.15-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.15.inf,DefaultUninstall,5
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Crazy Browser version 3.0.0 RC1-->"C:\Program Files\Crazy Browser\unins000.exe"
Direct MIDI to MP3 Converter version 5.0.1.19-->"C:\Program Files\Direct MIDI to MP3 Converter\unins000.exe"
Direct WAV MP3 Splitter 2.4-->"C:\Program Files\Direct WAV MP3 Splitter\unins000.exe"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
eMail Verifier 3.4.2-->"C:\Program Files\eMail Verifier\unins000.exe"
Empty Temp Folders 2.8.3-->C:\Program Files\Empty Temp Folders 2.8.3\uninstall.exe
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
FastPictureViewer-->MsiExec.exe /I{876C811D-53A0-4482-8EDD-0BCBB3AA88C6}
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Hide Folders XP 2.0 for Windows 2000/XP-->C:\HFXP2\hfxp.exe /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL
ImpôtExpert 2007-->MsiExec.exe /X{894BAEF1-3AF6-42FF-9DA3-3B3F8D00CCD4}
ImpôtExpert Updater 2007-->MsiExec.exe /X{28DBD588-207D-4A26-8EAD-EFD8F128EB6D}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Index.dat Analyzer v2.0-->"C:\Program Files\Index.dat Analyzer\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexmark 4300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mira version 2.4.0.0-->"C:\Program Files\SoftChris\Mira\unins000.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4SP2-->MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Need4 Video Converter 5.6-->C:\Program Files\Need4 Video Converter 5.6\uninst.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
OLYMPUS Master-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Peer2Peer-EN Toolbar-->C:\PROGRA~1\Peer2Peer-EN\UNWISE.EXE C:\PROGRA~1\Peer2Peer-EN\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintMaster Gold 4.00-->c:\pmw\msrun.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PrtScr 1.4-->"C:\Program Files\PrtScr\unins000.exe"
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recettes-->C:\PROGRA~1\DDaussy\Recettes\gduninst.exe /d:"C:\Program Files\DDaussy\Recettes\Recettes.ssi" /cpl
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soap 3.0 Toolkit-->MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StartClock 3.3-->"C:\Program Files\StartClock\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
TingleSoft Video Converter-->MsiExec.exe /I{1E2E80CC-E916-4F9B-BFF0-213F79DC15A1}
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{856E04B3-8FD3-40EB-AE55-65BD0321FC59}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{856E04B3-8FD3-40EB-AE55-65BD0321FC59}\SpeedUpMyPC.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Video Capturix 2008 Version 8.10 Build 930-->"C:\Program Files\Video Capturix 2008\unins000.exe"
Virtual Earth 3D (Bêta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Visual Lottery Analyser-->MsiExec.exe /I{99E4F640-39BF-46A5-90C9-6E8AAFB2326C}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

FW: NVIDIA Firewall (disabled)

System event log

Computer Name: PERSONNE-ADE6CB
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 24551
Source Name: SideBySide
Time Written: 20090130130236.000000-300
Event Type: erreur
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 32
Message: L'assemblage dépendant Microsoft.VC80.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Record Number: 24550
Source Name: SideBySide
Time Written: 20090130130236.000000-300
Event Type: erreur
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 24549
Source Name: SideBySide
Time Written: 20090130130236.000000-300
Event Type: erreur
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 32
Message: L'assemblage dépendant Microsoft.VC80.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Record Number: 24548
Source Name: SideBySide
Time Written: 20090130130236.000000-300
Event Type: erreur
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 24547
Source Name: SideBySide
Time Written: 20090130130236.000000-300
Event Type: erreur
User:

Application event log

Computer Name: PERSONNE-ADE6CB
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur PERSONNE-ADE6CB\Pierre C alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2359
Source Name: Userenv
Time Written: 20080915233937.000000-240
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PERSONNE-ADE6CB
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.



Record Number: 2358
Source Name: Userenv
Time Written: 20080915233934.000000-240
Event Type: Avertissement
User: PERSONNE-ADE6CB\Pierre C

Computer Name: PERSONNE-ADE6CB
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2357
Source Name: SecurityCenter
Time Written: 20080915121738.000000-240
Event Type: Informations
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 0
Message:
Record Number: 2356
Source Name: ForceWare Intelligent Application Manager (IAM)
Time Written: 20080915121733.000000-240
Event Type: Informations
User:

Computer Name: PERSONNE-ADE6CB
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur PERSONNE-ADE6CB\Pierre C alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 2355
Source Name: Userenv
Time Written: 20080915121610.000000-240
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 10 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 01:38
V-X,
Cinquième rapport RSIT (2)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Pierre C at 2009-02-08 19:30:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 219 GB (92%) free of 238 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:00, on 08/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Pierre C\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pierre C.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Saxo] "C:\Program Files\Saxo\Saxo.exe" regstart
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: StartClock.lnk = C:\Program Files\StartClock\StartClock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} (SentinelProxy Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 11 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 02:29
Salut V-X,
Je t'envois le ComboFix demandé:

ComboFix 09-02-08.01 - Pierre C 2009-02-08 20:23:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.625 [GMT -5:00]
Lancé depuis: c:\documents and settings\Pierre C\Bureau\C-Fix.exe
FW: NVIDIA Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\Pierre C\Application Data\m\shared\Arendaine [ FTP
c:\documents and settings\Pierre Cornelis\Application Data\drivers\downld
c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-08 19:30 . 2009-02-08 19:31 <REP> d-------- C:\rsit
2009-02-08 15:48 . 2009-02-08 15:48 244 --ah----- C:\sqmnoopt00.sqm
2009-02-08 15:48 . 2009-02-08 15:48 232 --ah----- C:\sqmdata00.sqm
2009-02-08 15:02 . 2009-02-08 15:02 <REP> d-------- c:\program files\Trend Micro
2009-02-07 16:03 . 2009-02-07 16:03 <REP> d-------- c:\documents and settings\Pierre C\Application Data\MalwareRemovalBot
2009-02-07 14:50 . 2009-02-07 14:50 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-02-04 22:52 . 2009-02-04 22:52 169 --a------ c:\windows\RtlRack.ini
2009-02-03 12:26 . 2009-02-03 13:47 <REP> d-------- c:\program files\VS Revo Group
2009-02-01 17:17 . 2009-02-01 17:17 <REP> d-------- c:\windows\nview
2009-02-01 17:17 . 2009-02-08 18:45 201,044 --a------ c:\windows\system32\nvapps.xml
2009-02-01 17:17 . 2008-09-17 23:55 18,394 --a------ c:\windows\system32\nvdisp.nvu
2009-02-01 17:14 . 2008-09-17 23:55 13,574,144 --a------ c:\windows\system32\nvcpl.dll
2009-02-01 15:36 . 2009-02-01 15:36 <REP> d-------- c:\program files\Realtek Sound Manager
2009-02-01 14:47 . 2009-02-01 14:48 6,764 --a------ c:\windows\system32\spupdsvc.inf
2009-02-01 14:34 . 2008-10-16 15:18 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-01 14:34 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-01 14:34 . 2007-03-08 00:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-01 14:34 . 2008-10-16 15:18 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-01 14:34 . 2008-10-16 15:18 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-01 14:34 . 2008-10-16 15:18 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-01 14:34 . 2008-10-16 15:18 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-01 14:34 . 2008-10-16 15:18 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-01 14:34 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-31 17:03 . 2008-08-14 08:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-31 17:03 . 2008-08-14 08:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-31 17:03 . 2008-08-14 08:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-31 16:55 . 2009-02-04 17:31 <REP> d-------- c:\program files\RegistryFix7
2009-01-31 16:23 . 2009-02-08 20:24 <REP> d--h----- c:\documents and settings\Pierre Cornelis\Application Data\drivers
2009-01-31 16:22 . 2008-09-15 10:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-31 16:22 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-31 16:22 . 2008-06-14 12:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-31 16:22 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-31 16:20 . 2008-09-09 20:15 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-01-31 16:06 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-31 15:21 . 2009-01-31 15:21 <REP> d-------- c:\documents and settings\Pierre Cornelis\Application Data\FaxCtr
2009-01-31 15:20 . 2008-04-28 12:51 <REP> d--h----- c:\documents and settings\Pierre Cornelis\Voisinage réseau
2009-01-31 15:20 . 2008-04-28 12:51 <REP> d--h----- c:\documents and settings\Pierre Cornelis\Voisinage d'impression
2009-01-31 15:20 . 2009-01-30 12:48 <REP> d--h----- c:\documents and settings\Pierre Cornelis\Modèles
2009-01-31 15:20 . 2009-02-01 16:32 <REP> dr------- c:\documents and settings\Pierre Cornelis\Mes documents
2009-01-31 15:20 . 2008-04-28 12:51 <REP> dr------- c:\documents and settings\Pierre Cornelis\Menu Démarrer
2009-01-31 15:20 . 2009-02-01 16:32 <REP> dr------- c:\documents and settings\Pierre Cornelis\Favoris
2009-01-31 15:20 . 2008-04-28 12:51 <REP> d-------- c:\documents and settings\Pierre Cornelis\Bureau
2009-01-31 15:20 . 2009-01-31 15:20 <REP> d-------- c:\documents and settings\Pierre Cornelis
2009-01-30 13:57 . 2009-02-08 18:56 <REP> d-------- c:\program files\FindyKill
2009-01-30 13:04 . 2004-08-05 07:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll
2009-01-30 13:03 . 2008-04-13 21:31 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-01-30 13:02 . 2003-04-14 20:29 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll
2009-01-30 13:01 . 2004-08-05 07:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-30 13:01 . 2009-01-30 13:01 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-30 13:01 . 2009-01-30 13:01 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-30 13:01 . 2009-01-30 13:01 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-30 13:01 . 2009-01-30 13:01 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-30 13:01 . 2009-01-30 13:01 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-30 12:37 . 2004-08-05 07:00 3,374,512 --a--c--- c:\windows\system32\dllcache\tourP.exe
2009-01-30 12:36 . 2008-09-15 10:26 1,846,528 --a------ c:\windows\system32\win32k.sys
2009-01-30 12:35 . 2004-08-05 07:00 13,107,200 --a------ c:\windows\system32\oembios.bin
2009-01-30 12:34 . 2004-08-05 07:00 3,440,660 --a------ c:\windows\system32\drivers\gm.dls
2009-01-30 07:41 . 2009-02-07 23:26 1,073,299,456 --a------ c:\windows\MEMORY.DMP
2009-01-29 20:08 . 2009-02-08 18:52 <REP> d--h----- c:\documents and settings\Pierre C\Application Data\m
2009-01-29 13:44 . 2009-01-29 13:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-01-29 13:44 . 2007-05-30 07:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2009-01-29 13:40 . 2009-01-29 13:40 <REP> d-------- c:\documents and settings\Pierre C\Application Data\dvdcss
2009-01-29 13:39 . 2009-02-08 14:29 38 --a------ c:\windows\avisplitter.INI
2009-01-22 14:37 . 2009-01-22 14:37 <REP> d-------- c:\documents and settings\Pierre C\ErrorLogs
2009-01-21 11:20 . 2009-01-21 11:20 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{856E04B3-8FD3-40EB-AE55-65BD0321FC59}
2009-01-15 20:20 . 2009-01-15 20:21 <REP> d-------- c:\program files\Peer2Peer-EN
2009-01-15 20:20 . 2009-01-15 20:20 <REP> d-------- c:\program files\Conduit
2009-01-15 15:39 . 2009-01-15 15:39 <REP> d-------- c:\program files\Windows Installer Clean Up
2009-01-15 15:38 . 2009-01-15 15:38 <REP> d-------- c:\program files\MSECACHE
2009-01-15 00:12 . 2009-01-15 00:12 <REP> d-------- c:\program files\TingleSoft
2009-01-15 00:12 . 2009-01-15 00:12 <REP> d-------- c:\documents and settings\Pierre C\Application Data\TingleSoft
2009-01-15 00:04 . 2009-01-15 00:04 <REP> d-------- c:\program files\FastPictureViewer
2009-01-14 23:58 . 2009-02-03 10:11 48 ---h----- c:\windows\[u]0/u86067065080050048048056
2009-01-14 23:57 . 2009-01-15 15:49 <REP> d-------- c:\program files\Video Capturix 2008
2009-01-14 23:49 . 2009-01-14 23:53 <REP> d-------- c:\program files\eMail Verifier
2009-01-14 23:49 . 2009-01-14 23:49 <REP> d-------- c:\documents and settings\Pierre C\Application Data\Maxprog
2009-01-12 23:58 . 2009-01-12 23:58 160 --a------ C:\install.dat
2009-01-12 16:57 . 2009-01-12 16:59 <REP> d-------- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-12 01:38 . 2009-01-12 01:38 <REP> d-------- c:\program files\Sprintbit Software
2009-01-12 01:35 . 2009-01-12 01:35 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 00:52 --------- d-----w c:\program files\Lx_cats
2009-02-08 23:26 --------- d-----w c:\documents and settings\Pierre C\Application Data\Skype
2009-02-08 20:50 --------- d-----w c:\program files\Saxo
2009-02-07 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-07 19:50 --------- d-----r c:\program files\Skype
2009-02-03 17:00 --------- d-----w c:\documents and settings\Pierre C\Application Data\Uniblue
2009-02-03 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-02-03 14:34 --------- d-----w c:\program files\Alwil Software
2009-02-01 20:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 20:36 --------- d-----w c:\program files\AvRack
2009-01-27 03:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 16:20 --------- d-----w c:\program files\Uniblue
2009-01-17 08:51 --------- d-----w c:\documents and settings\Pierre C\Application Data\System Tweaker
2009-01-15 05:01 --------- d-----w c:\program files\Index.dat Analyzer
2009-01-13 05:42 --------- d-----w c:\program files\XoftSpySE
2009-01-06 03:32 --------- d-----w c:\documents and settings\Pierre C\Application Data\Paludour
2009-01-06 02:16 --------- d-----w c:\program files\Ahead
2009-01-01 01:07 --------- d-----w c:\program files\xxxxx
2008-12-28 03:45 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-28 03:44 --------- d-----w c:\program files\AVS4YOU
2008-12-28 02:57 --------- d-----w c:\documents and settings\Pierre C\Application Data\vlc
2008-12-28 00:39 --------- d-----w c:\program files\TLC-Edusoft
2008-12-27 20:35 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-27 19:43 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-12-27 19:42 --------- d-----w c:\program files\Lexmark 4300 Series
2008-12-27 19:38 --------- d-----w c:\documents and settings\Pierre C\Application Data\FaxCtr
2008-12-27 19:20 --------- d-----w c:\program files\FDRLab
2008-12-27 19:20 --------- d-----w c:\documents and settings\Pierre C\Application Data\FDRLab
2008-12-27 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2008-12-23 20:23 --------- d-----w c:\program files\APVehicules
2008-12-23 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\APVehicules
2008-12-23 17:52 --------- d-----w c:\program files\DiskInternals
2008-12-23 17:47 --------- d-----w c:\program files\PrtScr
2008-12-19 02:20 --------- d-----w c:\program files\Opera
2008-12-18 19:18 --------- d-----w c:\documents and settings\All Users\Application Data\ZqWare
2008-12-11 18:12 --------- d-----w c:\program files\eSoft Imaging
2008-12-11 18:12 --------- d-----w c:\documents and settings\Pierre C\Application Data\eSoft Imaging
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Uniblue RegistryBooster2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-05-16 1856544]
"Saxo"="c:\program files\Saxo\Saxo.exe" [2008-08-31 315392]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2009-02-08 57344]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Device Detector"="c:\program files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2005-06-27 221184]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-03-22 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-02-15 61440]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-03-22 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-01-27 49152]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-28 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\New Logiciel\\Emule\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2004-10-12 11392]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ba57f98-40bd-11dd-bad0-0013a337e12e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mapselect.url
.
Contenu du dossier 'Tâches planifiées'

2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-02-07 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-02-07 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []

2009-02-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-26 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2009-02-03 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-08-25 14:44]

2009-02-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
Toolbar-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://sympatico.msn.ca/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: microsoft.com\office
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: TruePass EPF 7,0,100,739
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED}
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF}
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 20:24:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...


C:\FG
C:\Francine C
C:\Francine G

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7AE9C30E-8BA1-E0D6-0B6E-8E438D214465}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oabhajjhkehecgdjmlejpoknbgbmpl"=hex:64,61,62,6a,61,6c,6e,65,00,70
"oandipmmfnaalihgpijllelbjapneg"=hex:6a,61,61,6a,63,6c,65,62,62,63,69,61,66,65,
62,6b,67,68,69,65,00,fd
"nadekmfkpikaneafionfdaopkjhi"=hex:6a,61,61,6a,63,6c,65,62,62,63,69,61,66,65,
62,6b,67,68,69,65,00,fd

[HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91F7C5C2-E347-F39C-6FCB-1EA6928EC78C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD1C1039-9C4D-675F-749D-8D4D20732F56}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaheijfmlodppabgppljobmhpfpjjb"=hex:64,61,65,6b,63,65,64,6a,00,90
"oaldacanfebjfnfdkebjhhpipbpdaf"=hex:6a,61,6b,6b,6a,65,6b,65,65,64,6e,6b,6b,6c,
64,6a,6a,6d,67,65,00,fd
"nafdgdhnpgeiokenajkjajfneckc"=hex:6a,61,6b,6b,6a,65,6b,65,65,64,6e,6b,6b,6c,
64,6a,6a,6d,67,65,00,fd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-08 20:25:36
ComboFix-quarantined-files.txt 2009-02-09 01:25:33

Avant-CF: 229 567 639 552 octets libres
Après-CF: 229,556,494,336 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

302 --- E O F --- 2009-02-08 23:54:38
0
Réponse 12 / 45
Utilisateur anonyme
9 févr. 2009 à 02:34
Re,

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


Tutoriel pour MalwareByte's
0
Réponse 13 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 02:54
Allo V-X,
Voici le rapport suivant MalwareByte's Anti-Malware:

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1739
Windows 5.1.2600 Service Pack 3

08/02/09 20:43:27
mbam-log-2009-02-08 (20-43-27).txt

Type de recherche: Examen rapide
Eléments examinés: 55022
Temps écoulé: 2 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Pierre C\Application Data\m (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Pierre C\Application Data\m\shared (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre C\Application Data\m\shared\Arendaine [ FTP (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot\Log\2009 Feb 07 - 04_03_17 PM_859.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pierre C\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
0
Réponse 14 / 45
Utilisateur anonyme
9 févr. 2009 à 02:55
Re,

Redémarre ton pc normalement et refait un log avec RSIT.

merci
0
Réponse 15 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 03:03
V-X,
Le log de RSIT:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Pierre C at 2009-02-08 20:59:33
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 219 GB (92%) free of 238 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:39, on 08/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Saxo\Saxo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\StartClock\StartClock.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pierre C\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pierre C.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Saxo] "C:\Program Files\Saxo\Saxo.exe" regstart
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: StartClock.lnk = C:\Program Files\StartClock\StartClock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} (SentinelProxy Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 16 / 45
Utilisateur anonyme
9 févr. 2009 à 03:06
Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\program files\saxo\saxo.exe

:commands
[purity]
[emptytemp]
[reboot]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 17 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 03:36
V-X,
Est-ce que le dernier message s'est bien rendu soit celui de OTMoveIt3?

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\program files\saxo\Saxo.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\etilqs_2re5ac0MQNiXctAlQaNV scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\etilqs_2re5ac0MQNiXctAlQaNV-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02082009_212005

Files moved on Reboot...
File C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\etilqs_2re5ac0MQNiXctAlQaNV not found!
File C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\etilqs_2re5ac0MQNiXctAlQaNV-journal not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
0
Réponse 18 / 45
Utilisateur anonyme
9 févr. 2009 à 14:15
Re,

Redémarre ton pc normalement et refait un log avec RSIT.

Poste le en deux fois car il passe pas entièrement.

merci
0
Réponse 19 / 45
Diego99Corny Messages postés 26 Date d'inscription dimanche 8 février 2009 Statut Membre Dernière intervention 21 juillet 2011
9 févr. 2009 à 17:46
Bonjour V-X 1 ère partie

Logfile of random's system information tool 1.05 (written by random/random)
Run by Pierre C at 2009-02-09 11:42:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 219 GB (92%) free of 238 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:38, on 09/02/09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\StartClock\StartClock.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\Pierre C\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pierre C.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Saxo] "C:\Program Files\Saxo\Saxo.exe" regstart
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: StartClock.lnk = C:\Program Files\StartClock\StartClock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: TruePass EPF 7,0,100,739 -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} (SentinelProxy Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 20 / 45
Utilisateur anonyme
9 févr. 2009 à 17:48
Re,

Il ne passe pas entièrement.

poste le en deux fois.

merci
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment traduire &amp;amp;quot;&amp;amp;qu
Shiro Kawane -
galacta26 -

7 réponses