Pb vista
max2776
Messages postés
39
Statut
Membre
-
max2776 Messages postés 39 Statut Membre -
max2776 Messages postés 39 Statut Membre -
Bonjour,
voila j'ai un pb avec mon pc ou vista et déja instalé et je dois donc le réinstalé mais avant j'aimerais savori ce que je dois faire avant pour qu'il fonctionne correctement par exemple formater avant de réinstallé ainsi que les autres choses a faire et je vodurais savoir quel taille d'allocation je dois mettre
merci de votre aide
voila j'ai un pb avec mon pc ou vista et déja instalé et je dois donc le réinstalé mais avant j'aimerais savori ce que je dois faire avant pour qu'il fonctionne correctement par exemple formater avant de réinstallé ainsi que les autres choses a faire et je vodurais savoir quel taille d'allocation je dois mettre
merci de votre aide
A voir également:
- Pb vista
- Windows vista - Télécharger - Divers Utilitaires
- Clé windows vista - Guide
- Windows Vista SP1 - Télécharger - Divers Utilitaires
- Pdf vista - Télécharger - PDF
- Vista inspirat - Télécharger - Personnalisation
25 réponses
Salut
Excuses, j'étais un peu ailleurs ;-) Tu pourrais me donner le nom des "virus" en question, stp.
Dans ton HijackThis y a rien d'alarmant, au 1er abord...
Excuses, j'étais un peu ailleurs ;-) Tu pourrais me donner le nom des "virus" en question, stp.
Dans ton HijackThis y a rien d'alarmant, au 1er abord...
Ils sont en 40aine ou bloqués quelque part par Spybot? Si oui, supprime-les... En mode sans échec si nécessaire...
Et supprime aussi les anciens points de restauration, avec le nettoyage de disque (les malwares vont souvent se cacher là dedans...)
Et supprime aussi les anciens points de restauration, avec le nettoyage de disque (les malwares vont souvent se cacher là dedans...)
Bon, ben note les chemins de ces fichiers, et supprime-les manuellement en mode sans échec...
Sinon on va trouver autre chose pour les virer...
Sinon on va trouver autre chose pour les virer...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Jette un oeil ici déjà: http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde
voila le rapport
ComboFix 09-02-15.01 - user 2009-02-17 1:09:14.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.2039.901 [GMT 1:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\users\user\AppData\Roaming\Malwarebytes
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\programdata\Malwarebytes
2009-02-13 13:34 . 2009-02-13 14:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 13:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 13:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\users\All Users\Lavasoft
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\programdata\Lavasoft
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\program files\Lavasoft
2009-02-11 11:43 . 2009-02-11 11:43 <REP> d-------- C:\VundoFix Backups
2009-02-11 03:35 . 2008-03-03 15:05 54,672 --a------ c:\windows\System32\vsutil_loc040c.dll
2009-02-11 03:35 . 2009-02-11 03:35 5,571 --a------ c:\windows\System32\vsconfig.xml
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\users\All Users\CheckPoint
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\programdata\CheckPoint
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\program files\Zone Labs
2009-02-11 03:34 . 2008-03-03 15:05 1,086,952 --a------ c:\windows\System32\zpeng24.dll
2009-02-11 03:34 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2009-02-11 03:33 . 2009-02-11 03:35 <REP> d-------- c:\windows\System32\ZoneLabs
2009-02-11 03:33 . 2009-02-17 01:06 <REP> d-------- c:\windows\Internet Logs
2009-02-11 03:33 . 2009-02-17 00:27 352,615 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-02-11 03:33 . 2008-03-03 15:06 279,440 --------- c:\windows\System32\drivers\vsdatant.sys
2009-02-11 03:12 . 2009-02-11 03:13 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-11 03:12 . 2009-02-11 03:13 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-11 03:12 . 2009-02-11 03:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\users\All Users\Avira
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\programdata\Avira
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\program files\Avira
2009-02-11 01:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 01:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 00:34 . 2009-02-12 05:42 198,998,730 --a------ c:\windows\MEMORY.DMP
2009-01-17 17:47 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 15:03 1,338,880 ----a-w c:\windows\Internet Logs\xDB6160.tmp
2009-02-11 02:46 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 02:46 --------- d-----w c:\program files\Windows Mail
2009-02-11 01:41 --------- d-----w c:\users\user\AppData\Roaming\uTorrent
2009-02-08 16:35 --------- d-----w c:\program files\Common Files\Adobe
2009-02-08 16:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-03 12:21 --------- d-----w c:\program files\Java
2008-04-27 10:52 174 --sha-w c:\program files\desktop.ini
2008-06-25 12:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-25 12:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-25 12:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 152616]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2007-11-01 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D32EAD0A-95EA-43E3-B728-91B52C106C4F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0574B96B-D3AF-4BDA-8FA1-07D6A6732EF5}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"{829C5FA7-E622-44B6-8611-021EC018D711}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5BC5475C-EE5C-4A8F-B089-8B22CC711F8A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2C2FDAAE-AA2A-4993-A632-94F0292014C8}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{8DFE7B6F-918E-40BA-B464-7098EA2E4C24}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D06BF671-D877-4BBF-818A-011B68A426F4}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{172CCACB-57B4-42E6-8B43-B4F0871C0B04}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3C2C6A10-9783-4610-99A1-CE2B950CB8C5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B08641BB-A158-4D2F-A3F5-A834468F054C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8F9B5A4B-5B9E-4430-9B2A-3ABD4012D7A6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6D13B726-4E78-4462-B5BB-281777A9F1A3}c:\\users\\user\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\user\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{905E3E74-E5E5-4B2D-91F2-1DBC05AA5180}c:\\users\\user\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\user\program files\utorrent\utorrent.exe:utorrent.exe
"{96BDDFBA-72D2-47C3-8BB7-500A895E8070}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ACF52353-A545-4C74-A13C-0D20A23ED44D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{44C5E53C-1006-49B4-98F6-8D522BF9FA90}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{437FF102-DE5B-493D-8F26-B8D95D502F02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D71E00FD-04A8-4906-AA2A-88420636042C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{30FCDC13-44D6-42DF-BCB4-F6E95A41C214}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D9DCFED4-D2F5-4D4F-B30D-3F4D1A994F3A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4555C5B0-504D-43FA-9BE2-95A3DE6C9FCB}"= UDP:c:\users\user\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{477BBDD8-4F69-4E21-827B-3C780EAB6D1D}"= TCP:c:\users\user\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{25F4791D-75A1-4166-A0E9-CEDF34597FB9}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B3BE19B6-7BF2-486C-A68D-F8878A07341C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{A853D388-B053-4B89-A2D4-33B2AB2ED5C2}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1E8E80E2-BF75-428F-AC37-B862884A6317}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{D8B65778-AD4B-4AA0-A3A3-80CFA00EC2F8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{19A0F6DE-BC55-473A-8347-85A04B6C3D43}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-11 1153368]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2007-11-15 48128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f657ca0-a4e7-11dd-ba48-001d601b9164}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c318cf6a-93b8-11dc-b10f-806e6f6e6963}]
\shell\AutoRun\command - d:\bin\Assetup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-02-16 c:\windows\Tasks\User_Feed_Synchronization-{01B8D45F-3379-4C7F-82BC-9B208811BDD2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à &Bluetooth - c:\program files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17thx5ny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
1 fichier(s) déplacé(s).
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17thx5ny.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 01:11:06
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5192)
c:\windows\system32\btmmhook.dll
.
Heure de fin: 2009-02-17 1:13:13
ComboFix-quarantined-files.txt 2009-02-17 00:13:10
Avant-CF: 15 261 511 680 octets libres
Après-CF: 15,236,341,760 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
188 --- E O F --- 2009-02-13 04:44:53
ComboFix 09-02-15.01 - user 2009-02-17 1:09:14.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.2039.901 [GMT 1:00]
Lancé depuis: c:\users\user\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\users\user\AppData\Roaming\Malwarebytes
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-13 13:34 . 2009-02-13 13:34 <REP> d-------- c:\programdata\Malwarebytes
2009-02-13 13:34 . 2009-02-13 14:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 13:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 13:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\users\All Users\Lavasoft
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\programdata\Lavasoft
2009-02-12 15:37 . 2009-02-12 15:51 <REP> d-------- c:\program files\Lavasoft
2009-02-11 11:43 . 2009-02-11 11:43 <REP> d-------- C:\VundoFix Backups
2009-02-11 03:35 . 2008-03-03 15:05 54,672 --a------ c:\windows\System32\vsutil_loc040c.dll
2009-02-11 03:35 . 2009-02-11 03:35 5,571 --a------ c:\windows\System32\vsconfig.xml
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\users\All Users\CheckPoint
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\programdata\CheckPoint
2009-02-11 03:34 . 2009-02-11 03:34 <REP> d-------- c:\program files\Zone Labs
2009-02-11 03:34 . 2008-03-03 15:05 1,086,952 --a------ c:\windows\System32\zpeng24.dll
2009-02-11 03:34 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2009-02-11 03:33 . 2009-02-11 03:35 <REP> d-------- c:\windows\System32\ZoneLabs
2009-02-11 03:33 . 2009-02-17 01:06 <REP> d-------- c:\windows\Internet Logs
2009-02-11 03:33 . 2009-02-17 00:27 352,615 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-02-11 03:33 . 2008-03-03 15:06 279,440 --------- c:\windows\System32\drivers\vsdatant.sys
2009-02-11 03:12 . 2009-02-11 03:13 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-11 03:12 . 2009-02-11 03:13 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-11 03:12 . 2009-02-11 03:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\users\All Users\Avira
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\programdata\Avira
2009-02-11 02:44 . 2009-02-11 02:44 <REP> d-------- c:\program files\Avira
2009-02-11 01:17 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 01:17 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 00:34 . 2009-02-12 05:42 198,998,730 --a------ c:\windows\MEMORY.DMP
2009-01-17 17:47 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 15:03 1,338,880 ----a-w c:\windows\Internet Logs\xDB6160.tmp
2009-02-11 02:46 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 02:46 --------- d-----w c:\program files\Windows Mail
2009-02-11 01:41 --------- d-----w c:\users\user\AppData\Roaming\uTorrent
2009-02-08 16:35 --------- d-----w c:\program files\Common Files\Adobe
2009-02-08 16:28 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-03 12:21 --------- d-----w c:\program files\Java
2008-04-27 10:52 174 --sha-w c:\program files\desktop.ini
2008-06-25 12:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-25 12:17 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-25 12:17 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 152616]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2007-11-01 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D32EAD0A-95EA-43E3-B728-91B52C106C4F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{0574B96B-D3AF-4BDA-8FA1-07D6A6732EF5}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"{829C5FA7-E622-44B6-8611-021EC018D711}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5BC5475C-EE5C-4A8F-B089-8B22CC711F8A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2C2FDAAE-AA2A-4993-A632-94F0292014C8}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{8DFE7B6F-918E-40BA-B464-7098EA2E4C24}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D06BF671-D877-4BBF-818A-011B68A426F4}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{172CCACB-57B4-42E6-8B43-B4F0871C0B04}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3C2C6A10-9783-4610-99A1-CE2B950CB8C5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B08641BB-A158-4D2F-A3F5-A834468F054C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8F9B5A4B-5B9E-4430-9B2A-3ABD4012D7A6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6D13B726-4E78-4462-B5BB-281777A9F1A3}c:\\users\\user\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\user\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{905E3E74-E5E5-4B2D-91F2-1DBC05AA5180}c:\\users\\user\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\user\program files\utorrent\utorrent.exe:utorrent.exe
"{96BDDFBA-72D2-47C3-8BB7-500A895E8070}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ACF52353-A545-4C74-A13C-0D20A23ED44D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{44C5E53C-1006-49B4-98F6-8D522BF9FA90}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{437FF102-DE5B-493D-8F26-B8D95D502F02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D71E00FD-04A8-4906-AA2A-88420636042C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{30FCDC13-44D6-42DF-BCB4-F6E95A41C214}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D9DCFED4-D2F5-4D4F-B30D-3F4D1A994F3A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4555C5B0-504D-43FA-9BE2-95A3DE6C9FCB}"= UDP:c:\users\user\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{477BBDD8-4F69-4E21-827B-3C780EAB6D1D}"= TCP:c:\users\user\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{25F4791D-75A1-4166-A0E9-CEDF34597FB9}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B3BE19B6-7BF2-486C-A68D-F8878A07341C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{A853D388-B053-4B89-A2D4-33B2AB2ED5C2}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1E8E80E2-BF75-428F-AC37-B862884A6317}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{D8B65778-AD4B-4AA0-A3A3-80CFA00EC2F8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{19A0F6DE-BC55-473A-8347-85A04B6C3D43}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-11 1153368]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2007-11-15 48128]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f657ca0-a4e7-11dd-ba48-001d601b9164}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c318cf6a-93b8-11dc-b10f-806e6f6e6963}]
\shell\AutoRun\command - d:\bin\Assetup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-02-16 c:\windows\Tasks\User_Feed_Synchronization-{01B8D45F-3379-4C7F-82BC-9B208811BDD2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à &Bluetooth - c:\program files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17thx5ny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
1 fichier(s) déplacé(s).
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\17thx5ny.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 01:11:06
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(5192)
c:\windows\system32\btmmhook.dll
.
Heure de fin: 2009-02-17 1:13:13
ComboFix-quarantined-files.txt 2009-02-17 00:13:10
Avant-CF: 15 261 511 680 octets libres
Après-CF: 15,236,341,760 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
188 --- E O F --- 2009-02-13 04:44:53
bon et bien contre toutes attente j'ai refait un scan vc spybot ou il ne ma trouvé ke le malware la et il a reussi a le corriger donc j'ai redémaré l'ordi et refait un scan spybot et il ne me trouve plus rien donc tout semble avoir marché je te remercie vraiment
aurai tu une adresse msn comme cela des que j'ai un soucis vu que tu a l'air calé je te demanderai si cela ne te derange pas et on pourra parler aussi sans problème je ne demande qu'a apprendre merci encore
aurai tu une adresse msn comme cela des que j'ai un soucis vu que tu a l'air calé je te demanderai si cela ne te derange pas et on pourra parler aussi sans problème je ne demande qu'a apprendre merci encore
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:23, on 15/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Users\user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\user\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\ASUS\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\user\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outil de notification Live Search.lnk = user\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe