Sujet Précédent Sujet Suivant

Kaspersky anti virul à détecté un anti virus

schtroumph24 Messages postés 124 Statut Membre -  
 schtroumph24 -
Bonjour,
Dons, voila, j'ai désinstallé av8ast suite à une attaque virale assez importante, je crois. au moment de lancer kaspersky, il me détecte AVG 8 et je ne sais pas ce que c'est et de plus, je ne l'ai pas trouvé sur mon ordinateur et j'y suis resté la soirée

Merci de me répondre
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
 
AVG c'est un autre anti-virus ;-)
0
Réponse 2 / 24
jackred Messages postés 245 Statut Membre 13
 
il a juste detecté que tu as un autre anti virus d'installé sur ton PC (avg)
essaye de le desinstaller avant d'installer un autre anti virus
0
Réponse 3 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
Oui, je crois savoir que c'est un anti virus mais il n'est pas visible, je ne sal se trouve et quand je fais une recherche, rien n'est trouve. Et tant qu'il y aura de AVG8, impossible de nettoyer mon pc qui est au bord de l'agonie....Merci
0
Réponse 4 / 24
Utilisateur anonyme
 
Menu Démarrer --> Panneau de configuration --> Ajout/Suppression de programmes --> Clic sur AVG 8 et clic sur désinstaller.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
IL y a a,peut-être le vrai nom en entier et moi je n'aurai que l'abréviation ce qui expliquerai pourquoi ,e ne le trouve nulle pat.....Merci de vos réponses
0
Réponse 6 / 24
Utilisateur anonyme
 
Peut-être "Anti-Virus Guard" ou un truc du style.
0
Réponse 7 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
dans ajout ou suppression ?? de programmes, il n'y a pas de ligné commençant par anti-virus ??
0
Réponse 8 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
je regarde pour en être absolument sur !
0
Réponse 9 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
non, il n'y a rien
0
Réponse 10 / 24
Utilisateur anonyme
 
Dit-nous ceux qu'il y a dans la liste.
0
Réponse 11 / 24
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Salut,

- je me permet d'intervenir,on peut verifier si tu veux avec cet outil de diagnostic

- Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
.
0
schtroumph24 Messages postés 124 Statut Membre 5
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by leymarie at 2009-03-14 00:14:33
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 8 GB (13%) free of 56 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:08, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\leymarie\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\leymarie\Bureau\RSIT.exe
C:\Program Files\trend micro\leymarie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Workflow] E:\install\Workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\leymarie\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: forteManager.lnk = C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-32eeb8f92d503b03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: Google Update Service (gupdate1c98d5e5fc26dd0) (gupdate1c98d5e5fc26dd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
End of file - 12448 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-03 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-26 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll [2008-11-18 42792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]
"StandardInstall"= []
"PivotSoftware"=C:\Program Files\WinPortrait\wpctrl.exe [2004-10-04 694008]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2000-07-12 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-07-12 311350]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-04 28739]
"Workflow"=E:\install\Workflow.exe []
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-08-03 185896]
"EoEngine"=C:\Program Files\EoRezo\EoEngine.exe [2009-02-23 472872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SoftwareHelper"=C:\Documents and Settings\leymarie\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-01-27 251264]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Widget Neuf"=C:\Program Files\Neuf\Widget Neuf\9widget.exe [2008-09-29 709872]
"Google Update"=C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-06 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
forteManager.lnk - C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Documents and Settings\leymarie\Menu Démarrer\Programmes\Démarrage
ENJOY Plus!.lnk - C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
Outil de notification Live Search.lnk - C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus"
"D:\Mes Documents\LimeWire\LimeWire.exe"="D:\Mes Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\leymarie\Mes documents\install_hitachiV47-03.exe"="C:\Documents and Settings\leymarie\Mes documents\install_hitachiV47-03.exe:*:Enabled:Firmware Upgrader Hitachi"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"D:\Nouveau dossier\eMule\emule.exe"="D:\Nouveau dossier\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\leymarie\Mes documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\leymarie\Mes documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

21247-04-04 16:36:59 ----A---- C:\WINDOWS\system32\h323log.txt
21247-04-04 16:34:20 ----A---- C:\WINDOWS\system32\usbui.dll
21247-04-04 16:33:47 ----A---- C:\WINDOWS\imsins.BAK
21247-04-04 16:33:45 ----D---- C:\Program Files\Fichiers communs\ODBC
21247-04-04 16:33:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
21247-04-04 16:33:45 ----A---- C:\WINDOWS\ODBCINST.INI
21247-04-04 16:33:43 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
21247-04-04 16:33:42 ----RD---- C:\Program Files
21247-04-04 16:33:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
21247-04-04 16:33:42 ----D---- C:\Program Files\Fichiers communs
21247-04-04 16:33:40 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
21247-04-04 16:33:40 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
21247-04-04 16:33:40 ----RA---- C:\WINDOWS\system32\kbdazel.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdycc.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbduzb.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdur.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdtat.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdru1.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdru.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdmon.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdbu.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdblr.dll
21247-04-04 16:33:39 ----RA---- C:\WINDOWS\system32\kbdaze.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhept.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdhe.dll
21247-04-04 16:33:37 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
21247-04-04 16:33:36 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
21247-04-04 16:33:36 ----RA---- C:\WINDOWS\system32\kbdlv.dll
21247-04-04 16:33:36 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
21247-04-04 16:33:36 ----RA---- C:\WINDOWS\system32\kbdlt.dll
21247-04-04 16:33:36 ----RA---- C:\WINDOWS\system32\kbdest.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdycl.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdsl.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdro.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdpl.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdhu.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdcz.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\kbdcr.dll
21247-04-04 16:33:34 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
21247-04-04 16:33:32 ----A---- C:\WINDOWS\system32\spxcoins.dll
21247-04-04 16:33:32 ----A---- C:\WINDOWS\system32\irclass.dll
21247-04-04 16:33:32 ----A---- C:\WINDOWS\system32\EqnClass.Dll
21247-04-04 16:33:32 ----A---- C:\WINDOWS\system32\dgsetup.dll
21247-04-04 16:33:32 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
21247-04-04 16:33:30 ----N---- C:\WINDOWS\system32\CONFIG.TMP
21247-04-04 16:33:30 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
21247-04-04 16:33:30 ----A---- C:\WINDOWS\TASKMAN.EXE
21247-04-04 16:33:30 ----A---- C:\WINDOWS\system32\batt.dll
21247-04-04 16:33:30 ----A---- C:\WINDOWS\notepad.exe
21247-04-04 16:33:29 ----A---- C:\WINDOWS\system32\storprop.dll
21247-04-04 16:33:28 ----RA---- C:\WINDOWS\SET22.tmp
21247-04-04 16:33:27 ----RA---- C:\WINDOWS\SET21.tmp
21247-04-04 16:33:27 ----RA---- C:\WINDOWS\SET16.tmp
21247-04-04 16:33:26 ----RA---- C:\WINDOWS\SET20.tmp
21247-04-04 16:33:26 ----RA---- C:\WINDOWS\SET15.tmp
21247-04-04 16:33:25 ----RA---- C:\WINDOWS\SET14.tmp
21247-04-04 16:33:24 ----RA---- C:\WINDOWS\SET7.tmp
21247-04-04 16:33:22 ----RA---- C:\WINDOWS\SET3.tmp
21247-04-04 16:33:18 ----D---- C:\WINDOWS\system32\CatRoot2
21247-04-04 16:33:18 ----D---- C:\WINDOWS\system32\CatRoot
21247-04-04 16:33:14 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
21247-04-04 16:33:02 ----A---- C:\WINDOWS\setuplog.txt
21247-04-04 16:32:59 ----DC---- C:\Documents and Settings
2009-03-14 00:14:33 ----DC---- C:\rsit
2009-03-13 22:59:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-13 20:24:35 ----DC---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-13 20:24:35 ----D---- C:\Program Files\Avira
2009-03-13 20:18:43 ----D---- C:\Program Files\EoRezo
2009-03-13 18:08:51 ----DC---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-03-13 17:40:13 ----AC---- C:\Documents and Settings\All Users\Application Data\xml77.tmp
2009-03-12 23:14:15 ----AC---- C:\Documents and Settings\All Users\Application Data\xmlB3.tmp
2009-03-12 18:21:42 ----D---- C:\Program Files\Fichiers communs\BitDefender
2009-03-12 00:02:04 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 23:51:53 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-03-11 23:36:25 ----D---- C:\Program Files\QUAD Utilities
2009-03-11 08:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 08:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 08:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 22:45:23 ----D---- C:\Program Files\EnveloppesEditor1.09
2009-03-01 22:36:45 ----A---- C:\WINDOWS\yesmessenger.ini
2009-03-01 22:34:42 ----D---- C:\Program Files\PurFlirt
2009-02-25 06:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-02-24 21:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 23:26:43 ----DC---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-02-17 00:42:11 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 1 months======

21247-04-04 16:33:30 ----ASH---- C:\Documents and Settings\leymarie\Application Data\desktop.ini
2009-03-14 00:15:08 ----D---- C:\Program Files\Trend Micro
2009-03-13 23:54:38 ----D---- C:\Program Files\Mozilla Firefox
2009-03-13 23:49:18 ----D---- C:\WINDOWS\Temp
2009-03-13 23:46:43 ----D---- C:\WINDOWS\system32\drivers
2009-03-13 23:46:43 ----D---- C:\WINDOWS
2009-03-13 23:46:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-13 22:55:39 ----DC---- C:\Documents and Settings\leymarie\Application Data\EoRezo
2009-03-13 19:37:37 ----SHD---- C:\WINDOWS\Installer
2009-03-13 19:27:01 ----D---- C:\Program Files\Yahoo!
2009-03-13 18:42:52 ----D---- C:\WINDOWS\system32
2009-03-13 18:38:58 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-13 18:13:18 ----SHDC---- C:\Config.Msi
2009-03-13 07:08:27 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-12 23:14:15 ----AC---- C:\Documents and Settings\All Users\Application Data\xmlE0.tmp
2009-03-12 23:14:15 ----AC---- C:\Documents and Settings\All Users\Application Data\xmlDE.tmp
2009-03-12 23:14:15 ----AC---- C:\Documents and Settings\All Users\Application Data\xmlDD.tmp
2009-03-12 07:10:26 ----D---- C:\Program Files\JkDefrag
2009-03-12 00:35:27 ----HD---- C:\WINDOWS\inf
2009-03-12 00:34:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 23:59:42 ----D---- C:\WINDOWS\WinSxS
2009-03-11 23:41:35 ----D---- C:\WINDOWS\system32\wbem
2009-03-11 23:38:02 ----D---- C:\WINDOWS\system32\config
2009-03-11 23:37:48 ----D---- C:\WINDOWS\Registration
2009-03-11 23:36:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-11 23:36:24 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 17:49:26 ----D---- C:\WINDOWS\Prefetch
2009-03-11 06:53:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 07:12:18 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2009-03-01 14:16:05 ----RSD---- C:\WINDOWS\assembly
2009-03-01 14:14:05 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-01 14:03:43 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-01 14:03:34 ----RSD---- C:\WINDOWS\Fonts
2009-03-01 09:45:07 ----A---- C:\WINDOWS\system32\wpa.bak
2009-02-26 08:15:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-25 08:17:31 ----A---- C:\WINDOWS\RTacDbg.txt
2009-02-25 06:47:48 ----SD---- C:\WINDOWS\Tasks
2009-02-24 21:13:38 ----D---- C:\WINDOWS\system32\fr-fr
2009-02-24 21:08:24 ----D---- C:\WINDOWS\system32\en-us
2009-02-20 23:41:34 ----DC---- C:\Documents and Settings\leymarie\Application Data\Macromedia
2009-02-20 23:41:30 ----D---- C:\WINDOWS\system32\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 pivot;pivot; C:\WINDOWS\system32\drivers\pivot.sys [2004-10-04 15913]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-23 21035]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 PDIHWCTL;PDIHWCTL; C:\WINDOWS\system32\drivers\PDIHWCTL.sys [2003-01-29 14416]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NtApm;Pilote d'interface NT APM/hérité; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-23 9472]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys [2004-07-06 44544]
S3 catchme;catchme; \??\C:\DOCUME~1\leymarie\LOCALS~1\Temp\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-19 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-19 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-19 21568]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-09 611664]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe [2004-10-04 57344]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-29 66872]
S2 gupdate1c98d5e5fc26dd0;Google Update Service (gupdate1c98d5e5fc26dd0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
0
Réponse 12 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
Wefreg
webfldrs XP
0
Réponse 13 / 24
Utilisateur anonyme
 
??? c'est tout ?
tu doit en avoir plus que sa des programmes !

Tu est bien dans la fenêtre de "Ajout/Suppression de programmes"
0
Réponse 14 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
ok je suis en train de lancer l'application http://images.malwareremoval.com/random/RSIT.exe
0
Réponse 15 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by leymarie at 2009-03-14 00:14:33
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 8 GB (13%) free of 56 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:08, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\leymarie\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Neuf\Widget Neuf\9widget.exe
C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\leymarie\Bureau\RSIT.exe
C:\Program Files\trend micro\leymarie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Workflow] E:\install\Workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\leymarie\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Widget Neuf] "C:\Program Files\Neuf\Widget Neuf\9widget.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leymarie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\leymarie\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: forteManager.lnk = C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-32eeb8f92d503b03.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: Google Update Service (gupdate1c98d5e5fc26dd0) (gupdate1c98d5e5fc26dd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
0
Réponse 16 / 24
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Ok, une petite verification :

- Telecharges ToolbarSD et enregistres le sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

- Desactives la garde residente de ton antivirus et la garde de ton antispyware
pour Spybot, desactives le tea-timer >> ouvres spybot >> clic sur " Mode > avancé > outil > resident > tea-timer et decoches la case
- Lances l'installation en executant le fichier téléchargé
- Fermes toutes les apllications en cours et double clic sur Toolbarsd.exe
- Selectionnes la langue et presse la touche ENTREE
- Selectionnes l'option1 au menu et patientes le temps de la recherche
- A la fin de la recherche, un rapport s'affichera, postes son contenu
.
0
Réponse 17 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
pour le rapport voila
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : BIOS Date: 08/18/04 16:10:44 Ver: 08.00.09
USER : leymarie ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:11 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:76 Go (Free:23 Go)
H:\ (USB) - FAT32 - Total:960 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:498 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 14/03/2009| 0:51 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(leymarie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://y.lo.st"
"Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"First Home Page"="http://lo.st#first"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="https://www.msn.com/fr-fr/"
"Start Page"="http://www.lo.st"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\leymarie\Bureau\dossier schared … graver\Eminem - Crack a Bottle (Dirty).mp3
C:\DOCUME~1\leymarie\Bureau\pps pps pps\Registry Mechanic 8 Newest Version + Crack!.torrent

1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2009| 0:54 - Option : [1]

-----------\\ Fin du rapport a 0:54:48,94
Ensuite comment je fais pour retrouver l'état initial de l'installation...Merci
0
Réponse 18 / 24
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
- Supprimes tes cracks, ils sont à l'origine de tes problèmes :

C:\DOCUME~1\leymarie\Bureau\dossier schared … graver\Eminem - Crack a Bottle (Dirty).mp3
C:\DOCUME~1\leymarie\Bureau\pps pps pps\Registry Mechanic 8 Newest Version + Crack!.torrent

- Telecharges Ccleaner : https://filehippo.com/download_ccleaner/

- Pendant l'installation, décoches la case proposant la barre Yahoo et celle proposant d'ajouter l'options des mises a jours..
- Une fois installé, fermes toutes les applications en cours et lances Ccleaner
- clic sur mode avancé et décoche la case " effacer les fichiers du....plus vieux que 48h, ne touches pas aux autres parametres
- Clic sur "Nettoyeur " >> " analyse " >> et lances le nettoyage, puis refermes le programme

* telecharge SDFix sur ton bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

- Fermes toutes les applications en cours, puis double clic sur le raccourci de ton bureau
- Clic sur " Install " pour l'extraire dans un dossier dedié

- Redemarres ton pc en mode sans echec :
- Au demarrage du pc, tapotes sur la touche F8 ou F5 du clavier juste aprés le bip du bios et avant le logo " windows "
- Un ecran avec plusieurs choix apparaitra > selectionnes " mode sans echec " et valides par la touche " Entrée " de ton clavier

- Une fois en " mode sans echec " , ouvres le fichier créé, puis double clic sur " Runthis.bat "
- Une fenetre noir apparait, appuies sur la touche " Y " pour lancer le nettoyage
- Le bureau va disparaitre, c'est normal
- L'outil va travailler, patientes jusqu'à la fin du scan
- Une fois terminé, Sdfix te signalera que l'ordi doit redemarrer, acceptes en pressant une touche..
- Le pc va redemarrer en mode normal, une fois ton bureau en place, il va générer un rapport
- Sauvegardes le et poste son contenu ( tu le trouveras aussi à c:\report.txt)
.
0
schtroumph24
 
j'ai bien désinstaller les cracks en question puis j'ai exécuter SDFix en mode sans échec mais la impossible d'aller plus loin ça bloque tout alors, je l'ai exécuté en mode normal et voici le résultat.

SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)

Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html

A préciser qu'à ce stade l'ordi bloque toujours autant et rien ne peut se mettre à jour. Mais en tout cas merci de votre coup de main et à bientôt je l'espère. La je suis obligé de m'absenter mais je serais la vers 13 heures



SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)

Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées

Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix

Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html



Voila le rapport de sSDFix : Remarrque, impossible de l'exécuter en mode sans échec, ça bloque tout et je ne peux rien faire. Par contre, j'ai désinstallé les


SDFix wurde nach %systemdrive%\SDFix\ entpackt
(Das ist das laufwerk welches den Windows Ordner enthält - normalerweise c:\SDFix)

Öffe den SDFix Ordner im Abgesicherten Modus und doppelklicke zum starten die RunThis.bat Datei
Sollte die RunThis.bat im normalen Modus gestartet werden, wird einem die Möglichkeiten geboten Antivirenscanner für die Kommandozeile
(Dosbox) downzuloaden.

Das Programm Catchme Malware Detector von Gmer ist auch im SDFix Ordner enthalten.

Zusätzliche SDFix Anleitungen und Screen Shots können hier nach geschaut werden: [url="http://www.bleepingcomputer.com/forums/topic131299.html"]http://www.bleepingcomputer.com/forums/topic131299.html/url
0
Réponse 19 / 24
schtroumph24 Messages postés 124 Statut Membre 5
 
TRès bien, mais je ne vois pas ou je vais trouver les cracs pour les supprimer ?
Ne faudrait'il pas mieux de désinstaller le dossier chared ?
0
Réponse 20 / 24
Utilisateur anonyme
 
Oups, mauvais endroit pour mon message...
0

Discussions similaires

Mac comment taper l'inverse d'un slash (/) ?
caldu -
@Adriendu10_MC sur Twitter -

12 réponses
Le Backslash
ClownClone -
baladur13 -

12 réponses
Comment taper le anti slash?
Flagadatof -
SANG -

26 réponses
comment obtenir un slash inversé ?
Quynh-Anh -
Quynh-Anh -

5 réponses
Antislash sur AZERTY
dahamzi63 -
moh -

11 réponses