Sujet Précédent Sujet Suivant

PC lent a Priori aucun virus detecté par AVG

Fermé
Utilisateur anonyme - 31 mars 2009 à 11:43
 Utilisateur anonyme - 10 avril 2009 à 22:01
Bonjour,
Depuis quelques temps, mon PC est extrêmement lent.

Voici un rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 11:43:23, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\OO Software\Defrag Professional\oodcnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\DOCUME~1\MAXIME~1.MAX\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\afptk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kavxuyo.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553536000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A3147B-448F-488A-AC21-371D45581257}: NameServer = 192.168.0.2,193.131.248.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: text/html - {B2008D17-F16D-46D7-B9E6-D7C1208D4D6D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Administration Service - Unknown owner - C:\WINDOWS\system32\0MAC0.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\xampp\service.exe
A voir également:

13 réponses

Réponse 1 / 13
Utilisateur anonyme
31 mars 2009 à 11:48
Bonjour,
Malwarebytes' Anti-malware: Ce logiciel supprime les malwares, et détecte les
trojans, les rogues, les adwares.
Le télécharger [ http://www.clubic.com/telecharger-fiche215092-malwarebytes-
anti-malware.html
S'il te manque "COMCTL32.OCX" lors de l'installation, le télécharger
http://www.malekal.com/download/comclt32.ocx
L'enregistrer sur le bureau
Double-clic sur l'icône "Download_mbam-setup.exe" pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepter
Il va se mettre à jour une fois faite
Se rendre dans l'onglet "recherche"
Sélectionner "exécuter un examen complet"
Cliquer sur "rechercher"
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Cliquer sur "afficher les résultats" pour afficher les objets trouvés
Cliquer sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur "afficher les résultats"
Sélectionner tout (ou laisser coché)
Cliquer sur "supprimer la sélection"
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarrer le PC
Une fois redémarré, double-cliquer sur Malewarebytes
Se rendre dans l'onglet rapport/log
Cliquer dessus pour l'afficher une fois affiché, cliquer sur "édition" en haut du
bloc-note puis sur "sélectionner tout"
Recliquer sur "édition", puis sur "copier" et revenir sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
0
Réponse 2 / 13
Utilisateur anonyme
31 mars 2009 à 15:04
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1923
Windows 5.1.2600 Service Pack 2

31/03/2009 15:03:32
mbam-log-2009-03-31 (15-03-32).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 208006
Temps écoulé: 2 hour(s), 59 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (regedit.exe %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Utilisateur anonyme
31 mars 2009 à 16:16
Redémarrer le pc et va dans l'onglet quarantaine et vides la en cliquant sur "tout supprimer"
0
Réponse 3 / 13
Utilisateur anonyme
1 avril 2009 à 10:37
c'est fait, mais il est encore très lent malgrès une légère amélioration. (Entre temps, j'ai défragmenté)
0
Utilisateur anonyme
1 avril 2009 à 14:09
Ouh la la ! J'avais pas vu la version hijackthis est périmée, il faudrai me télécharger la version 2.0.2 et me refaire
un rapport
0
Réponse 4 / 13
Utilisateur anonyme
1 avril 2009 à 17:21
En effet,

Voici donc le log de la v.2.02 :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:55, on 01/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\afptk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,kavxuyo.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553536000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A3147B-448F-488A-AC21-371D45581257}: NameServer = 192.168.0.2,193.131.248.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {B2008D17-F16D-46D7-B9E6-D7C1208D4D6D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\xampp\apache\bin\apache.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Administration Service - Unknown owner - C:\WINDOWS\system32\0MAC0.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\xampp\service.exe
0
Utilisateur anonyme
1 avril 2009 à 22:16
Tu as encore des infections, je cherche en ce moment comment les supprimer
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Utilisateur anonyme
3 avril 2009 à 10:37
Je me demandais si le fichier kavxuyo.exe n'était pas une variante du virus Kavo - J'ai lancé un combofix et voici les logs de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:42, on 03/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553536000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A3147B-448F-488A-AC21-371D45581257}: NameServer = 192.168.0.2,193.131.248.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\xampp\apache\bin\apache.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Administration Service - Unknown owner - C:\WINDOWS\system32\0MAC0.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\xampp\service.exe
0
Utilisateur anonyme
3 avril 2009 à 14:25
Bonjour, il faut faire attention avec combo fix car c'est un logiciel très puissant, mis entre mauvaises mains, et mal utilisé, il peut faire des dégats. Pourrai-je avoir le rapport de combo fix ?
0
Réponse 6 / 13
Utilisateur anonyme
7 avril 2009 à 11:36
Voici le rapport de combo fix :

ComboFix 09-04-01.01 - Maxime Lerouge 2009-04-03 10:17:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.599 [GMT 2:00]
Lancé depuis: c:\documents and settings\Maxime Lerouge.MAXIME\Bureau\temporaire\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Mkz1REALA.dll
c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\rbap550.dll
c:\windows\system32\setup.ini
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-31 11:54 . 2009-03-31 11:54 <REP> d-------- c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Malwarebytes
2009-03-31 11:53 . 2009-03-31 11:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 11:53 . 2009-03-31 11:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 11:53 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-31 11:53 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-30 19:39 . 2009-04-01 20:01 <REP> d--h----- C:\$AVG8.VAULT$
2009-03-30 11:01 . 2009-03-30 11:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-30 11:01 . 2009-03-30 11:01 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-30 11:01 . 2009-03-30 11:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-30 11:00 . 2009-04-02 17:28 <REP> d-------- c:\windows\system32\drivers\Avg
2009-03-30 11:00 . 2009-03-30 11:00 <REP> d-------- c:\program files\AVG
2009-03-30 11:00 . 2009-03-30 11:12 <REP> d-------- c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\AVGTOOLBAR
2009-03-30 11:00 . 2009-03-30 11:00 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-30 10:52 . 2009-03-30 10:52 <REP> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 11:07 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-30 08:25 --------- d-----w c:\program files\Runtime Software
2009-03-30 08:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 10:54 --------- d-----w c:\program files\Notepad++
2009-02-23 12:22 --------- d-----w c:\program files\Intel Desktop Board
2009-02-10 11:03 --------- d---a-w c:\program files\Canon
2008-03-13 13:42 65,536 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\noBevelButton.DLL
2008-03-13 13:42 33,792 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\PLUtil.DLL
2008-03-13 13:41 57,344 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\groundControl.DLL
2008-03-13 13:41 28,160 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\fcPlacard.DLL
2007-03-23 11:39 84 ----a-w c:\documents and settings\Maxime Lerouge.MAXIME\sfdb_ou.dat
2009-01-15 15:36 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-15 15:36 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-15 15:36 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-15 15:36 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-15 15:36 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-08 12:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090820080909\index.dat
2006-11-24 16:40 9,300,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2006-11-24 16:40 711,456 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]
"Google Update"="c:\documents and settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-30 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Maxime Lerouge.MAXIME\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-06 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-02-21 82026]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-06 110592]
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-08-29 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-30 11:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime Lerouge.MAXIME^Menu Démarrer^Programmes^Démarrage^WinMySQLadmin.lnk]
path=c:\documents and settings\Maxime Lerouge.MAXIME\Menu Démarrer\Programmes\Démarrage\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe\EasyLogin.exe]
1&1 Connexion directe HIDE [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Zope_1095305762"=2 (0x2)
"winvnc"=2 (0x2)
"Persits Software EmailAgent"=2 (0x2)
"pcAnywhere Install Service"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\xampp\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\xampp\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-30 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-30 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-30 298264]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-20 14336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-12-02 6016]
S2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S2 Remote Administration Service;Remote Administration Service;"c:\windows\system32\[u]0/uMAC0.EXE" --> c:\windows\system32\[u]0/uMAC0.EXE [?]
S2 XAMPP;XAMPP Service;c:\program files\xampp\xampp\service.exe [2005-03-12 60928]
S3 bodrive;bodrive;\??\c:\windows\system32\bodrive.sys --> c:\windows\system32\bodrive.sys [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]
S4 pcAnywhere Install Service;pcAnywhere Install Service;c:\program files\Symantec\pcAnywhere\pca_run.exe --> c:\program files\Symantec\pcAnywhere\pca_run.exe [?]
S4 Zope_1095305762;Zope instance at c:\zope;"c:\Program Files\Zope-2.9.3\bin\PythonService.exe" --> c:\program files\Zope-2.9.3\bin\PythonService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9248a1-a7a0-11db-bbf7-001320352b7c}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349673787-3388333018-3007657496-1006.job
- c:\documents and settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 18:26]

2005-06-02 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 13:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-fjjjl - c:\windows\system32\jvxpkt.exe
MSConfigStartUp-imchjr - c:\windows\system32\jvxpkt.exe
MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
MSConfigStartUp-WinVNC - c:\program files\TightVNC\WinVNC.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/frsupportmodule=5004&error=184&language=French&product=NIS&version=8.0.2.5&build=RETAIL
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: elitemediagroup.net
Trusted Zone: media-motor.net
Trusted Zone: mmohsix.com
TCP: {C3A3147B-448F-488A-AC21-371D45581257} = 192.168.0.2,193.131.248.2
DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} - hxxp://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
FF - ProfilePath - c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Mozilla\Firefox\Profiles\pkqu07vk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np32dsw.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPAdbESD.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPXStandard.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 10:22:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]
"ImagePath"="C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]
"ImagePath"="C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="88F2D1E62A43BA1674A97308B568DFC5688F008C73610BF386A5C60F002BDA74BADAE0A09E9905A46D77622A14C5F59384216064D3983BB732E4C6D46F633EC21855FB64E802D574313FD27BC3139D879DDED4BF71C0A5ADA6B54FC708926D9629E53EFCCBD8328E40227F718820092747AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CA2D97226D213B555200DF75F27AACFC331857B113BD025C332E38DF3F94D31FC51231E0308690958AFB353EB8DAF11BA99DB5F7D5195707A87ABAEB5A9BA69F5F5F95A51B6AF792E027F75F7EE52C5746872A0EE7BB65E2C443D79E1E4A24F1723BA4937119A00B2EB1419790C75E32B10957FCAA68EFA54952D506E677A223BE5E392DC3DD7B3C4F4F549699520785CB5F30BFCB29C67B0DD74EAD8DBDA37027C55B2EE56383E055A116846B5FC21CAB2222AF37406574534EE5320E48078D0DAD3F79EE9B35D588BB32A90845B12FB931517A1329293D863DC69C7164DE24FA78A0720F8E3E4E62F0F19CE132E923A1C2A5F7CA82D77F669E25FD779C408694086D7AB7A85BA9F1DB98F0B630D7C15C02063008866F46E798ABADA8C8F0CCFB3B8367F597BD73360AFBED1EBB0C15C2A9BDAAB74728E53783ED7E13FFC2AF5C376C1D9F14BCB96BA4E2DB41A796327B722CE0006A85DFA8250E4FE76FA2E94E9F86E02979FB80320D7B2CA4A6BF9D0F8A01D8548060E03E6F2E4CB0D20F928505E033F8EC4D4F4BA727B2DD0AA3075B4E47746BC285F4825C02F634EA582EF58A71C5E92AD69AEE32A8878F405C5796424644F54D4A7EE76B3ECE3FAE751EF923AA93052F0D535AE6B2FCFF0E78D00B5F4BB36FA744D5E442F9DF1C9E603F049DE6F09ED468DD0DF091758F3E46EF688D2AC8F89904E412EF516B5E249C900774504C1FB8E148EEEB93F3B22B5E389F49C39F6D15BB9878530F9DAE2D66A6B4BFBD536864805C0081976A511B3FDAAC195B60A1627B4E350EAC4115BFCBEC8A97AA1C88B9C0FFB0C23E14ACB5DDF11EF664EEC116DF5CC4B16470A51CBB3EE2A98FC5D7DD2F31990BC7A5FD1D63F372D997FC4EB494B7D628622803DF8C9FA9615CF5C435B0B36DCA98D1D96E56AD9E19F1A3DC87A16F5B9F3CC2E0C5D18CDF08FD3B13446BC346D17BB4201763D7CA54A4584BA63C779A87B12522075460A6B101CCF21C987377391788F6C96ADE447D17ACD4A0F698EB71D91B24DE11298ECFD89294A4000A8520B0E4BA5F8419B4851064F73A79880A63E3D14DD68CC2512A65539E627CA36A55C983F737694F15D498CC3A57D845FE6A5DA458CF25B20A9BC0B7A20A0A1D1B5BD09B88987D577711B81E8C404F17B200086138C8BB8BDB855896D1472"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\xampp\xampp\apache\bin\apache.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\xampp\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\oodag.exe
c:\program files\xampp\xampp\apache\bin\apache.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-03 10:27:23 - La machine a redémarré [Maxime Lerouge]
ComboFix-quarantined-files.txt 2009-04-03 08:26:57

Avant-CF: 57,042,882,560 octets libres
Après-CF: 56,958,492,672 octets libres

215 --- E O F --- 2009-03-18 16:38:10
0
Réponse 7 / 13
Utilisateur anonyme
7 avril 2009 à 11:36
Voici le rapport de combo fix :

ComboFix 09-04-01.01 - Maxime Lerouge 2009-04-03 10:17:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.599 [GMT 2:00]
Lancé depuis: c:\documents and settings\Maxime Lerouge.MAXIME\Bureau\temporaire\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Mkz1REALA.dll
c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\rbap550.dll
c:\windows\system32\setup.ini
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-31 11:54 . 2009-03-31 11:54 <REP> d-------- c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Malwarebytes
2009-03-31 11:53 . 2009-03-31 11:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 11:53 . 2009-03-31 11:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 11:53 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-31 11:53 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-30 19:39 . 2009-04-01 20:01 <REP> d--h----- C:\$AVG8.VAULT$
2009-03-30 11:01 . 2009-03-30 11:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-30 11:01 . 2009-03-30 11:01 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-30 11:01 . 2009-03-30 11:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-30 11:00 . 2009-04-02 17:28 <REP> d-------- c:\windows\system32\drivers\Avg
2009-03-30 11:00 . 2009-03-30 11:00 <REP> d-------- c:\program files\AVG
2009-03-30 11:00 . 2009-03-30 11:12 <REP> d-------- c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\AVGTOOLBAR
2009-03-30 11:00 . 2009-03-30 11:00 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-30 10:52 . 2009-03-30 10:52 <REP> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 11:07 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-30 08:25 --------- d-----w c:\program files\Runtime Software
2009-03-30 08:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 10:54 --------- d-----w c:\program files\Notepad++
2009-02-23 12:22 --------- d-----w c:\program files\Intel Desktop Board
2009-02-10 11:03 --------- d---a-w c:\program files\Canon
2008-03-13 13:42 65,536 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\noBevelButton.DLL
2008-03-13 13:42 33,792 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\PLUtil.DLL
2008-03-13 13:41 57,344 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\groundControl.DLL
2008-03-13 13:41 28,160 ---ha-w c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\fcPlacard.DLL
2007-03-23 11:39 84 ----a-w c:\documents and settings\Maxime Lerouge.MAXIME\sfdb_ou.dat
2009-01-15 15:36 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-15 15:36 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-15 15:36 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-15 15:36 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-15 15:36 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-08 12:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090820080909\index.dat
2006-11-24 16:40 9,300,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2006-11-24 16:40 711,456 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]
"Google Update"="c:\documents and settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-30 1932568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Maxime Lerouge.MAXIME\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-06 110592]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-02-21 82026]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-06 110592]
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-08-29 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-30 11:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime Lerouge.MAXIME^Menu Démarrer^Programmes^Démarrage^WinMySQLadmin.lnk]
path=c:\documents and settings\Maxime Lerouge.MAXIME\Menu Démarrer\Programmes\Démarrage\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe\EasyLogin.exe]
1&1 Connexion directe HIDE [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Zope_1095305762"=2 (0x2)
"winvnc"=2 (0x2)
"Persits Software EmailAgent"=2 (0x2)
"pcAnywhere Install Service"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\xampp\\xampp\\MercuryMail\\mercury.exe"=
"c:\\Program Files\\xampp\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-30 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-30 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-30 298264]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-20 14336]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-12-02 6016]
S2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
S2 Remote Administration Service;Remote Administration Service;"c:\windows\system32\[u]0/uMAC0.EXE" --> c:\windows\system32\[u]0/uMAC0.EXE [?]
S2 XAMPP;XAMPP Service;c:\program files\xampp\xampp\service.exe [2005-03-12 60928]
S3 bodrive;bodrive;\??\c:\windows\system32\bodrive.sys --> c:\windows\system32\bodrive.sys [?]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]
S4 pcAnywhere Install Service;pcAnywhere Install Service;c:\program files\Symantec\pcAnywhere\pca_run.exe --> c:\program files\Symantec\pcAnywhere\pca_run.exe [?]
S4 Zope_1095305762;Zope instance at c:\zope;"c:\Program Files\Zope-2.9.3\bin\PythonService.exe" --> c:\program files\Zope-2.9.3\bin\PythonService.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9248a1-a7a0-11db-bbf7-001320352b7c}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349673787-3388333018-3007657496-1006.job
- c:\documents and settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 18:26]

2005-06-02 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 13:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-fjjjl - c:\windows\system32\jvxpkt.exe
MSConfigStartUp-imchjr - c:\windows\system32\jvxpkt.exe
MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
MSConfigStartUp-WinVNC - c:\program files\TightVNC\WinVNC.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/frsupportmodule=5004&error=184&language=French&product=NIS&version=8.0.2.5&build=RETAIL
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: elitemediagroup.net
Trusted Zone: media-motor.net
Trusted Zone: mmohsix.com
TCP: {C3A3147B-448F-488A-AC21-371D45581257} = 192.168.0.2,193.131.248.2
DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} - hxxp://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
FF - ProfilePath - c:\documents and settings\Maxime Lerouge.MAXIME\Application Data\Mozilla\Firefox\Profiles\pkqu07vk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np32dsw.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPAdbESD.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPSWF32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPXStandard.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 10:22:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]
"ImagePath"="C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySql]
"ImagePath"="C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="88F2D1E62A43BA1674A97308B568DFC5688F008C73610BF386A5C60F002BDA74BADAE0A09E9905A46D77622A14C5F59384216064D3983BB732E4C6D46F633EC21855FB64E802D574313FD27BC3139D879DDED4BF71C0A5ADA6B54FC708926D9629E53EFCCBD8328E40227F718820092747AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CA2D97226D213B555200DF75F27AACFC331857B113BD025C332E38DF3F94D31FC51231E0308690958AFB353EB8DAF11BA99DB5F7D5195707A87ABAEB5A9BA69F5F5F95A51B6AF792E027F75F7EE52C5746872A0EE7BB65E2C443D79E1E4A24F1723BA4937119A00B2EB1419790C75E32B10957FCAA68EFA54952D506E677A223BE5E392DC3DD7B3C4F4F549699520785CB5F30BFCB29C67B0DD74EAD8DBDA37027C55B2EE56383E055A116846B5FC21CAB2222AF37406574534EE5320E48078D0DAD3F79EE9B35D588BB32A90845B12FB931517A1329293D863DC69C7164DE24FA78A0720F8E3E4E62F0F19CE132E923A1C2A5F7CA82D77F669E25FD779C408694086D7AB7A85BA9F1DB98F0B630D7C15C02063008866F46E798ABADA8C8F0CCFB3B8367F597BD73360AFBED1EBB0C15C2A9BDAAB74728E53783ED7E13FFC2AF5C376C1D9F14BCB96BA4E2DB41A796327B722CE0006A85DFA8250E4FE76FA2E94E9F86E02979FB80320D7B2CA4A6BF9D0F8A01D8548060E03E6F2E4CB0D20F928505E033F8EC4D4F4BA727B2DD0AA3075B4E47746BC285F4825C02F634EA582EF58A71C5E92AD69AEE32A8878F405C5796424644F54D4A7EE76B3ECE3FAE751EF923AA93052F0D535AE6B2FCFF0E78D00B5F4BB36FA744D5E442F9DF1C9E603F049DE6F09ED468DD0DF091758F3E46EF688D2AC8F89904E412EF516B5E249C900774504C1FB8E148EEEB93F3B22B5E389F49C39F6D15BB9878530F9DAE2D66A6B4BFBD536864805C0081976A511B3FDAAC195B60A1627B4E350EAC4115BFCBEC8A97AA1C88B9C0FFB0C23E14ACB5DDF11EF664EEC116DF5CC4B16470A51CBB3EE2A98FC5D7DD2F31990BC7A5FD1D63F372D997FC4EB494B7D628622803DF8C9FA9615CF5C435B0B36DCA98D1D96E56AD9E19F1A3DC87A16F5B9F3CC2E0C5D18CDF08FD3B13446BC346D17BB4201763D7CA54A4584BA63C779A87B12522075460A6B101CCF21C987377391788F6C96ADE447D17ACD4A0F698EB71D91B24DE11298ECFD89294A4000A8520B0E4BA5F8419B4851064F73A79880A63E3D14DD68CC2512A65539E627CA36A55C983F737694F15D498CC3A57D845FE6A5DA458CF25B20A9BC0B7A20A0A1D1B5BD09B88987D577711B81E8C404F17B200086138C8BB8BDB855896D1472"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\xampp\xampp\apache\bin\apache.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\xampp\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\oodag.exe
c:\program files\xampp\xampp\apache\bin\apache.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-03 10:27:23 - La machine a redémarré [Maxime Lerouge]
ComboFix-quarantined-files.txt 2009-04-03 08:26:57

Avant-CF: 57,042,882,560 octets libres
Après-CF: 56,958,492,672 octets libres

215 --- E O F --- 2009-03-18 16:38:10
0
Utilisateur anonyme
7 avril 2009 à 11:45
Bonjour t'a bien eu du courage à utiliser l'artillerie lourde, combo fix a supprimé quelques éléments indésirables
télécharge Ccleaner [ https://filehippo.com/download_ccleaner/ ]
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
0
Réponse 8 / 13
Utilisateur anonyme
9 avril 2009 à 11:02
Bonjour et encore merci du temps que tu accordes à mon problème,

en fait, j'avais déjà installé CCleaner, je n'avais jamais fait les manips que tu m'explique plus haut.
Je les ai effectué.
Dois-je t'envoyer de nouveaux logs de hijackthis ou de combofix ?
0
Utilisateur anonyme
9 avril 2009 à 14:26
Boujour, faut pas trop jouer avec combo fix car il est puissant et tu pourrai endommager ton pc si tu fait pas attention
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 9 / 13
Utilisateur anonyme
10 avril 2009 à 10:08
Bonjour,
Voici donc le fichier log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Maxime Lerouge at 2009-04-10 10:05:47
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 54 GB (73%) free of 73 GB
Total RAM: 1022 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:02, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\xampp\xampp\xampp-control.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\RSIT.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\Maxime Lerouge.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C79F0120-EF94-4FAC-8248-6F30B92E9524} (AdValiderInterface Class) - http://www.journal-officiel.gouv.fr/verifier/AdValiderWeb_DJO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553536000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A3147B-448F-488A-AC21-371D45581257}: NameServer = 192.168.0.2,193.131.248.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\xampp\apache\bin\apache.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSSQL$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Administration Service - Unknown owner - C:\WINDOWS\system32\0MAC0.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$INVENTORCONTENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\xampp\service.exe
0
Réponse 10 / 13
Utilisateur anonyme
10 avril 2009 à 10:09
Et le fichier info.txt :

info.txt logfile of random's system information tool 1.06 2009-04-10 10:06:07

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\HijackThis.exe" /uninstall
ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 2.0 Runtime-->MsiExec.exe /X{6EF75643-E1C3-4954-AC7D-FCEE1656D800}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
poEdit 1.3.6-->"C:\Program Files\poEdit\unins000.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XAMPP 1.5.3a-->"C:\Program Files\xampp\xampp\uninstall.exe"

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/ [2009-04-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens [2009-04-03]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MAX
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 54011
Source Name: Service Control Manager
Time Written: 20090220100227.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 54010
Source Name: Service Control Manager
Time Written: 20090220100224.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan.

Record Number: 54009
Source Name: Service Control Manager
Time Written: 20090220100223.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MAX
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 54008
Source Name: Service Control Manager
Time Written: 20090220100221.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 54007
Source Name: Service Control Manager
Time Written: 20090220100216.000000+060
Event Type: Informations
User: MAX\Maxime Lerouge

=====Application event log=====

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10603
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10602
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10601
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10600
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10599
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Fichiers communs\Autodesk Shared;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANG"=fr

-----------------EOF-----------------
0
Réponse 11 / 13
Utilisateur anonyme
10 avril 2009 à 10:09
Et le fichier info.txt :

info.txt logfile of random's system information tool 1.06 2009-04-10 10:06:07

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\HijackThis.exe" /uninstall
ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 2.0 Runtime-->MsiExec.exe /X{6EF75643-E1C3-4954-AC7D-FCEE1656D800}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
poEdit 1.3.6-->"C:\Program Files\poEdit\unins000.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XAMPP 1.5.3a-->"C:\Program Files\xampp\xampp\uninstall.exe"

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/ [2009-04-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens [2009-04-03]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MAX
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 54011
Source Name: Service Control Manager
Time Written: 20090220100227.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 54010
Source Name: Service Control Manager
Time Written: 20090220100224.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan.

Record Number: 54009
Source Name: Service Control Manager
Time Written: 20090220100223.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MAX
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 54008
Source Name: Service Control Manager
Time Written: 20090220100221.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 54007
Source Name: Service Control Manager
Time Written: 20090220100216.000000+060
Event Type: Informations
User: MAX\Maxime Lerouge

=====Application event log=====

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10603
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10602
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10601
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10600
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10599
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Fichiers communs\Autodesk Shared;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANG"=fr

-----------------EOF-----------------
0
Réponse 12 / 13
Utilisateur anonyme
10 avril 2009 à 10:09
Et le fichier info.txt :

info.txt logfile of random's system information tool 1.06 2009-04-10 10:06:07

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Maxime Lerouge.MAXIME\Bureau\temporaire\HijackThis.exe" /uninstall
ieSpell 2.2.0 (build 647)-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 2.0 Runtime-->MsiExec.exe /X{6EF75643-E1C3-4954-AC7D-FCEE1656D800}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
poEdit 1.3.6-->"C:\Program Files\poEdit\unins000.exe"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
XAMPP 1.5.3a-->"C:\Program Files\xampp\xampp\uninstall.exe"

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.broadcom.com/ [2009-04-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl [2009-04-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-04-03]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens [2009-04-03]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MAX
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 54011
Source Name: Service Control Manager
Time Written: 20090220100227.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 54010
Source Name: Service Control Manager
Time Written: 20090220100224.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan.

Record Number: 54009
Source Name: Service Control Manager
Time Written: 20090220100223.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MAX
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 54008
Source Name: Service Control Manager
Time Written: 20090220100221.000000+060
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 54007
Source Name: Service Control Manager
Time Written: 20090220100216.000000+060
Event Type: Informations
User: MAX\Maxime Lerouge

=====Application event log=====

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10603
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10602
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10601
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10600
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

Computer Name: MAX
Event Code: 3
Message:
Record Number: 10599
Source Name: PHP-5.1.4
Time Written: 20080606132847.000000+120
Event Type: Avertissement
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Fichiers communs\Autodesk Shared;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANG"=fr

-----------------EOF-----------------
0
Utilisateur anonyme
10 avril 2009 à 10:35
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9248a1-a7a0-11db-bbf7-001320352b7c}]
shell\AutoRun\command - G:\setupSNK.exe
D'après des recherches je crois que c'est pas bon
0
Utilisateur anonyme > Utilisateur anonyme
10 avril 2009 à 10:38
> Télécharge UsbFix (de Chiquitine29) sur ton Bureau : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
- Lance l'installation avec les paramètres par défaut.
- Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
- Double-clique sur le raccourci UsbFix sur ton Bureau puis choisis l'option 1 ( Recherche ).
- Laisse l'outil travailler.
- Poste le rapport UsbFix.txt qui va apparaître.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque ( C:\UsbFix.txt ).
Note 2 : "Process.exe", une composante de l'outil, est détecté par certains antivirus. Dans ce cas désactive ton Antivirus le temps du scan.
0
Réponse 13 / 13
Utilisateur anonyme
10 avril 2009 à 11:07
############################## [ UsbFix V3.005 ]


############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\xampp\xampp\xampp-control.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\Program Files\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FileZilla\FileZilla.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&osid=1&continue=https://calendar.google.com/calendar/render&followup=https://calendar.google.com/calendar&scc=1"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_Run: ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
HKLM_Run: OODefragTray=C:\WINDOWS\system32\oodtray.exe
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Google Update="C:\Documents and Settings\Maxime Lerouge.MAXIME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKLM_System: "DisableRegistryTools"=dword:00000000
HKCU_plorer: "NoDriveTypeAutoRun"=dword:00000143
HKCU_plorer: "NoDriveAutoRun"=dword:03ffffff
HKCU_plorer: "NoDrives"=dword:00000000
HKLM_plorer: "NoDriveTypeAutoRun"=dword:00000143
HKLM_plorer: "NoDriveAutoRun"=dword:03ffffff
HKLM_plorer: "NoDrives"=dword:00000000

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoint2 ]

Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb9248a1-a7a0-11db-bbf7-001320352b7c}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.005 ! ]
0
Utilisateur anonyme
10 avril 2009 à 22:01
Le pc est-il moins lent depuis le passage de combo fix? Excuses moi de ne pas avoir répondu tout de suite
car j'ai eu des problèmes avec mon pc
0