Sujet Précédent Sujet Suivant

Med desinfecter

Résolu/Fermé
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 - 28 avril 2009 à 14:43
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 - 13 mai 2009 à 18:02
Hello, je vais etre assez bref: je pense que mon ordi est un nid d'infection en tout genre... Est ce que quelqu'un pourrait me guider dans une desinfection efficace ? J'ai vu que ça se fait beaucoup sur le forum, j'avais commencé à le faire avec qn ici mais 2 semaines ont passé déjà, et je pense qu'il faut tout recomencer.
Sur mon ordi:
Mac afee
AVG antsyware
CCleaner
spybot
le parefeu windows d'origine
internet via une free box
2 ipod, clés usb, un disque dur externe, un appareil photo
vuze qui télécharge en ce moment (mais depuis peu)


Je sais pas si ça vous est utile mais sait on jamais =)


Voilà,
en esperant que quelqu'un pourra m'aider,
bonne après midi !!

T.


30 réponses

  • 1
  • 2
Réponse 1 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
28 avril 2009 à 16:17
Slt,


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

______________________


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
29 avril 2009 à 13:43
ok, je commence maintenant mais ça risque d'être long...
A+
0
Réponse 3 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 avril 2009 à 20:54
ok mais maintenant je serai peu dispo ...
0
Réponse 4 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
29 avril 2009 à 21:06
Ok, j'espere que vous pourrez quand meme jetter un oeuil, en tout cas je vais lancer le scan pendant la nuit probablement parceque ça a l'air vraiment très long (j'ai du l'avorter 2 fois parceque j'aime pas trop laisser l'ordi au travail la nuit..)

merci en tout cas !
A+

P.S: lequel des trois scan proposés est le plus rapide ou le meilleur ?


a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
29 avril 2009 à 21:37
les 3 sont bon
0
Réponse 6 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
30 avril 2009 à 20:52
Voilà en 1 le rapport de malware et ensuite celui du scan en ligne bit defender. j'espère que vous aurez le tps de me dire quoi faire. Merci en tout cas et bonne soirée
tot

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2053
Windows 6.0.6001 Service Pack 1

2009-04-28 16:56:42
mbam-log-2009-04-28 (16-56-42).txt

Type de recherche: Examen rapide
Eléments examinés: 72885
Temps écoulé: 7 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



ET ENSUITE CELUI DU SCAN EN LIGNE BIT DEFENDER:
BitDefender Online Scanner





Scan report generated at: Thu, Apr 30, 2009 - 20:26:10







Scan path: C:\;D:\;E:\;F:\;G:\;H:\;











Statistics

Time

07:04:48

Files

1008551

Folders

39253

Boot Sectors

0

Archives

144577

Packed Files

28348





Results

Identified Viruses

24

Infected Files

41

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

41





Engines Info

Virus Definitions

2854932

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4





Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions



Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes






Scanned File

Status

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2434)=>[Subject: Online Greeting Card Waiting For You][Date: Sun, 25 Dec 2005 18:10:56 -0500 (EST)]=>(message body)

Infected with: Trojan.Html.Pcard.F

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2434)=>[Subject: Online Greeting Card Waiting For You][Date: Sun, 25 Dec 2005 18:10:56 -0500 (EST)]=>(message body)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2434)

Updated

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2530)

Infected with: Trojan.Spy.HTML.Bankfraud.K

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2530)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 2530)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4203)

Infected with: Trojan.Downloader.JS.BF

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4203)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4203)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4209)

Infected with: Trojan.Downloader.JS.BF

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4209)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 4209)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 5445)

Infected with: Trojan.Banker.X

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 5445)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 5445)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 8119)

Infected with: Trojan.Phishing.Amazon.A

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 8119)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 8119)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10306)

Infected with: Generic.Peed.Eml.3BBF4C20

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10306)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10306)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10385)

Infected with: Generic.Peed.Eml.DC224ABD

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10385)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10385)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10454)

Infected with: Generic.Peed.Eml.2D383254

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10454)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 10454)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 11478)

Infected with: Generic.Peed.Eml.84E6E8D5

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 11478)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 11478)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21012)

Infected with: Generic.Peed.Eml.A6914374

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21012)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21012)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21169)

Infected with: Generic.Peed.Eml.790E023A

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21169)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21169)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21468)

Infected with: Generic.Peed.Eml.8DB4067E

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21468)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21468)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21478)

Infected with: Generic.Peed.Eml.38292AF9

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21478)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21478)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21539)

Infected with: Generic.Peed.Eml.F7D3F7EB

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21539)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21539)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21545)

Infected with: Generic.Peed.Eml.3FBBCC6D

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21545)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21545)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21550)

Infected with: Generic.Peed.Eml.FF2A3E79

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21550)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21550)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21590)

Infected with: Generic.Peed.Eml.975B7117

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21590)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox=>(message 21590)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Inbox

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 2037)

Infected with: Trojan.Banker.X

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 2037)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 2037)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 4221)

Infected with: Trojan.Phishing.Amazon.A

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 4221)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 4221)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 5977)

Infected with: Generic.Peed.Eml.B2216259

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 5977)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 5977)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6048)

Infected with: Generic.Peed.Eml.55BC64C4

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6048)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6048)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6105)

Infected with: Generic.Peed.Eml.6AA8D66D

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6105)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6105)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6987)

Infected with: Generic.Peed.Eml.231D12D4

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6987)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 6987)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14269)

Infected with: Generic.Peed.Eml.C3A6A395

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14269)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14269)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14337)

Infected with: Generic.Peed.Eml.1E436AE0

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14337)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14337)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14364)

Infected with: Generic.Peed.Eml.FF2A3E79

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14364)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14364)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14371)

Infected with: Generic.Peed.Eml.F7D3F7EB

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14371)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14371)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14372)

Infected with: Generic.Peed.Eml.3FBBCC6D

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14372)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14372)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14383)

Infected with: Generic.Peed.Eml.38292AF9

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14383)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14383)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14471)

Infected with: Generic.Peed.Eml.790E023A

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14471)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14471)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14482)

Infected with: Generic.Peed.Eml.A6914374

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14482)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk=>(message 14482)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Junk

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9664)

Infected with: Generic.Peed.Eml.C3A6A395

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9664)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9664)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9723)

Infected with: Generic.Peed.Eml.1E436AE0

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9723)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9723)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9742)

Infected with: Generic.Peed.Eml.FF2A3E79

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9742)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9742)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9749)

Infected with: Generic.Peed.Eml.F7D3F7EB

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9749)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9749)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9750)

Infected with: Generic.Peed.Eml.3FBBCC6D

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9750)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9750)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9761)

Infected with: Generic.Peed.Eml.38292AF9

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9761)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9761)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9975)

Infected with: Generic.Peed.Eml.790E023A

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9975)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 9975)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 10068)

Infected with: Generic.Peed.Eml.A6914374

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 10068)

Disinfection failed

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash=>(message 10068)

Deleted

C:\Users\Ruggero\AppData\Roaming\Thunderbird\Profiles\2wqj0cs3.default\Mail\Local Folders\Trash

Update failed

G:\antiviral\Navilog1.exe=>(Instyler o)=>(Instyler Module 3)

Infected with: Trojan.Generic.1606936

G:\antiviral\Navilog1.exe=>(Instyler o)=>(Instyler Module 3)

Deleted

G:\antiviral\Navilog1.exe=>(Instyler o)

Update failed
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 11:05
Vire le logiciel navilog que tu avais utilisé . Puis toutes les autres infections sont des mail situé dans ta messagerie thunderbird alors fais le ménage dedans puis colle un rapport rsit
0
Réponse 7 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 11:24
ok, en fait je n'ai jamais utilisé thunderbird ! je l'ai installé mais j'ai meme pas programmé de compte dedans (je savais pas faire je crois) ! comment ça se fait ?
Je vais essayer de virer navilog mais je ne sais pas comment vu que je n'avais pas réussit à l'installer, ou dumoins à le faire marche.

Bon, j"y go
merci surtout et à+



P.S: je vais supprimer le dossier thunderbird en entier, de toute façon j'utilise pas ce logiciel, ok?
0
Réponse 8 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 11:38
Logfile of random's system information tool 1.06 (written by random/random)
Run by MON NOM at 2009-05-01 11:34:51
Microsoft® Windows Vista™ Professionnel Service Pack 1
System drive C: has 34 GB (25%) free of 140 GB
Total RAM: 2045 MB (43% free)
VOICI LE RAPPORT LOG.TXX, LE SEUL DONNE, DE RSIT.
A++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36, on 2009-05-01
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Free Audio Pack\FreeConverter\FreeConverter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Users\MON NOM\AppData\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MON NOM.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -

C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio

Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC

-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program

Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio

Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam

Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support

Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -

startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE"

/STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common

Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major

Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan

Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Users\MON

NOM\AppData\Roaming\Microsoft\Windows\gsdjt.exe
O4 - HKCU\..\Run: [PhoneDaemon] C:\Users\MON

NOM\AppData\Desktop\iPhone_Pc_Suite_by_iSpazio\iPhone PC Suite\PhoneDaemon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ecyeiua] "c:\users\MON NOM\appdata\local\ecyeiua.exe" ecyeiua
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = F:\AutoMenu.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MON

NOM\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-

00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3

-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-

0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200

-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY

Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program

Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan

Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe
0
Réponse 9 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 12:47
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

__________________


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 10 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 13:58
PROBLEME urgent: combofix me dit de desactiver mac afee avant de cliquer sur ok, or je pensais l'avor desactivé. Comment faire ?

Modif: j'ai reussit a arreter mac affe, combofix est en marche, il ne m'a rien demandé et a déjà redemarré l'ordi. Maintenant il dit qu'un rapport est en cours de preparation et qu'il faut patienter. C'rst ce que je fais donc...(j'ecris d'un itouch)

A+ et merci
Tot
0
Réponse 11 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 14:25
maintenant c'est trop tard si combofix tourne

attends puis tu redemarrera le pc

et tu mets le rapport
0
Réponse 12 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 14:43
toolbar sd travaille depuis un bon bout de temps, de temps en temps un erreur windows apparait: erreur de lecture dechaine de caractere mais ca fait rien.
Toolbar option 2 = supprimer non ?
+
0
Réponse 13 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 14:46
oui l'option !é est pour supprimer askbar, search setting ...
0
Réponse 14 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 14:52
Ok. J'attend... La c'est marqué: Recherche des infections -- Roaming\downld
Avant il disait qu'il cherchait EDGACESS...^^
l'erreur est: Utilitaire (QGREP) de recherche de chaine de caractère a cessé de fonctioner. Il propose de "fermer le programme".
A++
0
Réponse 15 / 30
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 15:13
ok fais l'un après l'autre et colle les rapports
0
Réponse 16 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 16:59
Ca bug à mon avis...ca fait 2 heure et plus qu'il "avance"..normal ?
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 18:16
Non . Arrête puis redémarre ton ordi et colle le rapport combofix et un nouveau rsit
0
Réponse 17 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 18:33
Voici

ComboFix 09-04-04.01 - MON NOM 2009-05-01 14:01:03.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.2045.1310 [GMT 2:00]
Lancé depuis: c:\users\MON NOM\AppData\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
.
- Mode FONCTIONNALITES REDUITES -
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
---- Exécution préalable -------
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\MON NOM\AppData\Local\jlttwk_navfx.dat
c:\users\MON NOM\AppData\Local\wqqwiiq_nav.dat
c:\users\MON NOM\AppData\Local\wqqwiiq_navfx.dat
c:\users\MON NOM\AppData\Local\xfqrccquz_navtmp.dat
c:\users\MON NOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 21:41 . 2009-04-29 21:41 <REP> d-------- c:\program files\Medieval Software
2009-04-28 16:42 . 2009-04-28 16:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-28 16:42 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-28 16:42 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-28 15:17 . 2009-04-28 15:17 <REP> d-------- c:\program files\Search Settings
2009-04-28 15:16 . 2009-04-28 15:16 <REP> d-------- c:\program files\Dealio Toolbar
2009-04-28 15:15 . 1998-06-16 23:00 516,173 --a------ c:\windows\System32\MSVCP60D.DLL
2009-04-28 15:15 . 1998-06-16 23:00 385,100 --a------ c:\windows\System32\MSVCRTD.DLL
2009-04-28 15:14 . 2009-04-28 15:15 <REP> d-------- c:\program files\Free Audio Pack
2009-04-28 15:14 . 2005-02-24 12:10 2,084,864 --a------ c:\windows\System32\AudDesign.dll
2009-04-28 15:14 . 2005-03-11 17:37 1,986,560 --a------ c:\windows\System32\AudFile.dll
2009-04-28 15:14 . 2005-02-24 12:11 1,212,416 --a------ c:\windows\System32\AudioInfos.dll
2009-04-28 15:14 . 2008-09-24 20:33 484,352 --a------ c:\windows\System32\lame_enc.dll
2009-04-28 15:14 . 2005-02-24 12:11 479,232 --a------ c:\windows\System32\AudioVisu.dll
2009-04-28 15:14 . 2005-02-24 15:21 458,752 --a------ c:\windows\System32\AudPlayer.dll
2009-04-28 15:14 . 2005-03-10 16:00 454,656 --a------ c:\windows\System32\AudioRecord.dll
2009-04-28 15:14 . 2005-02-24 12:10 417,792 --a------ c:\windows\System32\AudDisplay.dll
2009-04-28 15:14 . 2005-02-24 11:51 348,160 --a------ c:\windows\System32\WMAFile.dll
2009-04-28 15:14 . 2005-01-10 12:54 116,296 --a------ c:\windows\System32\NCTWMAProfiles.prx
2009-04-28 14:54 . 2009-04-28 14:54 <REP> d-------- c:\program files\Auslogics
2009-04-28 13:21 . 2007-05-30 14:10 10,872 --a------ c:\windows\System32\drivers\AvgAsCln.sys
2009-04-25 20:20 . 2009-04-25 20:20 <REP> d-------- c:\program files\AskBarDis
2009-04-25 19:13 . 2009-04-25 21:01 <REP> d-------- c:\users\MON NOM\AppData\Roaming\uTorrent
2009-04-25 15:50 . 2009-04-25 15:53 <REP> d-------- c:\users\MON NOM\AppData\Roaming\DMCache
2009-04-24 17:36 . 2009-04-24 17:36 <REP> d--hs---- c:\windows\System32\%APPDATA%
2009-04-24 16:49 . 2009-02-13 10:49 1,255,936 --a------ c:\windows\System32\lsasrv.dll
2009-04-24 16:49 . 2009-02-13 10:49 72,704 --a------ c:\windows\System32\secur32.dll
2009-04-24 16:49 . 2009-03-17 05:38 24,064 --a------ c:\windows\System32\amxread.dll
2009-04-24 16:49 . 2009-03-17 05:38 13,824 --a------ c:\windows\System32\apilogen.dll
2009-04-12 19:36 . 2009-04-12 19:36 39,424 --a------ c:\windows\zipinst.exe
2009-04-12 19:03 . 2009-04-12 19:38 <REP> d-------- c:\program files\MSN Password Recovery
2009-04-12 12:21 . 2009-04-12 12:47 <REP> d-------- C:\divx
2009-04-12 12:19 . 2009-04-12 12:19 <REP> dr------- c:\program files\autres 2
2009-04-11 21:25 . 2009-04-12 16:12 <REP> d-------- c:\users\MON NOM\AppData\Roaming\DivX
2009-04-11 21:14 . 2009-04-11 21:14 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2009-04-11 21:13 . 2009-04-11 21:13 <REP> d-------- c:\program files\Common Files\DivX Shared
2009-04-11 21:12 . 2009-04-11 21:14 <REP> d-------- c:\program files\DivX
2009-04-11 17:58 . 2009-04-11 17:58 <REP> d-------- c:\program files\WinASPI
2009-04-11 17:57 . 2009-04-11 17:57 <REP> d-------- c:\program files\Morgan
2009-04-11 17:57 . 2002-11-08 16:18 51,712 --a------ c:\windows\System32\MMSwitch.ax
2009-04-11 17:55 . 2009-04-11 19:06 <REP> d-------- c:\users\MON NOM\AppData\Roaming\NeoDivX2008
2009-04-11 17:55 . 2009-04-11 17:55 <REP> d-------- c:\program files\NeoDivX2008
2009-04-11 17:54 . 2009-04-11 17:54 <REP> d-------- c:\users\MON NOM\AppData\Roaming\dvdcss
2009-04-11 17:51 . 2009-04-11 17:51 <REP> d-------- c:\users\MON NOM\AppData\Roaming\Tinysoar
2009-04-11 17:51 . 2009-04-28 13:12 <REP> d-------- c:\program files\Tinysoar software
2009-04-11 14:25 . 2009-04-11 14:49 <REP> d-------- C:\FindyKill
2009-04-11 11:51 . 2009-04-11 11:51 <REP> d-------- c:\users\MON NOM\AppData\Roaming\PeerNetworking
2009-04-11 10:56 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-11 10:56 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-11 10:56 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-11 10:55 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-11 10:55 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-11 10:35 . 2009-04-11 13:57 <REP> d-------- C:\ToolBar SD
2009-04-10 12:37 . 2009-04-10 12:37 163,664 --ah----- c:\windows\System32\mlfcache.dat
2009-04-10 11:57 . 2009-04-10 11:58 <REP> d-------- C:\rsit
2009-04-10 10:55 . 2009-04-10 10:55 <REP> d-------- c:\users\MON NOM\AppData\Roaming\Malwarebytes
2009-04-10 10:55 . 2009-04-10 10:55 <REP> d-------- c:\users\All Users\Malwarebytes
2009-04-10 10:55 . 2009-04-10 10:55 <REP> d-------- c:\programdata\Malwarebytes
2009-04-08 21:28 . 2009-04-30 13:21 <REP> d-------- c:\windows\BDOSCAN8
2009-04-08 15:00 . 2009-04-08 15:00 <REP> d-------- c:\users\All Users\Grisoft
2009-04-08 15:00 . 2009-04-08 15:00 <REP> d-------- c:\programdata\Grisoft
2009-04-07 20:31 . 2009-04-07 20:31 <REP> d-------- c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 20:31 . 2009-04-07 20:31 <REP> d-------- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 20:31 . 2009-04-07 20:31 <REP> d-------- c:\program files\iPod
2009-04-07 20:31 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-04-07 20:31 . 2009-03-19 16:32 23,400 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 09:15 --------- d-----w c:\programdata\Google Updater
2009-04-30 17:05 --------- d-----w c:\programdata\Microsoft Help
2009-04-29 12:13 --------- d-----w c:\users\MON NOM\AppData\Roaming\Azureus
2009-04-28 14:05 --------- d-----w c:\program files\JkDefrag
2009-04-28 11:13 --------- d-----w c:\program files\Google
2009-04-25 18:19 --------- d-----w c:\program files\Vuze
2009-04-25 17:36 --------- d-----w c:\users\MON NOM\AppData\Roaming\Shareaza
2009-04-24 16:21 --------- d-----w c:\program files\Windows Mail
2009-04-13 16:12 --------- d-----w c:\program files\Conduit
2009-04-13 13:41 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-12 13:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 13:04 --------- d-----w c:\program files\Microsoft Games
2009-04-12 11:23 --------- d---a-w c:\programdata\TEMP
2009-04-12 11:23 --------- d-----w c:\program files\Boilsoft Video Joiner
2009-04-08 16:15 --------- d-----w c:\program files\Lavasoft
2009-04-07 18:31 --------- d-----w c:\program files\iTunes
2009-04-07 18:31 --------- d-----w c:\program files\Common Files\Apple
2009-04-02 16:58 --------- d-----w c:\programdata\DriveHQ
2009-04-01 21:21 --------- d-----w c:\users\MON NOM\AppData\Roaming\Any Video Converter
2009-03-31 11:45 --------- d-----w c:\program files\Java
2009-03-30 18:57 --------- d-----w c:\program files\iLyrics
2009-03-30 14:17 --------- d-----w c:\programdata\Lavasoft
2009-03-27 11:32 --------- d-----w c:\users\MON NOM\AppData\Roaming\Canon
2009-03-17 03:38 40,960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-15 17:49 --------- d-----w c:\users\MON NOM\AppData\Roaming\DAEMON Tools Pro
2009-03-15 12:39 --------- d-----w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 12:37 --------- d-----w c:\program files\QuickTime
2009-03-15 12:20 --------- d-----w c:\program files\Safari
2009-03-15 12:15 --------- d-----w c:\program files\Bonjour
2009-03-13 20:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 03:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:45 --------- d-----w c:\programdata\Azureus
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 1,900,544 ----a-w c:\windows\System32\usbaaplrc.dll
2009-03-03 04:46 3,599,328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 3,547,632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 551,424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 26,112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:39 183,296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:37 98,304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 54,784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 44,032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 666,624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 17,408 ----a-w c:\windows\System32\iashost.exe
2009-02-24 19:35 129,784 ------w c:\windows\System32\PxAFS.DLL
2009-02-24 19:34 90,112 ----a-w c:\windows\System32\dpl100.dll
2009-02-24 19:34 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2009-02-24 19:34 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2009-02-24 19:34 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2009-02-24 19:34 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2009-02-24 19:34 684,032 ----a-w c:\windows\System32\DivX.dll
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-03 14:40 20 ---h--w c:\users\All Users\PKP_DLdu.DAT
2009-01-03 14:40 20 ---h--w c:\programdata\PKP_DLdu.DAT
2008-10-01 12:45 27,525 ----a-w c:\users\MON NOM\AppData\Roaming\nvModes.dat
2008-04-19 17:12 94,480 ----a-w c:\users\MON NOM\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-31 11:24 174 --sha-w c:\program files\desktop.ini
2007-12-08 15:07 0 ----a-w c:\users\MON NOM\AppData\Roaming\wklnhst.dat
1998-04-26 22:00 570,128 ----a-w c:\program files\Common Files\DAO350.dll
2009-02-24 19:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-12-04 12:38 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 20:09 688128 --a------ c:\program files\Dealio Toolbar\DealioToolbarIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files\Dealio Toolbar\DealioToolbarIE.dll" [2009-04-09 688128]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-04 86016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 132704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-22 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-04 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B29179F-2141-47A1-89D4-D82378B708CD}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{9E1B0076-357F-45F1-A7A2-A58FF3C667FA}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{74C36F08-ECB8-4B57-A6E7-7DE5A7EBC756}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{2E1A9770-1D63-48DB-9C84-E1C44E85B606}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{6578AEA8-E3B3-46EF-9D3F-C321EE4BFB63}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{760E3565-A68D-4ECE-9609-B1BF0D795E32}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{724404D7-04BD-4F13-8C69-0A38F25A2160}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D3AA21CC-F74B-4DF0-8581-0F9A79773AD6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B94E5E6-F55F-47BA-B044-FB9A114FF7B0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E62544FB-CCBF-47DD-935D-CB56790D8364}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2984C1EC-7B27-45F8-9DDE-EED46A153DA8}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{7162F154-C2B9-4473-AE68-8EAB9D8A1B86}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{F5DC9DB9-A42C-4D55-9A81-92BD937B0957}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{68601719-4640-4060-AB30-A53199C9F5E5}"= Disabled:UDP:21841:BitComet 21841 TCP
"{CE3DB28A-E3FD-460E-9E5D-DFCDD58FCB26}"= Disabled:TCP:21841:BitComet 21841 UDP
"TCP Query User{AC642780-D990-449F-BC17-00BE3B6ED0E0}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{0637D22C-DD51-4827-B820-242D50179E83}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{A5F51818-3560-44E9-B0AD-875A41499A3D}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= UDP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"UDP Query User{5652B278-C040-4DE6-AE2B-3B750170382B}c:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= TCP:c:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®
"{7389F2B2-2488-463D-83AC-FF5B298BF0D5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F57D12BF-311C-4B83-88EA-76F57E3BE5D8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{9DF9635A-8DD5-4330-AC98-BF469CC86030}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
"UDP Query User{0BA841C1-8F94-4BDA-A6CB-E825D58FF1FF}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
"TCP Query User{A087E715-28E6-464D-906A-E4F2FC7317D3}c:\\program files\\safari\\safari.exe"= UDP:c:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{2526280D-AC9B-4535-B205-185426604BC3}c:\\program files\\safari\\safari.exe"= TCP:c:\program files\safari\safari.exe:Safari Web Browser
"{44731532-B8B3-49D2-B4D8-9ADB874BA963}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{9F9E0A80-D798-40F8-9437-B52D1796DFDD}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{77DBF617-BEEA-44D3-8368-FAFE26908560}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A74246EB-3A3F-44E5-A3F1-25EDDD0E8041}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D2DCAD0-8ED1-4640-ABC1-46B2C6037AD6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FD006EEB-B65C-4572-A7FC-87F20616E50D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{64526C92-9F52-47B7-B355-3A513668CD84}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{602B3ADC-4A92-47C5-9B9C-485D27E77352}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{3494B2AE-95E7-4CB8-9D27-4118B11145C2}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ADE08269-7668-458A-89F8-3ED309165951}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{539CDC78-AB1B-4E2F-B622-C6B5139F1260}"= Disabled:UDP:c:\users\MON NOM\Music\Limeire downloads\LimeWire\LimeWire.exe:LimeWire
"{D7E3EA97-1D6A-4420-B109-EF8A45555453}"= Disabled:TCP:c:\users\MON NOM\Music\Limeire downloads\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{BC636FF7-D487-45C0-92A8-8103456C7E8C}c:\\users\\MON NOM\\music\\limewire2\\limewire\\limewire.exe"= Disabled:UDP:c:\users\MON NOM\music\limewire2\limewire\limewire.exe:limewire.exe
"UDP Query User{0105EB7A-4C14-476B-9D52-B0AE0D612B28}c:\\users\\MON NOM\\music\\limewire2\\limewire\\limewire.exe"= Disabled:TCP:c:\users\MON NOM\music\limewire2\limewire\limewire.exe:limewire.exe
"TCP Query User{7DC7638A-FA43-442C-A064-F7AA80E63786}c:\\users\\MON NOM\\appdata\\desktop\\utorrent.exe"= UDP:c:\users\MON NOM\appdata\desktop\utorrent.exe:utorrent.exe
"UDP Query User{D0798477-B020-4754-BDBF-E3F2F3257C03}c:\\users\\MON NOM\\appdata\\desktop\\utorrent.exe"= TCP:c:\users\MON NOM\appdata\desktop\utorrent.exe:utorrent.exe
"{F65B68B1-5D88-4FA4-9C5C-B5DBB3ED40DD}"= UDP:6881:Port TCP d'écoute Vuze
"{14CE23D2-C53A-453A-ABA0-218C39D2D556}"= UDP:6882:Vuze
"TCP Query User{C695CEA8-75DB-444E-B6B7-C6110B579131}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{2699D69E-1B2D-4622-A5D3-456FCAE8FF50}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{0155F950-1E57-47D9-AA98-2B453FD7F28A}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{1173DFC8-F61F-478F-B6E9-BFB9B5282C5D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{B95051DA-6E48-491B-93D3-D8317DCD2AAD}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{77506168-0847-4C35-99AB-5450BD6BE2BB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-25 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-25 234888]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-12-04 7424]
S3 Boonty Games;Boonty Games;c:\program files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-12-19 69120]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-04-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 16:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKCU-Run-SfKg6wIPu - c:\users\MON NOM\AppData\Roaming\Microsoft\Windows\gsdjt.exe
HKCU-Run-PhoneDaemon - c:\users\MON NOM\AppData\Desktop\iPhone_Pc_Suite_by_iSpazio\iPhone PC Suite\PhoneDaemon.exe
HKCU-Run-ecyeiua - c:\users\MON NOM\appdata\local\ecyeiua.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe


.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MON NOM\AppData\Roaming\Mozilla\Firefox\Profiles\xtofb5hr.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 14:06:31
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP0000000532BDB3A3BC9DD772 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\System32\conime.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
c:\users\MON NOM\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
c:\windows\System32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\users\MON NOM\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-05-01 14:15:26 - La machine a redémarré [MON NOM]
ComboFix-quarantined-files.txt 2009-05-01 12:15:17

Avant-CF: 37,758,054,400 octets libres
Après-CF: 48,388,087,808 octets libres

385 --- E O F --- 2009-05-01 10:42:23
0
Réponse 18 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 18:36
Le rapport rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by MON NOM at 2009-05-01 18:34:07
Microsoft® Windows Vista™ Professionnel Service Pack 1
System drive C: has 41 GB (29%) free of 140 GB
Total RAM: 2045 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:35, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Users\MON NOM\AppData\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MON NOM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = F:\AutoMenu.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MON NOM\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 19:46
ok . Essaie de refaire toolbar sd option 2 et colle le rapport . Si tu ne peux pas on fera autrement
0
Réponse 19 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 20:03
Ca marche pas du tout rien à faire.
On fait comment ?

A+
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mai 2009 à 20:18
ok l'essentiel des infections à été viré . Vire via ton panneau de configuration search setting . Dealio toolbar . Askbar . Puis remets un rapport rsit . Je n'ai accès au net que depuis mon tel . Si tu ne peux les virer tu diras et dès que l'ai un ordi je finis . Mais il reste rien de grave
0
Réponse 20 / 30
TOT127 Messages postés 898 Date d'inscription mercredi 8 avril 2009 Statut Membre Dernière intervention 7 août 2018 96
1 mai 2009 à 20:51
J'ai desinstallé sans problemes search settings via le panneau de config. Pour dealio toolbar, qu'il ne me semble pas avoir un jour installé, j'ai du le faire via ccleaner car il apparaissait pas dans le panneau de config, enfin, pour askbar, je ne le vois nullepart et ne peux donc pas l'enlever.
A+ et merci


VOICI LE DERNIER RSIT (je les ai toujours fait avec option "1 mois", prcqu'il demander s'il faut lister les dossier du dernier, des deux ou des trois derniers mois..J'ai mis 1, par defaut)
Logfile of random's system information tool 1.06 (written by random/random)
Run by MON NOM at 2009-05-01 20:52:26
Microsoft® Windows Vista™ Professionnel Service Pack 1
System drive C: has 45 GB (32%) free of 140 GB
Total RAM: 2045 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:31, on 01/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Windows\system32\conime.exe
C:\Program Files\Free Audio Pack\FreeConverter\FreeConverter.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Safari\Safari.exe
C:\Users\MON NOM\AppData\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MON NOM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = F:\AutoMenu.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\MON NOM\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Discussions similaires

police de caractère club med
beast670 -
Utilisateur anonyme -

1 réponse
redemarer mon pc avec un cd rom d'antivirus
zozoazae1 -
zozoazae1 -

2 réponses
musiques du club med
fabysalsa -
Utilisateur anonyme -

1 réponse
Désinfecter une clé USB ou un disque amovible
baissaoui -
baissaoui -

0 réponse
Demande de desinfection
Marshall216 -
jmdepise -

19 réponses