Win32 TRojan gen Other

Résolu/Fermé

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015 - 5 mai 2009 à 12:12
Utilisateur anonyme - 12 mai 2009 à 23:17

Bonjour,

apres avoir visité different forum , je fait appel a vous car j ai un probleme avec le trojan win 32 trojan gen , et notament une erreur de chargement de rundll32 au demarrage (je suppose que c est en rapport), Pouvez vous m aider ? voici mon log avec hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:50, on 05/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
I:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [Windows Internet Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Wind0ws Ser7ice Agent] colwindos.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Wind0ws Ser7ice Agent] colwindos.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://myalbum.com/fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Maxtor Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsshr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe

A voir également:

Win32 TRojan gen Other
Trojan remover - Télécharger - Antivirus & Antimalwares
Hacktool win32 - Forum Virus
Trojan al11 ✓ - Forum Virus
Puadimanager win32 ✓ - Forum Virus
Puabundler win32 - Forum Virus

83 réponses

Réponse 21 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 09:47

Ah bon , je ne voit pas ce que j ai oublié ?

Réponse 22 / 83

Utilisateur anonyme
6 mai 2009 à 09:49

d'utilser l'outil demandé :)

Réponse 23 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 09:56

Voila j espere que c est ca :-)

:processes
explorer.exe

:services
bfastfao

:files
C:\WINDOWS\InZU31.exe
C:\WINDOWS\tasks\Norton Security Scan.job
I:\kris.exe

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\wkybli.exe"=-
"C:\WINDOWS\system32\wcsw.exe"="C:\WINDOWS\system32\wcsw.exe:*:Disabled:wcsw"
"C:\WINDOWS\system32\wcsw.exe"=-
"C:\WINDOWS\system32\logon.exe"="C:\WINDOWS\system32\logon.exe:*:Disabled:logon"
"C:\WINDOWS\system32\logon.exe"=-
"C:\WINDOWS\system32\colwindos.exe"="C:\WINDOWS\system32\colwindos.exe:*:Disabled:colwindos"
"C:\WINDOWS\system32\colwindos.exe"=-
"C:\WINDOWS\system32\wmplayer.exe"="C:\WINDOWS\system32\wmplayer.exe:*:Disabled:wmplayer"
"C:\WINDOWS\system32\wmplayer.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Internet Player"=-
"Wind0ws Ser7ice Agent"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Réponse 24 / 83

Utilisateur anonyme
6 mai 2009 à 10:00

non ca c est le texte que je t ai demandé de copier dans l'outil "OtMoveIt" et ensuite de me remettre le rapport obtenu comme indiqué

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 10:03

je passe d un pc a la autre avec la carte sd donc;

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver bfastfao not found.
Service\Driver bfastfao not found.
========== FILES ==========
File/Folder C:\WINDOWS\InZU31.exe not found.
File/Folder C:\WINDOWS\tasks\Norton Security Scan.job not found.
File/Folder I:\kris.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wkybli.exe not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\wcsw.exe"|"C:\WINDOWS\system32\wcsw.exe:*:Disabled:wcsw" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wcsw.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\logon.exe"|"C:\WINDOWS\system32\logon.exe:*:Disabled:logon" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\logon.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\colwindos.exe"|"C:\WINDOWS\system32\colwindos.exe:*:Disabled:colwindos" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\colwindos.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\wmplayer.exe"|"C:\WINDOWS\system32\wmplayer.exe:*:Disabled:wmplayer" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wmplayer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Windows Internet Player not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Wind0ws Ser7ice Agent not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\kris\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\kris\LOCALS~1\Temp\~DF8390.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\kris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_av_proI.tm~a03652\setup.lok scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05062009_094916

Réponse 26 / 83

Utilisateur anonyme
6 mai 2009 à 10:29

reexecute le en mode sans echec stp

Réponse 27 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 10:55

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver bfastfao not found.
Service\Driver bfastfao not found.
========== FILES ==========
File/Folder C:\WINDOWS\InZU31.exe not found.
File/Folder C:\WINDOWS\tasks\Norton Security Scan.job not found.
File/Folder I:\kris.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wkybli.exe not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\wcsw.exe"|"C:\WINDOWS\system32\wcsw.exe:*:Disabled:wcsw" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wcsw.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\logon.exe"|"C:\WINDOWS\system32\logon.exe:*:Disabled:logon" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\logon.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\colwindos.exe"|"C:\WINDOWS\system32\colwindos.exe:*:Disabled:colwindos" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\colwindos.exe deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\"C:\WINDOWS\system32\wmplayer.exe"|"C:\WINDOWS\system32\wmplayer.exe:*:Disabled:wmplayer" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wmplayer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Windows Internet Player not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Wind0ws Ser7ice Agent not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\kris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_634.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05062009_104649

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_634.dat moved successfully.

Réponse 28 / 83

Utilisateur anonyme
6 mai 2009 à 10:57

relances rsit stp

Réponse 29 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 11:02

Logfile of random's system information tool 1.06 (written by random/random)
Run by kris at 2009-05-06 10:57:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (18%) free of 79 GB
Total RAM: 959 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:50, on 06/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Scardsvr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Belgacom\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\kris\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
I:\kris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://myalbum.com/fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Maxtor Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsshr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe

Réponse 30 / 83

Utilisateur anonyme
6 mai 2009 à 11:47

Passer de Avast à AntiVir :

Désinstalle via Ajout/Suppression de Programmes (si présents) :

* Avast!

Télécharge et exécute le Désinstalleur d'Avast!.:

Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.

Télécharge Ccleaner sur ton Bureau. :

* Clique sur "download the latest version"
* Installe-le en laissant seulement les options suivantes cochées :

- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

plus de precision sur la configuration de ccleaner te seront donnees plus tard

tuto : Comment utiliser CCleaner.
***************

Télécharge Antivir en Francais ou :Antivir en Francais sur ton Bureau.:

* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* À la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Protection Locale, choisis Contrôler.
* Active la recherche de rootkits via le + de Recherche de Rootkits, puis dans Sélection manuelle, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Aperçu, puis choisis Rapports, tu trouveras son rapport..
* Sélectionne le rapport et clique sur l'icône "Afficher le fichier de rapport du rapport sélectionné.

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? :Avast Vs Antivir

Tuto Antivir: Comment installer et utiliser AntiVir.

Configuration de Antivir (Merci Nico) :

clic droit sur son icone dans la barre des taches et séléctionner Configurer Antivir.

cocher la case : Mode Expert.

=> Cliquer sur Scanner dans le volet de gauche :

> Dans "Fichiers" séléctionner Tous les fichiers.

> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" séléctionner Elevé.

> Dans "Autres réglages" cocher toutes les cases.

NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !

=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.

=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification ELEVE !

=> Dans le volet de gauche, dérouler "Guard" puis dérouler "Recherche" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'identification ELEVE !

Réponse 31 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 22:10

Le voici

Avira AntiVir Personal
Date de création du fichier de rapport : mercredi 6 mai 2009 16:58

La recherche porte sur 1038808 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : kris
Nom de l'ordinateur :KRIS-AALVBD1QFF

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 07:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 12:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 11:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 06:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 15:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 15:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 15:38:59
Version du moteur: 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 09:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 13:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 14:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 12:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 08:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 14:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 14:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 14:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 14:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 09:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 14:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 09:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 07:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 08:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 11:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 10:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 11:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 11:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 06:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 09:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Sélection manuelle
Fichier de configuration.........: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : mercredi 6 mai 2009 16:58

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NMIndexingService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FxSvr2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ServiceLayer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LVCOMSX.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NkMonitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WZQKPICK.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'PCLEScheduler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rapimgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PCAlert4.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WinCinemaMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dpupdchk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wcescomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'pctsTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'beid35gui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BePCSC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SmartMON.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EverioService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sprtcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'apdproxy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WZCSLDR2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AirGCFG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ipoint.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LogiTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxdiamon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxdimon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WkUFind.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LaunchApplication.exe' - '1' module(s) sont contrôlés
Processus de recherche 'raid_tool.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VTTimer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VTTrayp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sprtsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'pctsSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'pctsAuxs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'scardsvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxdicoms.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lxdiserv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'62' processus ont été contrôlés avec '62' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD5
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt.

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '83' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\kris\Bureau\SmitfraudFix.exe
[0] Type d'archive: RAR SFX (self extracting)
--> SmitfraudFix\Agent.OMZ.Fix.exe
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[AVERTISSEMENT] Fichier ignoré.
C:\Documents and Settings\kris\Bureau\SmitfraudFix\Agent.OMZ.Fix.exe
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\abuse_list.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\archive.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Fichier supprimé.
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\data.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[AVERTISSEMENT] Fichier ignoré.
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\data02.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b13d.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\datfiles.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b16f.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\document05_webmaster.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a64b17e.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\eCard.zip
[0] Type d'archive: ZIP
--> eCard.exe
[RESULTAT] Contient le modèle de détection du dropper DR/MicroJoiner.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a62b153.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\game.zip
[0] Type d'archive: ZIP
--> game.exe
[RESULTAT] Contient le cheval de Troie TR/Drop.Agent.dw
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6eb173.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\id09509.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a31b177.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\invoice_8712.zip
[0] Type d'archive: ZIP
--> INVOICE_8712.exe
[RESULTAT] Contient le cheval de Troie TR/Spy.ZBot.dkf.1
[RESULTAT] Contient le modèle de détection du dropper DR/Spy.Zbot.dkf
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a77b183.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\letter.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b17b.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\letter_webmaster.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bda2c3c.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\sample01.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6eb17f.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\software.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a67b18e.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\Statement.Jan Oct.zip
[0] Type d'archive: ZIP
--> Statement_January-October.doc .exe
[RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a62b193.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{03DC5A6D-3757-4A33-BA3C-53997C5F709F}\letter.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b18d.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{114D4DCA-21F1-41A1-9D5F-55A5FBFDC07A}\readme.zip
[0] Type d'archive: ZIP
--> document.txt .exe
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bd21574.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{40CB1585-5270-4A65-81CD-644AB37D0D6C}\letter.zip
[0] Type d'archive: ZIP
--> data.rtf .scr
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b1a4.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{42B87962-6B93-400B-8CEE-7A3A3938A5DF}\letter.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a75b1a5.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{4DF1D50D-CEA5-4BB8-8B96-7DCC3A4A4A52}\document.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a64b1b3.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{52FDDF96-4F9A-4813-A6C9-03CD79BABB97}\message.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a74b1ac.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{7B34AD38-E285-4F63-AF69-B50ACF43C944}\message.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a74b1b9.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{7B5CD215-53CC-495F-9F97-35B63AAD9927}\document.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a64b1c3.qua' !
C:\Documents and Settings\kris\Local Settings\Application Data\IM\Identities\{C2A3BED4-735B-4370-A612-8190B5ACB801}\Message Store\Attachments\{C64AC439-3A8C-4214-958A-957B878C77E3}\document.zip
[0] Type d'archive: ZIP
--> details.txt .pif
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[RESULTAT] Contient le modèle de détection du ver WORM/Netsky.HB
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a64b1de.qua' !
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
[RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a66c721.qua' !

Fin de la recherche : mercredi 6 mai 2009 19:22
Temps nécessaire: 2:24:10 Heure(s)

La recherche a été effectuée intégralement

16331 Les répertoires ont été contrôlés
713901 Des fichiers ont été contrôlés
47 Des virus ou programmes indésirables ont été trouvés
2 Des fichiers ont été classés comme suspects
3 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
22 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
713851 Fichiers non infectés
7506 Les archives ont été contrôlées
7 Avertissements
25 Consignes

Réponse 32 / 83

Utilisateur anonyme
6 mai 2009 à 22:28

Télécharge OTListIt2 de OLDTimer

http://oldtimer.geekstogo.com/OTListIt2.exe

et enregistre le sur ton Bureau.

Double clic sur OTListIt2.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport.

Copie le dans une nouvelle réponse

Réponse 33 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 23:35

J arrive pas a poster mon rapport !

Réponse 34 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 23:41

le voici en plusieures partie

OTListIt logfile created on: 06/05/2009 22:58:39 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\kris\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,48 Mb Total Physical Memory | 376,77 Mb Available Physical Memory | 39,27% Memory free
2,26 Gb Paging File | 1,65 Gb Available in Paging File | 72,97% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 14,06 Gb Free Space | 18,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 971,11 Mb Total Space | 786,39 Mb Free Space | 80,98% Space Free | Partition Type: FAT

Computer Name: KRIS-AALVBD1QFF
Current User Name: kris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/06/11 10:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
PRC - [2007/06/11 10:14:52 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/05/29 12:18:32 | 00,202,016 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\Belgacom\bin\sprtsvc.exe
PRC - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/06/22 02:57:16 | 00,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTtrayp.exe
PRC - [2004/10/01 16:31:54 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/10/11 15:54:06 | 00,589,824 | ---- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2007/01/23 11:19:48 | 00,223,232 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2002/07/18 18:36:34 | 00,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2007/07/16 12:54:08 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/07/16 12:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2005/06/08 15:14:44 | 00,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2007/08/31 12:01:22 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/17 16:54:00 | 01,552,384 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2006/06/29 17:34:20 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/03/16 11:45:30 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
PRC - [2008/05/29 12:18:04 | 00,202,016 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\Belgacom\bin\sprtcmd.exe
PRC - [2008/04/03 11:45:36 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2006/12/04 16:18:44 | 00,073,826 | ---- | M] () -- C:\Program Files\EmvSmartCardReader\SmartMON.exe
PRC - [2007/05/03 12:56:42 | 00,027,136 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\EmvSmartCardReader\BePCSC.exe
PRC - [2009/02/02 14:32:42 | 02,035,712 | ---- | M] (Belgian Government) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2006/06/26 21:45:18 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2007/08/31 11:58:52 | 00,357,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2004/03/14 23:30:26 | 00,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2006/12/26 15:17:38 | 00,552,960 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
PRC - [2006/06/26 21:45:02 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004/03/15 09:42:58 | 00,245,760 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
PRC - [2008/10/08 12:10:00 | 00,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
PRC - [2007/05/29 16:29:36 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
PRC - [2007/05/29 16:29:42 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
PRC - [2005/07/19 17:32:18 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComsX.exe
PRC - [2006/11/06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2005/06/08 14:44:56 | 00,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
PRC - [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 13:28:40 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2009/05/06 22:54:42 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Bureau\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006/07/03 15:22:58 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/12/03 17:04:48 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/12 21:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/05/11 17:32:22 | 00,142,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2007/06/11 10:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running])
SRV - [2007/06/11 10:14:52 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe -- (lxdi_device [Auto | Running])
SRV - [2008/09/02 16:14:04 | 00,191,656 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice [On_Demand | Stopped])
SRV - File not found -- -- (Maxtor Network Analysis Tool [Auto | Stopped])
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2006/11/06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2008/05/29 12:18:32 | 00,202,016 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\Belgacom\bin\sprtsvc.exe -- (sprtsvc_belgacom [Auto | Running])
SRV - [2008/05/29 12:17:12 | 00,382,320 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2008/10/15 13:31:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 13:29:28 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2004/11/22 11:33:52 | 00,698,368 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Stopped])
DRV - [2008/04/13 20:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2006/07/01 22:42:58 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/12/11 11:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2002/09/09 19:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ASNDIS5.SYS -- (ASNDIS5 [On_Demand | Stopped])
DRV - [2008/04/13 20:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/09/02 17:16:16 | 00,015,352 | ---- | M] (Ma-Config.com) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2 [On_Demand | Stopped])
DRV - [2006/09/18 16:12:38 | 00,020,269 | ---- | M] (USB Smart Card Reader) -- C:\WINDOWS\System32\Drivers\EMVSCARD.sys -- (EMVSCARD [On_Demand | Stopped])
DRV - [2007/04/17 11:58:56 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
DRV - [2001/08/17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2004/07/05 07:21:00 | 00,008,832 | ---- | M] (Walter Oney Software) -- C:\WINDOWS\system32\drivers\filter.sys -- (filter [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2009/01/15 13:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/04/16 13:02:36 | 00,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2007/05/11 17:27:58 | 02,107,808 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/05/11 17:29:54 | 02,142,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2008/04/13 20:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2007/12/13 14:26:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2009/04/03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2002/11/11 19:52:54 | 00,006,400 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\DRIVERS\pctvvbi.sys -- (pctvvbi [On_Demand | Running])
DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2007/08/21 01:13:00 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2002/08/30 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/01/27 03:35:40 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/06/29 02:38:00 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM [Boot | Running])
DRV - [2005/05/27 09:32:52 | 01,317,152 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVCM.sys -- (QCMerced [On_Demand | Stopped])
DRV - [2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys -- (RT2500USB [On_Demand | Stopped])
DRV - [2005/11/03 20:39:02 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Running])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2007/05/02 12:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2007/06/28 16:28:46 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2009/03/06 00:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/10/21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2004/10/07 11:08:02 | 00,174,592 | ---- | M] (Copyright (C) VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Running])
DRV - [2004/07/06 23:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2007/06/06 15:19:27 | 00,203,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
DRV - [2006/10/17 20:22:26 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [Boot | Running])
DRV - [2006/05/18 13:14:24 | 00,018,359 | ---- | M] (Your Corporation) -- C:\WINDOWS\system32\NTACCESS.SYS -- (WEBNTACCESS [On_Demand | Stopped])
DRV - [2006/12/26 15:08:16 | 00,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver [On_Demand | Running])
DRV - [2008/05/20 15:29:43 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2007/02/27 14:24:55 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/11/08 18:03:26 | 00,021,248 | ---- | M] (AVIRA GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Stopped])

[color=orange]========== Standard Registry (SafeList) ==========[/color]

[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\S-1-5-21-507921405-1957994488-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\S-1-5-21-507921405-1957994488-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

[color=orange]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/webhp?lr=&ie=UTF-8&oe=UTF-8&gws_rd=ssl"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "uStart"
FF - prefs.js..browser.startup.homepage: "http://www.ustart.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/06/04 20:16:35 | 00,000,000 | ---D | M]

[2009/05/04 10:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\mozilla\Firefox\Profiles\n7otdu95.default\extensions
[2009/05/04 10:36:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\mozilla\Firefox\Profiles\n7otdu95.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/12/05 23:56:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\mozilla\Firefox\Profiles\n7otdu95.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009/05/04 11:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/04 10:35:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/15 15:33:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/06/04 20:26:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/04 10:15:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2007/07/20 19:39:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\google-cjk@partners.mozilla.com
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 09:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

Réponse 35 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 23:45

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup (Belgian Government)
O4 - HKLM..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom (SupportSoft, Inc.)
O4 - HKLM..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe (Neodio Corp.)
O4 - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" ()
O4 - HKLM..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [Wind0ws Ser7ice Agent] colwindos.exe File not found
O4 - HKU\.DEFAULT..\Run: [Windows Internet Player] wmplayer.exe File not found
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Wind0ws Ser7ice Agent] colwindos.exe File not found
O4 - HKU\S-1-5-18..\Run: [Windows Internet Player] wmplayer.exe File not found
O4 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe (MICRO-STAR INT'L CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\kris\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\kris\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind =
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions =
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun =
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-507921405-1957994488-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://myalbum.com/fr (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/... (WUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game07.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} https://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/08 15:57:50 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 17:03:21 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/05 17:03:22 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=orange]========== Files/Folders - Created Within 30 Days ==========/color

[9 C:\WINDOWS\*.tmp files]
[2009/05/06 22:58:12 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Bureau\OTListIt2.exe
[2009/05/06 16:55:27 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/05/06 16:55:15 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/06 16:55:15 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/06 16:55:15 | 00,021,248 | ---- | C] (AVIRA GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/06 16:55:12 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/06 16:55:10 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/06 16:55:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/06 16:46:57 | 22,148,280 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\antivir_workstation_winu_fr_h.exe
[2009/05/06 16:46:30 | 00,088,772 | ---- | C] () -- C:\Documents and Settings\kris\Mes documents\cc_20090506_164628.reg
[2009/05/06 16:35:14 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\kris\Bureau\aswclear.exe
[2009/05/05 22:33:23 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/05 22:32:45 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kris\Bureau\OTMoveIt3.exe
[2009/05/05 21:59:00 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/05 21:58:54 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\RSIT.exe
[2009/05/05 19:33:10 | 00,127,450 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\avendre.jpg
[2009/05/05 17:03:21 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/05/05 14:46:16 | 01,883,396 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\SmitfraudFix.exe
[2009/05/05 14:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kris\Bureau\SmitfraudFix
[2009/05/05 14:22:03 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/05/05 14:22:03 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/05/05 14:22:03 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/05/05 14:22:03 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/05/05 14:22:03 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/05/05 14:22:03 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/05/05 14:22:03 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/05/05 14:22:03 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/05/05 14:22:03 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/05/05 14:22:03 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/05/05 14:22:03 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/05/05 14:22:03 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/05/05 14:22:03 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/05/05 14:11:34 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/05/05 11:46:01 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/05/05 11:45:48 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/05/05 11:45:48 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/05/05 11:45:41 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2009/05/05 11:45:34 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools
[2009/05/05 11:45:33 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/05/05 11:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/05/04 13:13:44 | 00,800,876 | ---- | C] () -- C:\Documents and Settings\kris\Mes documents\cc_20090504_131342.reg
[2009/05/04 13:12:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/05/04 11:06:41 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/05/04 09:49:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/05/03 13:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\QUAD Utilities
[2009/05/03 13:13:57 | 00,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D580AED7-A7B1-486F-816D-A4F93CC53F52}.job
[2009/05/03 13:05:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2009/04/30 16:57:00 | 00,752,164 | ---- | C] () -- C:\Documents and Settings\kris\Mes documents\cc_20090430_1656.reg
[2009/04/27 19:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kris\Bureau\Nouveau dossier (5)
[2009/04/19 21:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/04/19 21:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kris\Mes documents\Mes vidÃ©os
[2009/04/15 14:10:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 14:10:34 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 14:10:34 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 14:10:33 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 14:10:33 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 14:10:33 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 14:10:32 | 00,739,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 14:10:32 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 14:10:32 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 13:45:55 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 13:45:54 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 13:35:52 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009/04/13 21:12:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kris\Application Data\DeepBurner
[2009/04/13 21:11:58 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\DeepBurner.lnk
[2009/04/13 21:11:54 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2009/04/12 22:01:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/12 22:01:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/04/12 22:00:44 | 00,055,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2009/04/12 21:59:33 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/04/12 21:59:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/04/12 21:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/04/12 21:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/04/12 20:34:06 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Windows Live
[2009/04/08 13:38:03 | 00,001,478 | ---- | C] () -- C:\Documents and Settings\kris\Bureau\Tunatic.lnk
[2009/04/08 13:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Tunatic
[2009/04/07 15:41:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/13 22:25:04 | 00,000,249 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2008/12/31 18:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/04 12:00:13 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/10/12 19:04:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2008/10/08 11:11:49 | 00,001,635 | ---- | C] () -- C:\WINDOWS\System32\PCDVersion.ini
[2008/10/07 15:13:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/07/28 10:19:18 | 04,202,496 | ---- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2008/06/17 16:19:00 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\eidlibj.dll.manifest
[2008/06/17 16:19:00 | 00,000,382 | ---- | C] () -- C:\WINDOWS\System32\beidlibjni.dll.manifest
[2008/05/18 19:03:59 | 00,000,274 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/05/14 15:23:33 | 00,000,072 | ---- | C] () -- C:\WINDOWS\mp3spt.ini
[2008/05/06 22:34:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/05/06 22:33:59 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/05/06 22:32:25 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/05/06 22:32:25 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/05/06 22:32:24 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/05/06 22:30:21 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/05/06 22:30:21 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/05/06 22:30:21 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/05/06 22:30:21 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/05/06 22:30:21 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/05/06 22:30:20 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/05/06 22:30:20 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/05/06 22:30:20 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/05/06 22:30:20 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/05/06 22:30:19 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/05/06 22:30:18 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/05/06 22:30:18 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/05/06 22:30:16 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/05/06 22:30:16 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[2008/02/29 15:00:55 | 00,000,031 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2008/02/07 23:14:23 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/12 22:44:33 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/12/06 00:28:27 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2007/08/02 13:44:40 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/07/23 12:00:48 | 00,000,161 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/07/23 12:00:37 | 00,000,210 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/07/11 19:25:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/07/05 10:17:39 | 00,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2007/07/05 10:17:38 | 00,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2007/07/05 10:17:38 | 00,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2007/07/02 18:32:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\COMPANIONAPP.INI
[2007/07/02 18:23:40 | 00,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/29 14:07:55 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/06/29 13:33:11 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/06/28 16:14:29 | 00,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2007/06/28 16:14:21 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007/06/28 16:13:57 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\Macd32.dll
[2007/06/28 16:13:57 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\Mase32.dll
[2007/06/28 16:13:57 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\Mamc32.dll
[2007/06/28 16:13:57 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\Masd32.dll
[2007/06/28 16:13:57 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ma32.dll
[2007/06/27 14:33:25 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/27 14:33:25 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/27 14:33:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/27 14:33:25 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/27 14:33:25 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/27 14:33:25 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/25 12:24:54 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2007/06/25 12:24:54 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/06/05 10:23:41 | 00,000,478 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/06/02 11:40:26 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/06/02 11:19:57 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/05/11 17:27:58 | 02,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/11/20 11:46:38 | 00,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/10/27 16:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/06/14 20:54:04 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\CTAlc001.dll
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/09/16 07:23:16 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\belpicppgui.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/01 00:01:30 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/05/28 05:21:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\FlashIcon.dll
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/12/02 11:23:04 | 00,069,632 | ---- | C] () -- C:\WINDOWS\asyncdiag.dll
[2002/08/30 14:00:00 | 00,000,687 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/30 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/05/29 01:55:23 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL

Réponse 36 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
6 mai 2009 à 23:46

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/05/06 23:00:00 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D580AED7-A7B1-486F-816D-A4F93CC53F52}.job
[2009/05/06 22:54:42 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Bureau\OTListIt2.exe
[2009/05/06 17:47:52 | 00,000,005 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2009/05/06 17:47:49 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/05/06 16:55:28 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/05/06 16:50:57 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{A265BE5A-01A7-4E2A-95EF-F3E8B064D814}
[2009/05/06 16:50:53 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{A265BE5A-01A7-4E2A-95EF-F3E8B064D814}
[2009/05/06 16:50:42 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/05/06 16:50:00 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\kris\Local Settings\desktop.ini
[2009/05/06 16:49:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/06 16:49:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/06 16:46:37 | 00,088,772 | ---- | M] () -- C:\Documents and Settings\kris\Mes documents\cc_20090506_164628.reg
[2009/05/06 16:41:16 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 16:40:14 | 00,013,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/06 16:40:06 | 02,363,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/06 16:33:38 | 22,148,280 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\antivir_workstation_winu_fr_h.exe
[2009/05/06 16:32:54 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\kris\Bureau\aswclear.exe
[2009/05/05 22:30:40 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kris\Bureau\OTMoveIt3.exe
[2009/05/05 21:55:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/05/05 21:51:46 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\RSIT.exe
[2009/05/05 19:33:10 | 00,127,450 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\avendre.jpg
[2009/05/05 14:21:26 | 01,883,396 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\SmitfraudFix.exe
[2009/05/05 14:11:34 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/05/05 11:45:41 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Spyware Doctor.lnk
[2009/05/04 13:13:59 | 00,800,876 | ---- | M] () -- C:\Documents and Settings\kris\Mes documents\cc_20090504_131342.reg
[2009/05/04 13:12:04 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\CCleaner.lnk
[2009/05/03 13:10:35 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\kris\Mes documents\desktop.ini
[2009/04/30 20:48:55 | 00,000,687 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 20:48:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/30 19:39:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/30 16:57:21 | 00,752,164 | ---- | M] () -- C:\Documents and Settings\kris\Mes documents\cc_20090430_1656.reg
[2009/04/30 01:36:38 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/16 11:33:44 | 01,014,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 11:33:44 | 00,467,562 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/04/16 11:33:44 | 00,400,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 11:33:44 | 00,074,246 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/04/16 11:33:44 | 00,060,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 22:34:49 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/15 14:51:58 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/13 21:11:58 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\DeepBurner.lnk
[2009/04/12 21:57:48 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\kris\Mes documents\Mes dossiers de partage.lnk
[2009/04/08 13:38:03 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\kris\Bureau\Tunatic.lnk

[color=orange]========== LOP Check ==========[/color]

[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2007/06/01 18:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF\Application Data
[2007/06/01 18:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.000\Application Data
[2007/06/01 18:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.000\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.000\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.001\Application Data
[2007/06/01 18:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.001\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.001\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.002\Application Data
[2007/06/01 18:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.002\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.002\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.003\Application Data
[2007/06/01 18:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.003\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.003\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.004\Application Data
[2007/06/01 18:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.004\Application Data\Macromedia
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.004\Application Data\Microsoft
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.005\Application Data
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrateur.KRIS-AALVBD1QFF.005\Application Data\Microsoft
[2009/05/06 16:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/15 12:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/05 11:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/01/22 16:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/06/23 20:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/06/23 20:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/06 16:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/04 12:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cyberlink
[2007/10/01 10:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/10/12 18:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/08/16 20:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/05/05 11:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/12/30 16:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/02 22:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2007/06/25 12:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/10/08 12:30:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/04/12 20:34:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/05 03:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/06/04 20:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2007/11/08 18:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/10/19 11:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/10/12 18:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/12/30 17:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/10/24 22:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2007/10/08 01:24:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/07/20 19:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2007/06/24 10:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/23 17:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/12/13 21:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/11/25 20:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2008/03/09 17:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/06 17:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/06 12:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/10/12 18:40:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trance Pad
[2008/10/12 18:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/12/15 21:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/10/12 18:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Widgets
[2007/06/02 11:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/13 22:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/12 21:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/05/04 13:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/04/07 15:42:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2007/05/30 23:26:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/05/03 13:16:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\kris\Application Data
[2009/01/22 17:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Adobe
[2007/10/05 17:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\AdobeUM
[2009/05/04 11:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Apple Computer
[2008/12/04 12:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\CyberLink
[2007/12/30 17:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Datalayer
[2009/04/13 21:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\DeepBurner
[2009/03/15 14:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\DivX
[2008/12/03 17:05:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Download Manager
[2008/12/13 16:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\flightgear.org
[2007/07/04 18:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Google
[2007/05/30 22:41:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Identities
[2008/04/08 12:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\InterTrust
[2007/06/30 00:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\InterVideo
[2007/10/04 17:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Leadertech
[2008/05/21 21:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Lexmark Productivity Studio
[2007/07/24 13:46:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Macromedia
[2007/12/06 00:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Media Player Classic
[2007/11/16 13:24:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\kris\Application Data\Microsoft
[2007/07/31 22:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Microsoft Web Folders
[2009/05/04 10:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Mozilla
[2007/11/08 18:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\muvee Technologies
[2007/10/19 11:48:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Nero
[2008/10/12 18:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Nikon
[2007/12/30 16:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Nokia
[2007/10/09 12:50:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Nokia Multimedia Player
[2007/07/04 23:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Nvu
[2009/05/06 16:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\OpenOffice.org2
[2007/10/09 12:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\PC Suite
[2007/06/04 19:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\PC Tools
[2008/02/07 23:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Samsung
[2009/05/05 16:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Skype
[2008/11/25 20:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Sports Interactive
[2007/06/04 10:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Sun
[2007/06/04 20:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Talkback
[2008/03/06 12:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\TomTom
[2009/04/15 22:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\uTorrent
[2008/01/04 18:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Vso
[2007/08/16 00:16:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\WinRAR
[2007/12/06 01:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kris\Application Data\Yahoo!
[2007/05/30 22:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/30 22:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2007/05/30 22:35:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/30 19:39:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/30 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/04/08 20:23:09 | 00,000,288 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2009/05/06 16:49:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/06 23:00:00 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D580AED7-A7B1-486F-816D-A4F93CC53F52}.job

[color=orange]========== Purity Check ==========[/color]

[color=orange]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
voila derniere partie

Réponse 37 / 83

Utilisateur anonyme
7 mai 2009 à 00:15

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Réponse 38 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
7 mai 2009 à 12:05

ComboFix 09-05-06.05 - kris 07/05/2009 11:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.380 [GMT 2:00]
Lancé depuis: c:\documents and settings\kris\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kris\Application Data\inst.exe
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\windows\f23567.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\ftpupd.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\t55ft2809f44.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-07 au 2009-05-07 ))))))))))))))))))))))))))))))))))))
.

2009-05-06 14:55 . 2009-05-06 14:55 -------- d-----w c:\program files\Avira
2009-05-06 14:55 . 2009-05-06 14:55 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-05 20:33 . 2009-05-05 20:33 -------- d-----w C:\_OTMoveIt
2009-05-05 19:59 . 2009-05-05 19:59 -------- d-----w C:\rsit
2009-05-05 12:11 . 2009-05-05 12:11 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-05-05 09:46 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-05 09:45 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-05 09:45 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-05 09:45 . 2009-05-05 09:46 -------- d-----w c:\program files\Fichiers communs\PC Tools
2009-05-05 09:45 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-05 09:44 . 2009-05-05 09:44 -------- dc----w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-04 11:12 . 2009-05-04 11:12 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-03 11:14 . 2009-05-03 11:14 -------- d-----w c:\documents and settings\kris\IECompatCache
2009-05-03 11:13 . 2009-05-03 11:13 -------- d-----w c:\documents and settings\kris\PrivacIE
2009-05-03 11:10 . 2009-05-03 11:10 -------- d-----w c:\documents and settings\kris\IETldCache
2009-05-03 11:05 . 2009-05-04 09:22 -------- dc----w c:\windows\ie8
2009-04-19 19:39 . 2009-04-19 19:39 -------- d-----w c:\program files\Veoh Networks
2009-04-15 12:10 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:10 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:10 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 12:10 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:10 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:10 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:10 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:10 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:10 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:45 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 11:35 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-13 19:12 . 2009-04-13 19:15 -------- d-----w c:\documents and settings\kris\Application Data\DeepBurner
2009-04-13 19:11 . 2009-04-13 19:11 -------- d-----w c:\program files\Astonsoft
2009-04-12 20:20 . 2009-04-30 14:31 -------- d-----w c:\documents and settings\kris\Tracing
2009-04-12 20:01 . 2009-04-14 08:30 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 20:01 . 2009-04-12 20:01 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-12 20:00 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-12 19:59 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-12 19:59 . 2009-04-12 19:59 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-12 19:56 . 2009-04-12 19:56 -------- d-----w c:\program files\Microsoft
2009-04-12 19:55 . 2009-04-12 19:55 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-12 18:34 . 2009-04-12 18:34 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-04-08 11:38 . 2009-04-08 11:38 -------- d-----w c:\program files\Tunatic
2009-04-07 13:41 . 2009-04-07 13:42 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 14:41 . 2009-04-03 22:06 -------- d-----w c:\program files\Alwil Software
2009-05-06 09:17 . 2007-06-04 17:10 -------- d-----w c:\program files\Spyware Doctor
2009-05-05 09:45 . 2007-06-01 15:29 -------- d-----w c:\program files\Google
2009-05-04 11:12 . 2007-12-05 23:26 -------- d-----w c:\program files\Yahoo!
2009-05-04 11:12 . 2008-10-08 09:26 -------- d-----w c:\program files\CCleaner
2009-04-16 09:33 . 2002-08-30 12:00 74246 ----a-w c:\windows\system32\perfc00C.dat
2009-04-16 09:33 . 2002-08-30 12:00 467562 ----a-w c:\windows\system32\perfh00C.dat
2009-04-12 20:00 . 2008-03-06 15:44 -------- d-----w c:\program files\Windows Live
2009-04-10 13:54 . 2007-06-14 13:50 -------- d-----w c:\program files\eMule
2009-04-03 07:32 . 2009-04-02 07:47 1929 ---h--w c:\windows\f5087.dat
2009-04-02 21:20 . 2009-04-02 21:20 2 ---h--w c:\windows\t55ft2810f44.dat
2009-04-01 08:18 . 2009-04-01 08:18 2 ---h--w c:\windows\t55ft2801f44.dat
2009-04-01 08:18 . 2009-04-01 08:18 2 ---h--w c:\windows\t55ft2784f44.dat
2009-03-23 15:31 . 2009-03-23 15:31 -------- d-----r c:\program files\Skype
2009-03-19 10:16 . 2007-06-01 15:42 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-19 10:16 . 2007-06-05 08:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 23:09 . 2007-06-04 18:25 -------- d-----w c:\program files\Java
2009-03-16 14:52 . 2009-03-16 14:52 -------- d-----w c:\program files\ONES Trial (F)
2009-03-15 12:31 . 2007-12-05 23:27 -------- d-----w c:\program files\DivX
2009-03-15 12:31 . 2009-03-15 12:30 -------- d-----w c:\program files\Fichiers communs\DivX Shared
2009-03-15 10:58 . 2008-06-23 18:52 -------- d-----w c:\program files\Apple Software Update
2009-03-15 10:53 . 2009-03-15 10:53 -------- d-----w c:\program files\iTunes
2009-03-15 10:53 . 2009-03-15 10:53 -------- d-----w c:\program files\iPod
2009-03-15 10:52 . 2007-08-16 16:55 -------- d-----w c:\program files\Bonjour
2009-03-15 10:51 . 2009-03-15 10:51 -------- d-----w c:\program files\QuickTime
2009-03-13 20:43 . 2009-03-13 20:43 -------- d-----w c:\program files\Belgium Identity Card
2009-03-13 20:24 . 2009-03-13 20:24 -------- d-----w c:\program files\EmvSmartCardReader
2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-15 10:44 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 . 2009-03-15 10:44 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 00:13 . 2002-08-30 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2007-06-01 22:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:06 . 2002-08-29 11:42 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2002-08-30 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2002-08-30 12:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2002-08-30 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2002-08-30 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2002-08-30 12:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2002-08-30 12:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2002-08-30 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2002-08-30 12:00 35328 ----a-w c:\windows\system32\sc.exe
2007-12-13 19:30 . 2007-12-13 19:30 0 --sh--w c:\windows\S8631CF5C.tmp
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"FlashIcon"="c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [2004-07-21 40960]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-04-03 151552]
"SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 73826]
"BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 27136]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-01 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\kris\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-6-27 184320]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2004-12-31 552960]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-6-28 245760]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Documents and Settings\\kris\\Bureau\\IncMail.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [05/05/2009 11:45 130936]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2009 16:52 15172]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/04/2009 22:00 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [06/05/2008 22:33 99248]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/03/2008 20:58 348752]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 12:18 202016]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [07/06/2007 15:37 6400]
R4 PCAlertDriver;PCAlertDriver;c:\program files\MSI\PC Alert 4\NTGLM7X.sys [31/12/2004 23:44 28160]
S2 Maxtor Network Analysis Tool;Maxtor Network Analysis Tool;"c:\windows\System32\dllcache\winsshr.exe" --> c:\windows\System32\dllcache\winsshr.exe [?]
S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [28/06/2007 16:14 698368]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [05/06/2007 10:25 16269]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [18/09/2006 16:12 20269]
S3 filter;filter;c:\windows\system32\drivers\filter.sys [05/07/2004 07:20 8832]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/2008 16:14 191656]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [29/06/2007 13:33 18359]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2008-04-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 10:01]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{D580AED7-A7B1-486F-816D-A4F93CC53F52}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-Windows Internet Player - wmplayer.exe
HKU-Default-Run-Wind0ws Ser7ice Agent - colwindos.exe

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 11:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,df,3b,70,51,f4,
b8,36,61,2e,e8,e1,00,eb,16,2b,de,27,ac,d4,7a,d8,3d,5a,27,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5e,05,7b,ea,fa,
74,d8,60,46,47,15,b0,92,4b,c7,ef,87,a2,8d,52,09,15,c8,97,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,13,16,43,ae,49,
f7,ed,e9,7a,45,05,fd,91,e8,6f,31,c2,3a,67,bd,51,da,8c,b3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,95,d5,11,34,ef,
87,fc,f7,6b,65,49,6a,7e,99,74,f7,83,d4,e2,94,69,0c,9a,4f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4e,bf,af,d7,7a,
cf,b2,b7,e9,02,6c,fa,fb,1d,47,57,1f,b7,2a,9d,3c,60,89,be,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,3a,42,51,41,62,
26,31,74,50,93,e5,ab,ec,6a,4e,ab,dc,e1,94,74,7a,8e,f5,4c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5f,c1,e5,6f,a9,
6a,55,e9,97,20,4e,9a,c7,f1,35,ee,f4,2a,0a,44,a5,8a,39,81,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,cd,3a,14,1a,98,
28,bd,09,aa,52,c6,00,84,3c,26,64,fc,93,76,ee,76,70,f9,e4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,95,68,e7,01,c8,
29,cc,91,b2,46,9a,e2,1b,fe,1b,94,47,b3,e6,9b,ce,7a,3b,05,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d0,50,1f,d7,4f,
41,fa,46,37,a4,aa,c3,a6,15,56,0a,cb,d7,1f,ad,77,5f,58,83,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,0f,81,a9,77,d6,
78,74,a0,f8,31,0f,a9,5f,a0,ec,fb,d5,03,6b,0e,6c,47,54,b0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e3,2c,bc,29,cc,
b4,23,c6,05,73,21,dd,54,d8,4a,c5,78,d3,6f,cf,5c,ce,69,2f,6c,43,2d,1e,aa,22,\
.
Heure de fin: 2009-05-07 11:59
ComboFix-quarantined-files.txt 2009-05-07 09:59

Avant-CF: 14 964 502 528 octets libres
Après-CF: 14 941 880 320 octets libres

322 --- E O F --- 2009-05-05 01:03

Réponse 39 / 83

Utilisateur anonyme
7 mai 2009 à 12:14

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\windows\f5087.dat
c:\windows\t55ft2810f44.dat
c:\windows\t55ft2801f44.dat
c:\windows\t55ft2784f44.dat
c:\windows\S8631CF5C.tmp
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix)

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

ca serait bien d'installer la console de recuperation c'est important

Réponse 40 / 83

sroky Messages postés 104 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 1 mars 2015
7 mai 2009 à 22:08

pour la console de recuperation , j arrive pas a me connecter a internet avec ce pc la...

ComboFix 09-05-06.05 - kris 07/05/2009 21:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.412 [GMT 2:00]
Lancé depuis: c:\documents and settings\kris\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\kris\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
c:\windows\f5087.dat
c:\windows\S8631CF5C.tmp
c:\windows\t55ft2784f44.dat
c:\windows\t55ft2801f44.dat
c:\windows\t55ft2810f44.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f5087.dat
c:\windows\S8631CF5C.tmp
c:\windows\t55ft2784f44.dat
c:\windows\t55ft2801f44.dat
c:\windows\t55ft2810f44.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-07 au 2009-05-07 ))))))))))))))))))))))))))))))))))))
.

2009-05-06 14:55 . 2009-05-06 14:55 -------- d-----w c:\program files\Avira
2009-05-06 14:55 . 2009-05-06 14:55 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-05 20:33 . 2009-05-05 20:33 -------- d-----w C:\_OTMoveIt
2009-05-05 19:59 . 2009-05-05 19:59 -------- d-----w C:\rsit
2009-05-05 12:11 . 2009-05-05 12:11 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-05-05 09:46 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-05 09:45 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-05 09:45 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-05 09:45 . 2009-05-05 09:46 -------- d-----w c:\program files\Fichiers communs\PC Tools
2009-05-05 09:45 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-05 09:44 . 2009-05-05 09:44 -------- dc----w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-04 11:12 . 2009-05-04 11:12 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-03 11:14 . 2009-05-03 11:14 -------- d-----w c:\documents and settings\kris\IECompatCache
2009-05-03 11:13 . 2009-05-03 11:13 -------- d-----w c:\documents and settings\kris\PrivacIE
2009-05-03 11:10 . 2009-05-03 11:10 -------- d-----w c:\documents and settings\kris\IETldCache
2009-05-03 11:05 . 2009-05-04 09:22 -------- dc----w c:\windows\ie8
2009-04-19 19:39 . 2009-04-19 19:39 -------- d-----w c:\program files\Veoh Networks
2009-04-15 12:10 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:10 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:10 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 12:10 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:10 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:10 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:10 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:10 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:10 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:45 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 11:35 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-13 19:12 . 2009-04-13 19:15 -------- d-----w c:\documents and settings\kris\Application Data\DeepBurner
2009-04-13 19:11 . 2009-04-13 19:11 -------- d-----w c:\program files\Astonsoft
2009-04-12 20:20 . 2009-04-30 14:31 -------- d-----w c:\documents and settings\kris\Tracing
2009-04-12 20:01 . 2009-04-14 08:30 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-12 20:01 . 2009-04-12 20:01 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-12 20:00 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-12 19:59 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-12 19:59 . 2009-04-12 19:59 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-12 19:56 . 2009-04-12 19:56 -------- d-----w c:\program files\Microsoft
2009-04-12 19:55 . 2009-04-12 19:55 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-12 18:34 . 2009-04-12 18:34 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-04-08 11:38 . 2009-04-08 11:38 -------- d-----w c:\program files\Tunatic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 14:41 . 2009-04-03 22:06 -------- d-----w c:\program files\Alwil Software
2009-05-06 09:17 . 2007-06-04 17:10 -------- d-----w c:\program files\Spyware Doctor
2009-05-05 09:45 . 2007-06-01 15:29 -------- d-----w c:\program files\Google
2009-05-04 11:12 . 2007-12-05 23:26 -------- d-----w c:\program files\Yahoo!
2009-05-04 11:12 . 2008-10-08 09:26 -------- d-----w c:\program files\CCleaner
2009-04-16 09:33 . 2002-08-30 12:00 74246 ----a-w c:\windows\system32\perfc00C.dat
2009-04-16 09:33 . 2002-08-30 12:00 467562 ----a-w c:\windows\system32\perfh00C.dat
2009-04-12 20:00 . 2008-03-06 15:44 -------- d-----w c:\program files\Windows Live
2009-04-10 13:54 . 2007-06-14 13:50 -------- d-----w c:\program files\eMule
2009-03-23 15:31 . 2009-03-23 15:31 -------- d-----r c:\program files\Skype
2009-03-19 10:16 . 2007-06-01 15:42 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-19 10:16 . 2007-06-05 08:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 23:09 . 2007-06-04 18:25 -------- d-----w c:\program files\Java
2009-03-16 14:52 . 2009-03-16 14:52 -------- d-----w c:\program files\ONES Trial (F)
2009-03-15 12:31 . 2007-12-05 23:27 -------- d-----w c:\program files\DivX
2009-03-15 12:31 . 2009-03-15 12:30 -------- d-----w c:\program files\Fichiers communs\DivX Shared
2009-03-15 10:58 . 2008-06-23 18:52 -------- d-----w c:\program files\Apple Software Update
2009-03-15 10:53 . 2009-03-15 10:53 -------- d-----w c:\program files\iTunes
2009-03-15 10:53 . 2009-03-15 10:53 -------- d-----w c:\program files\iPod
2009-03-15 10:52 . 2007-08-16 16:55 -------- d-----w c:\program files\Bonjour
2009-03-15 10:51 . 2009-03-15 10:51 -------- d-----w c:\program files\QuickTime
2009-03-13 20:43 . 2009-03-13 20:43 -------- d-----w c:\program files\Belgium Identity Card
2009-03-13 20:24 . 2009-03-13 20:24 -------- d-----w c:\program files\EmvSmartCardReader
2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 22:59 . 2009-03-15 10:44 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 22:59 . 2009-03-15 10:44 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 00:13 . 2002-08-30 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2007-06-01 22:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:06 . 2002-08-29 11:42 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2002-08-30 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2002-08-30 12:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2002-08-30 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2002-08-30 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2002-08-30 12:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2002-08-30 12:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2002-08-30 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"FlashIcon"="c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [2004-07-21 40960]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-04-03 151552]
"SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 73826]
"BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 27136]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-01 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\kris\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-6-27 184320]
PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2004-12-31 552960]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-6-28 245760]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Documents and Settings\\kris\\Bureau\\IncMail.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"c:\\Program Files\\eChanblard\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [05/05/2009 11:45 130936]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [16/03/2009 16:52 15172]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/04/2009 22:00 55152]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [06/05/2008 22:33 99248]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/03/2008 20:58 348752]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 12:18 202016]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [07/06/2007 15:37 6400]
R4 PCAlertDriver;PCAlertDriver;c:\program files\MSI\PC Alert 4\NTGLM7X.sys [31/12/2004 23:44 28160]
S2 Maxtor Network Analysis Tool;Maxtor Network Analysis Tool;"c:\windows\System32\dllcache\winsshr.exe" --> c:\windows\System32\dllcache\winsshr.exe [?]
S3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [28/06/2007 16:14 698368]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [05/06/2007 10:25 16269]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\drivers\EMVSCARD.sys [18/09/2006 16:12 20269]
S3 filter;filter;c:\windows\system32\drivers\filter.sys [05/07/2004 07:20 8832]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/2008 16:14 191656]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [29/06/2007 13:33 18359]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2008-04-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 10:01]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{D580AED7-A7B1-486F-816D-A4F93CC53F52}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 21:56
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,df,3b,70,51,f4,
b8,36,61,2e,e8,e1,00,eb,16,2b,de,27,ac,d4,7a,d8,3d,5a,27,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,5e,05,7b,ea,fa,
74,d8,60,46,47,15,b0,92,4b,c7,ef,87,a2,8d,52,09,15,c8,97,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,13,16,43,ae,49,
f7,ed,e9,7a,45,05,fd,91,e8,6f,31,c2,3a,67,bd,51,da,8c,b3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,95,d5,11,34,ef,
87,fc,f7,6b,65,49,6a,7e,99,74,f7,83,d4,e2,94,69,0c,9a,4f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4e,bf,af,d7,7a,
cf,b2,b7,e9,02,6c,fa,fb,1d,47,57,1f,b7,2a,9d,3c,60,89,be,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,3a,42,51,41,62,
26,31,74,50,93,e5,ab,ec,6a,4e,ab,dc,e1,94,74,7a,8e,f5,4c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5f,c1,e5,6f,a9,
6a,55,e9,97,20,4e,9a,c7,f1,35,ee,f4,2a,0a,44,a5,8a,39,81,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,cd,3a,14,1a,98,
28,bd,09,aa,52,c6,00,84,3c,26,64,fc,93,76,ee,76,70,f9,e4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,95,68,e7,01,c8,
29,cc,91,b2,46,9a,e2,1b,fe,1b,94,47,b3,e6,9b,ce,7a,3b,05,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d0,50,1f,d7,4f,
41,fa,46,37,a4,aa,c3,a6,15,56,0a,cb,d7,1f,ad,77,5f,58,83,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,0f,81,a9,77,d6,
78,74,a0,f8,31,0f,a9,5f,a0,ec,fb,d5,03,6b,0e,6c,47,54,b0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e3,2c,bc,29,cc,
b4,23,c6,05,73,21,dd,54,d8,4a,c5,78,d3,6f,cf,5c,ce,69,2f,6c,43,2d,1e,aa,22,\
.
Heure de fin: 2009-05-07 22:02
ComboFix-quarantined-files.txt 2009-05-07 20:01
ComboFix2.txt 2009-05-07 09:59

Avant-CF: 14 941 335 552 octets libres
Après-CF: 14 930 100 224 octets libres

303 --- E O F --- 2009-05-05 01:03

Discussions similaires

win32:malware-gen bloqué par avast

C'est quoi "Win32:Trojan-gen {Other}"

Que fait le virus LPI Win32 Pup-Gen

Comment supprimer le virus Trojan

Problème avec "PUADIManager:Win32/OfferCore