Désinstaller system security virus

lion.d -  
saroune85 Messages postés 1 Statut Membre -
Bonjour,
Je suis infecter par le virus " System Security 4.51", avec des pop-ups et des lancements de pub intempestives.
mon pc refuse de lancer mon antivirus avast qui se ferme directement.
J'ai essayer d'installer de nouveau antivirus et anti spyware mais ils sont tous systematiquement bloquer; donc impossible de les installer.
je ne sais que faire; alors si quelqu'un peu m'aider ca serait tres tres sympa!!!

Merci
Configuration: Windows XP Internet Explorer 7.0

19 réponses

Résumé de la discussion

Une machine sous Windows XP est infectée par le virus System Security 4.51, provoquant pop-ups et publicités intempestives, et Avast se ferme dès son lancement; plusieurs antivirus tentés ne s'installent pas. Des contributeurs proposent divers outils et procédures, notamment OTViewIt, Rooter, MalwareBytes et Combofix, avec des étapes comme désactiver temporairement les protections et exécuter les scans en mode sans échec. L'utilisateur signale que, malgré ces tentatives, rien ne fonctionne et que même le gestionnaire des tâches ou la console restent inaccessibles, compliquant l'installation de logiciels de sécurité. Dernièrement, l'utilisateur indique avoir téléchargé Combofix et prévoit de l'exécuter en mode sans échec, ce qui précise la direction suivante que pourraient prendre les interventions, selon les rapports et conseils techniques.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. V-X
     
    Re,

    Il faut le faire en mode normal ce rapport.

    merci
    2
    1. lion.d Messages postés 22 Statut Membre
       
      re,
      en mode normal ca marche; OTViewlt est bloquer au lancement
      0
    2. lion.d Messages postés 22 Statut Membre
       
      re,
      je voulais plutot dire en mode normal ca marche pas; OTViewlt est systematiquement bloquer au lancement
      0
  2. V-X
     
    Re,

    fait otweiwit.
    1
    1. lion.d Messages postés 22 Statut Membre
       
      voici le rapport OTViewlt:


      OTViewIt logfile created on: 13/05/2009 00:59:41 - Run
      OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Hugues Miere\Desktop
      Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.11)
      Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

      991.48 Mb Total Physical Memory | 731.71 Mb Available Physical Memory | 73.80% Memory free
      1.21 Gb Paging File | 1.03 Gb Available in Paging File | 84.82% Paging File free
      Paging file location(s): C:\pagefile.sys 336 672;

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 37.26 Gb Total Space | 7.73 Gb Free Space | 20.75% Space Free | Partition Type: FAT32
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded

      Computer Name: KIMBOULI
      Current User Name: Hugues Miere
      Logged in as Administrator.

      Current Boot Mode: SafeMode with Networking
      Scan Mode: All users
      Whitelist: On
      File Age = 90 Days

      [color=orange]========== Processes ==========[/color]

      [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
      [2007/12/06 11:01:26 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
      [2009/05/13 00:57:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe

      [color=orange]========== (O23) Win32 Services ==========[/color]

      [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
      [2007/06/26 21:32:56 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service [Auto | Stopped])
      [2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Belkin\F5D7051\WLService.exe -- (Belkin High-Speed Mode Wireless G USB Network Adapter Service [Auto | Stopped])
      [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
      [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
      [2009/04/21 15:36:50 | 00,216,232 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice [On_Demand | Stopped])
      [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
      [2005/11/04 10:21:52 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])
      [2005/11/04 10:20:00 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Stopped])
      [2005/11/04 10:16:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Stopped])
      [2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk [Auto | Stopped])
      [2007/08/02 14:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
      [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
      [2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk [Auto | Stopped])
      [2008/12/10 00:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
      [2009/02/15 00:22:12 | 06,558,336 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- (wampmysqld [On_Demand | Stopped])
      [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
      [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

      [color=orange]========== Driver Services ==========[/color]

      [2004/06/29 09:07:18 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
      [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
      [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
      [2004/02/24 11:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
      [2004/05/14 23:24:10 | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
      [2004/08/04 05:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\amdk7.sys -- (AmdK7 [System | Stopped])
      File not found -- -- (catchme [Disabled | Running])
      [2005/10/22 16:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Stopped])
      [2009/04/21 15:39:26 | 00,014,336 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2 [On_Demand | Stopped])
      [2005/10/22 16:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
      [2005/10/22 16:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
      [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
      [2007/01/31 09:01:16 | 00,256,000 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\netr73.sys -- (netr73 [On_Demand | Stopped])
      [2005/05/11 03:49:44 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
      [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
      [2005/10/22 16:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
      [2009/04/15 21:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
      [2005/11/04 09:49:30 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys -- (RxFilter [System | Stopped])
      [2006/05/01 13:16:22 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
      [2006/05/01 13:17:12 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
      [2006/05/01 13:17:16 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
      [2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
      [2004/07/08 20:12:00 | 00,217,600 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
      [2004/02/28 10:58:42 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
      [2003/03/25 17:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
      [2002/10/17 15:14:46 | 00,049,024 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot | Running])
      [2004/07/08 20:11:00 | 00,012,416 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys -- (SiSkp [System | Stopped])
      [2004/02/28 10:57:14 | 00,032,256 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
      [2002/08/20 17:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
      [2004/08/04 05:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])

      [color=orange]========== (R ) Internet Explorer ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"=https://www.msn.com/fr-fr/?ocid=iehp
      "Default_Search_URL"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      "Default_Secondary_Page_URL"=
      "Extensions Off Page"=about:NoAdd-ons
      "Local Page"=%SystemRoot%\system32\blank.htm
      "Search Page"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      "Security Risk Page"=about:SecurityRisk
      "Start Page"=https://www.msn.com/fr-fr/?ocid=iehp

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
      "CustomizeSearch"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      "SearchAssistant"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Local Page"=C:\WINDOWS\system32\blank.htm
      "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      "Start Page"=https://fr.yahoo.com/

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      "ProxyEnable" = 0

      [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      "ProxyEnable" = 0

      [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

      [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      "ProxyEnable" = 0

      [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Start Page"=https://www.acer.com/worldwide/selection.html

      [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Start Page"=https://www.acer.com/worldwide/selection.html

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Local Page"=C:\WINDOWS\system32\blank.htm
      "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      "Start Page"=https://fr.yahoo.com/

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      "ProxyEnable" = 0

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\SOFTWARE\Microsoft\Internet Explorer\Main]
      "Local Page"=C:\WINDOWS\system32\blank.htm
      "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      "Start Page"=https://www.acer.com/worldwide/selection.html

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\Software\Microsoft\Internet Explorer\SearchURL]
      "provider"=

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

      [color=orange]========== (O1) Hosts File ==========[/color]

      HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
      First 25 entries...
      127.0.0.1 localhost

      [color=orange]========== (O2) BHO's ==========[/color]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

      [color=orange]========== (O3) Toolbars ==========[/color]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

      [color=orange]========== (O4) Run Keys ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "10955314"=C:\Documents and Settings\All Users\Application Data\10955314\10955314.exe ()
      "60975309"=C:\Documents and Settings\All Users\Application Data\60975309\60975309.exe ()
      "AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
      "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
      "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
      "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions)
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ()
      "SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
      "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON Telecom Belgium)
      "TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk (SupportSoft, Inc.)

      [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

      [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

      [color=orange]========== (O4) Startup Folders ==========[/color]

      [1999/02/17 21:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

      [color=orange]========== (O6 & O7) Current Version Policies ==========[/color]

      [HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
      "nosplash"=1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveAutoRun"=67108863
      "NoDriveTypeAutoRun"=323
      "NoDrives"=0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "DisableRegistryTools"=0

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=323
      "NoDriveAutoRun"=67108863
      "NoDrives"=0

      [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=323
      "NoDriveAutoRun"=67108863

      [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=323
      "NoDriveAutoRun"=67108863

      [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=323
      "NoDriveAutoRun"=67108863
      "NoDrives"=0

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
      "NoDriveTypeAutoRun"=145

      [color=orange]========== (O9) IE Extensions ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
      {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
      {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)
      {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
      CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

      [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
      CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

      [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
      CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

      [HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
      CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

      [color=orange]========== (O12) Internet Explorer Plugins ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
      PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
      PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

      [color=orange]========== (O13) Default Prefixes ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
      ""=http://

      [color=orange]========== (O15) Trusted Sites ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
      1 domain(s) and sub-domain(s) not assigned to a zone.

      [color=orange]========== (O16) DPF ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
      {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
      {4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab -- DLM Control
      {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/... -- MUWebControl Class
      {867E13F2-7F31-44FB-AC97-CD38E0DC46EF}: http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab -- HardwareDetection Control
      {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

      [color=orange]========== (O17) DNS Name Servers ==========[/color]

      {04AD6DB8-0C45-4EE2-ABF4-9AE627D6037D} (Servers: | Description: Belkin High-Speed Mode Wireless G USB Network Adapter)
      {FDE6503C-1BD7-4964-BECA-E308C9B4DD72} (Servers: | Description: SiS 900 PCI Fast Ethernet Adapter)

      [color=orange]========== Shell Execute Hooks ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)

      [color=orange]========== Safeboot Options ==========[/color]

      "AlternateShell"=cmd.exe

      [color=orange]========== CDRom AutoRun Settings ==========[/color]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
      "AutoRun" = 1

      [color=orange]========== Autorun Files on Drives ==========[/color]

      AUTOEXEC.BAT []
      [2004/04/09 16:42:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

      [color=orange]========== Files/Folders - Created Within 90 Days ==========[/color]

      [3 C:\WINDOWS\System32\*.tmp files]
      [3 C:\Documents and Settings\Hugues Miere\My Documents\*.tmp files]
      [2009/05/13 00:57:51 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe
      [2009/05/13 00:51:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
      [2009/05/13 00:47:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak
      [2009/05/13 00:47:37 | 00,260,272 | ---- | C] () -- C:\cmldr
      [2009/05/13 00:47:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
      [2009/05/13 00:34:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
      [2009/05/13 00:34:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
      [2009/05/13 00:34:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
      [2009/05/13 00:34:07 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
      [2009/05/13 00:34:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
      [2009/05/13 00:34:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
      [2009/05/13 00:34:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
      [2009/05/13 00:34:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
      [2009/05/13 00:34:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
      [2009/05/13 00:27:25 | 00,000,000 | ---D | C] -- C:\Qoobox
      [2009/05/13 00:14:52 | 00,000,000 | ---D | C] -- C:\Rooter$
      [2009/05/13 00:14:20 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Rooter.exe
      [2009/05/12 23:51:05 | 03,021,595 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\lion.exe
      [2009/05/12 23:16:31 | 00,020,593 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\LanguesDiag.ini
      [2009/05/12 23:16:31 | 00,000,231 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\ConfigDiag.ini
      [2009/05/12 21:40:43 | 03,021,595 | R--- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\ComboFix.exe
      [2009/05/12 21:31:09 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Hugues Miere\Desktop\spybotsd162.exe
      [2009/05/12 21:29:33 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Hugues Miere\Desktop\ccsetup219.exe
      [2009/05/12 21:27:42 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Lavasoft_Adaware_multi.exe
      [2009/05/12 21:25:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
      [2009/05/12 04:59:08 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\2023729596.dat
      [2009/05/12 04:37:54 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\os60975309.ini
      [2009/05/12 04:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\60975309
      [2009/05/12 04:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\10955314
      [2009/05/12 01:56:59 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
      [2009/05/12 01:56:52 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
      [2009/05/12 01:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
      [2009/05/12 01:56:32 | 00,001,398 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\DivX Movies.lnk
      [2009/05/12 01:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
      [2009/05/12 01:55:03 | 19,387,336 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Hugues Miere\Desktop\DivXInstaller.exe
      [2009/05/10 23:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Unused Desktop Shortcuts
      [2009/05/07 01:59:10 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Ne pas s arreter.doc
      [2009/05/03 02:20:30 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Les Plenitudes.doc
      [2009/05/02 12:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\My Received Files
      [2009/05/02 05:11:24 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\separation.doc
      [2009/05/02 05:03:52 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\LE MYSTERE DE LA SEMENCE.doc
      [2009/05/02 04:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\vlc
      [2009/05/02 04:47:37 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
      [2009/05/02 04:33:09 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Citations.doc
      [2009/05/02 00:36:39 | 16,742,799 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\vlc-0.9.9-win32.exe
      [2009/04/28 01:51:34 | 00,001,408 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\eaglespace_bientot.html
      [2009/04/28 01:28:07 | 01,912,320 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\voiture selection.doc
      [2009/04/28 01:11:16 | 01,912,320 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\1996 MITSUBISHI SHOGUN 2.doc
      [2009/04/15 21:24:40 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
      [2009/04/15 21:24:38 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
      [2009/04/15 21:24:38 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
      [2009/04/15 21:24:38 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
      [2009/04/15 21:24:38 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
      [2009/04/15 21:24:38 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
      [2009/04/14 13:31:28 | 00,483,840 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA.doc
      [2009/04/12 13:12:25 | 00,489,472 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA 4.doc
      [2009/04/06 23:16:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\Adobe CS4
      [2009/04/06 23:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Adobe CS4
      [2009/04/06 22:23:29 | 12,150,42899 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\ADBEFLPRCS4_LS4.7z
      [2009/04/06 22:23:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Download Manager
      [2009/04/06 22:06:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\3588
      [2009/04/06 22:06:12 | 05,409,924 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\3588.zip
      [2009/04/06 21:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\VoipDiscount
      [2009/04/06 20:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
      [2009/04/06 20:56:55 | 04,116,848 | ---- | C] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\Hugues Miere\My Documents\setupvoipdiscount.exe
      [2009/04/05 10:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\{A63E302F-17E1-4831-A300-723481916564}
      [2009/04/05 00:01:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
      [2009/04/05 00:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Mozilla
      [2009/04/05 00:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Mozilla
      [2009/04/05 00:01:40 | 00,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
      [2009/04/05 00:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
      [2009/04/05 00:00:49 | 07,618,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\Hugues Miere\My Documents\Firefox Setup 3.0.8.exe
      [2009/03/31 05:25:36 | 00,008,102 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\3529.html
      [2009/03/31 05:09:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\images
      [2009/03/29 17:08:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\toyota
      [2009/03/29 17:08:09 | 00,489,652 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota.rar
      [2009/03/28 14:20:09 | 00,570,368 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\Echantillon Church's.doc
      [2009/03/25 23:49:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\Shareaza Downloads
      [2009/03/23 02:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\New Folder (2)
      [2009/03/23 01:33:29 | 00,000,397 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\WampServer.lnk
      [2009/03/23 01:32:45 | 00,000,000 | ---D | C] -- C:\wamp
      [2009/03/21 13:24:49 | 00,081,408 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\JEEP GRAND CHEROKEE 2002 147000 Miles.doc
      [2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\Shareaza
      [2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Shareaza
      [2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Shareaza
      [2009/03/20 00:38:52 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\53-1213M.doc
      [2009/03/19 01:09:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
      [2009/03/18 12:22:21 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\0870.doc
      [2009/03/12 17:49:45 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\lettre de Benoit 16.doc
      [2009/03/04 23:55:53 | 00,000,028 | ---- | C] () -- C:\WINDOWS\bibpdfsuite.ini
      [2009/02/23 00:50:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Sony Ericsson
      [2009/02/23 00:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update
      [2009/02/23 00:48:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
      [2009/02/23 00:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
      [2009/02/23 00:48:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\InstallShield
      [2009/02/23 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Sony
      [2009/02/23 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
      [2009/02/23 00:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Sony
      [2009/02/23 00:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
      [2009/02/23 00:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
      [2009/02/23 00:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
      [2009/02/23 00:44:23 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
      [2009/02/23 00:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Apple
      [2009/02/23 00:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
      [2009/02/23 00:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
      [2009/02/23 00:39:37 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
      [2009/02/23 00:38:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
      [2009/02/23 00:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Sony Setup
      [2009/02/23 00:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
      [2009/02/23 00:04:48 | 00,097,184 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Emdm.sys
      [2009/02/23 00:04:48 | 00,061,600 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ebus.sys
      [2009/02/23 00:04:48 | 00,009,360 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Emdfl.sys
      [2009/02/23 00:04:48 | 00,006,240 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ecmnt.sys
      [2009/02/23 00:04:48 | 00,006,240 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ecm.sys
      [2009/02/23 00:04:48 | 00,005,872 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ewhnt.sys
      [2009/02/23 00:04:48 | 00,005,872 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ewh.sys
      [2009/02/21 12:02:40 | 00,549,888 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\2001 51 Reg MITSUBISHI Shogun Sport 2 ORIG..doc
      [2009/02/21 11:59:29 | 00,514,560 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\MITSUBISHI Shogun Sport 2.doc
      [2009/02/21 10:41:50 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\LAREDO 2.doc
      [2009/02/21 01:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\New Folder
      [2009/02/20 23:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Alfa Romeo
      [2009/02/18 23:02:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\focus
      [2009/02/18 00:20:48 | 00,072,679 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\billet.pdf
      [2009/02/17 12:59:05 | 01,234,432 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\Sans titre-1.psd
      [2009/02/17 00:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\site internet
      [2009/02/14 00:55:16 | 00,133,632 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota pickup.doc

      [color=orange]========== Files - Modified Within 90 Days ==========[/color]

      [3 C:\WINDOWS\System32\*.tmp files]
      [3 C:\Documents and Settings\Hugues Miere\My Documents\*.tmp files]
      [2009/05/13 00:57:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe
      [2009/05/13 00:50:24 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
      [2009/05/13 00:47:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
      [2009/05/13 00:47:22 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
      [2009/05/13 00:46:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2009/05/13 00:44:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2009/05/13 00:43:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2009/05/13 00:33:40 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
      [2009/05/13 00:14:22 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Rooter.exe
      [2009/05/12 23:51:14 | 03,021,595 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\lion.exe
      [2009/05/12 21:40:50 | 03,021,595 | R--- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\ComboFix.exe
      [2009/05/12 21:31:10 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Hugues Miere\Desktop\spybotsd162.exe
      [2009/05/12 21:29:40 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Hugues Miere\Desktop\ccsetup219.exe
      [2009/05/12 21:27:44 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Lavasoft_Adaware_multi.exe
      [2009/05/12 14:56:22 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\2023729596.dat
      [2009/05/12 04:58:56 | 00,000,003 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\os60975309.ini
      [2009/05/12 04:37:02 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
      [2009/05/12 01:57:00 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
      [2009/05/12 01:56:54 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
      [2009/05/12 01:56:34 | 00,001,398 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\DivX Movies.lnk
      [2009/05/12 01:55:36 | 19,387,336 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Hugues Miere\Desktop\DivXInstaller.exe
      [2009/05/09 12:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [2009/05/07 01:59:12 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Ne pas s arreter.doc
      [2009/05/07 01:39:10 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Microsoft Word.lnk
      [2009/05/03 02:20:32 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Les Plenitudes.doc
      [2009/05/02 14:47:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Application Data\AVSDVDPlayer.m3u
      [2009/05/02 14:47:10 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\separation.doc
      [2009/05/02 05:13:12 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Citations.doc
      [2009/05/02 05:04:28 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\LE MYSTERE DE LA SEMENCE.doc
      [2009/05/02 04:47:38 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
      [2009/05/02 00:37:02 | 16,742,799 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\vlc-0.9.9-win32.exe
      [2009/05/01 22:50:28 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/05/01 15:36:48 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
      [2009/04/28 01:51:36 | 00,001,408 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\eaglespace_bientot.html
      [2009/04/28 01:28:08 | 01,912,320 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\voiture selection.doc
      [2009/04/28 01:25:36 | 01,912,320 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\1996 MITSUBISHI SHOGUN 2.doc
      [2009/04/27 14:46:46 | 00,020,593 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\LanguesDiag.ini
      [2009/04/25 23:34:58 | 00,000,231 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\ConfigDiag.ini
      [2009/04/22 09:23:28 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
      [2009/04/15 21:24:40 | 00,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
      [2009/04/15 21:24:38 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
      [2009/04/15 21:24:38 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
      [2009/04/15 21:24:38 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
      [2009/04/15 21:24:38 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
      [2009/04/15 21:24:38 | 00,684,032 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
      [2009/04/14 13:31:30 | 00,483,840 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA.doc
      [2009/04/13 02:27:16 | 00,489,472 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA 4.doc
      [2009/04/06 22:54:20 | 12,150,42899 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\ADBEFLPRCS4_LS4.7z
      [2009/04/06 22:06:14 | 05,409,924 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\3588.zip
      [2009/04/06 20:56:56 | 04,116,848 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\Hugues Miere\My Documents\setupvoipdiscount.exe
      [2009/04/05 00:01:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
      [2009/04/05 00:01:42 | 00,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
      [2009/04/05 00:01:04 | 07,618,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\Hugues Miere\My Documents\Firefox Setup 3.0.8.exe
      [2009/03/31 05:25:38 | 00,008,102 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\3529.html
      [2009/03/29 17:08:12 | 00,489,652 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota.rar
      [2009/03/28 14:20:10 | 00,570,368 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\Echantillon Church's.doc
      [2009/03/23 01:33:30 | 00,000,397 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\WampServer.lnk
      [2009/03/21 13:24:50 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\JEEP GRAND CHEROKEE 2002 147000 Miles.doc
      [2009/03/20 01:01:04 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\53-1213M.doc
      [2009/03/18 12:22:24 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\0870.doc
      [2009/03/12 17:49:46 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\lettre de Benoit 16.doc
      [2009/03/04 23:55:54 | 00,000,028 | ---- | M] () -- C:\WINDOWS\bibpdfsuite.ini
      [2009/02/23 00:44:24 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
      [2009/02/23 00:42:02 | 00,404,410 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
      [2009/02/23 00:42:02 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2009/02/23 00:42:02 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2009/02/21 12:02:42 | 00,549,888 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\2001 51 Reg MITSUBISHI Shogun Sport 2 ORIG..doc
      [2009/02/21 11:59:32 | 00,514,560 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\MITSUBISHI Shogun Sport 2.doc
      [2009/02/21 10:41:52 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\LAREDO 2.doc
      [2009/02/18 00:20:50 | 00,072,679 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\billet.pdf
      [2009/02/17 12:59:08 | 01,234,432 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\Sans titre-1.psd
      [2009/02/14 00:55:18 | 00,133,632 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota pickup.doc
      < End of report >
      0
  3. V-X
     
    Salut,

    Télécharge OTViewIt (de OldTimer) sur ton Bureau.

    /!\ Désactive ton Antivirus,antispyware,pare-feu /!\

    Double clique sur le raccourci présent sur le Bureau)

    ]Coche la case "Scan All User"

    Sous "File Age" en haut, clique sur le menu déroulant et sélectionne "90 days".

    Clique sur "Run Scan"

    /!\ Laisse Travailler l'outil /!\

    2 rapports s'afficheront sur ton bureau OTViewIt ainsi que Extra.TxT.

    Poste le rapport OTViewIt
    0
  4. lion.d
     
    Salut V-X et merci pour te reponse. J'ai telecharger OTViewIt mais impossible de l'installer; l'installation est bloquer (sasn doute par le virus).
    que dois-je faire maintenant
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lion.d
     
    heu!!! desoler pour les erreurs de frappe et pour le manque d'acces (j'ai un clavier coerty)...
    0
  7. V-X
     
    Re,

    Inscrit toi sur le forum , ensuite tu me MP , pour la suite car je pense que je devrait te passer une manip et le lien ne passe pas sur le forum ;).

    merci

    Essai ce log :Renomme le au téléchargement au besoin:

    télécharge ZHPDiag :ZHP DIAG

    ▶ Une fois le téléchargement achevé, dézippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

    ▶ Double-clique sur l'icône pour lancer le programme.

    ▶ Si tu es d'accord avec les termes du disclaimer, clique sur Continue.

    ▶ Vérifie que le bouton devant Last Files Created est coché.

    ▶ A la fin du scan, enregistre le rapport en cliquant sur Sauve.

    ▶ Ouvre le fichier sauvegardé avec le Bloc-Notes et copie son contenu dans ta réponse.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      re
      ca y es je msuis inscrit sur le forum.
      J'ai essayer d'installer ZHP Diag mais il et bloquer comme les autres. impossible de le lancer...
      ca devient dure, je ne peux meme plus ouvrir le gestionnaire de tache ni meme une console....
      0
  8. V-X
     
    Re,

    Je t'ai MP et donner une procédure a faire.

    Poste moi le rapport .
    0
    1. lion.d Messages postés 22 Statut Membre
       
      re
      merci pour ton aide.
      j'ai essayer en suivant tes instruction mais rien ni fait; ce logiciel non plus ne se lance pas.
      ca devient dure car je ne peut meme plus lancer le gestionnaire de tache ni meme une console....
      0
  9. V-X
     
    Re,

    Télécharge Rooter de l'équipe IDN

    Sur ton bureau

    /!\ Déconnecte toi d'internet et ferme toutes applications en cours /!\

    ▶ Exécute Rooter et laisse travailler l'outil .

    ▶ Une fois terminé, poste le rapport obtenu pour analyse

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      re,
      meme resultat impossible de lancer quelconque programme...
      0
  10. V-X
     
    Re,

    As tu accès au mode sans échec ?

    Si oui , as tu télécharger "Combofix "?

    Si toujours oui , fait combofix en mode sans échec.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      je ne sais pas si j'ai acces au mode sans echec. j'ai telecharger combofix. J'essai ca tout de suite
      0
    2. lion.d Messages postés 22 Statut Membre
       
      voila:

      ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 0:49.2 - [color=red][b]FAT32[/b][/color]x86 NETWORK
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.748 [GMT 1:00]
      Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      ---- Previous Run -------
      .
      c:\recycled\Recycled
      c:\windows\hosts
      c:\windows\opuwulaq.dll
      c:\windows\system32\404Fix.exe
      c:\windows\system32\Agent.OMZ.Fix.exe
      c:\windows\system32\dumphive.exe
      c:\windows\system32\IEDFix.C.exe
      c:\windows\system32\IEDFix.exe
      c:\windows\system32\l_intlc.exe
      c:\windows\system32\o4Patch.exe
      c:\windows\system32\ovfsthlfoobyfwbxwpuvqxyhitnqlltsrqxaqx.dat
      c:\windows\system32\ovfsthqckjfmpgiyaaexcmsdaqctwtspnypjrk.dat
      c:\windows\system32\Process.exe
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\VACFix.exe
      c:\windows\system32\VCCLSID.exe
      c:\windows\system32\WS2Fix.exe
      c:\windows\system32\xbox.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_ROXMEDIADBSPOOLER
      -------\Service_RoxMediaDBSpooler


      ((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
      .

      2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
      2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
      2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
      2009-05-12 03:37 . 2009-05-12 03:37 -------- d-----w c:\documents and settings\All Users\Application Data\10955314
      2009-05-12 03:37 . 2009-05-12 03:37 -------- d-----w c:\documents and settings\All Users\Application Data\60975309
      2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
      2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
      2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
      2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
      2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
      2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
      2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
      2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
      2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
      2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
      2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
      "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
      "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
      "10955314"="c:\documents and settings\All Users\Application Data\10955314\10955314.exe" [2009-05-12 356901]
      "60975309"="c:\documents and settings\All Users\Application Data\60975309\60975309.exe" [2009-05-12 13861]
      "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
      "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
      "wave"= serwvdrv.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
      "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
      "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
      "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
      "c:\\Program Files\\Shareaza\\Shareaza.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
      "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

      R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
      S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
      S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
      S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
      S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]
      .
      Contents of the 'Scheduled Tasks' folder

      2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
      - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

      2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
      - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

      2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-RavAV - c:\documents and settings\Hugues Miere\Start Menu\Programs\Startup\RavMonE.exe
      HKLM-Run-Userinit - c:\windows\system32\cologsver.exe
      HKLM-Run-Hsekihumevixi - c:\windows\Kmasirumecahal.dll
      HKLM-Run-90965306 - c:\documents and settings\All Users\Application Data\90965306\90965306.exe
      HKLM-Run-NWEReboot - (no file)


      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://fr.yahoo.com/
      FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
      FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-13 00:50
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(452)
      c:\windows\system32\scg726.acm
      c:\windows\system32\alf2cd.acm
      c:\windows\system32\AC3ACM.acm

      - - - - - - - > 'winlogon.exe'(864)
      c:\windows\system32\scg726.acm
      c:\windows\system32\alf2cd.acm
      c:\windows\system32\AC3ACM.acm
      .
      Completion time: 2009-05-12 0:51
      ComboFix-quarantined-files.txt 2009-05-12 23:51

      Pre-Run: 8,292,827,136 bytes free
      Post-Run: 8,287,551,488 bytes free

      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

      166 --- E O F --- 2009-05-01 11:46
      0
  11. V-X
     
    Re,

    Fait le scan en mode sans échec.

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen COMPLET si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Tutoriel pour MalwareByte's

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      re,
      Le scan de MalwareByte's Anti-Malware est en cour...
      0
    2. lion.d Messages postés 22 Statut Membre
       
      Voici le rapport de MalwareByte's Anti-Malware

      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2118
      Windows 5.1.2600 Service Pack 2

      13/05/2009 01:46:40
      mbam-log-2009-05-13 (01-46-40).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
      Eléments examinés: 183258
      Temps écoulé: 16 minute(s), 56 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 2
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10955314 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60975309 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\10955314 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\60975309 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\10955314\10955314.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\10955314\10955314.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\10955314\pc10955314cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\10955314\pc10955314ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\60975309\60975309.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\60975309\10959531.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
      0
  12. V-X
     
    Re,

    Supprime la quarantaine de malwarebyte et retente en mode normal ZHPDiag cette fois-ci.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      ok; voici le rapport ZHPDiag:
      0
    2. lion.d Messages postés 22 Statut Membre
       
      il ya un souci; j'arrice ps a te send le rapport
      0
    3. lion.d Messages postés 22 Statut Membre
       
      Comme ca marchait pas Je te le send en 2 partie. Voici donc la 2eme partie du rapport:


      ---\\ Contenu des dossiers Fichiers Communs (O43)
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Microsoft Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\ODBC
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\MSSoap
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Roxio Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sonic Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Autodata Limited Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ahead
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Designer
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\AVSMedia
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\eLanguage
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Cosmi
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\SupportSoft
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Macromedia
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sony Shared
      O43 - CFD:Common File Directory - C:\Program Files\Common Files\DivX Shared

      ---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
      O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/05/2009 - 00:48:30
      O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->22/02/2009 - 23:42:02
      O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->22/02/2009 - 23:42:02
      O44 - LFC:Last File Created - C:\WINDOWS\System32\dpl100.dll -->15/04/2009 - 20:24:40
      O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->12/05/2009 - 23:33:40
      O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->22/04/2009 - 08:23:28
      O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->22/02/2009 - 23:42:02
      O44 - LFC:Last File Created - C:\WINDOWS\System32\2023729596.dat -->12/05/2009 - 13:56:22
      O44 - LFC:Last File Created - C:\WINDOWS\System32\DivX.dll -->15/04/2009 - 20:24:38
      O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx0c.dll -->15/04/2009 - 20:24:38
      O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx07.dll -->15/04/2009 - 20:24:38
      O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx11.dll -->15/04/2009 - 20:24:38
      O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx0a.dll -->15/04/2009 - 20:24:38
      O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009 - 14:32:54
      O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009 - 14:32:46

      ---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-20C463C1.pf -->05/05/2009 - 11:17:02
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->12/05/2009 - 23:12:34
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -->12/05/2009 - 00:57:14
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BCONT_NM.EXE-34F3734B.pf -->12/05/2009 - 13:41:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf -->12/05/2009 - 23:41:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DW20.EXE-143E02DB.pf -->12/05/2009 - 00:33:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44E79D54.pf -->06/05/2009 - 21:14:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PCARMDRV.EXE-35D01613.pf -->13/05/2009 - 00:14:20
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXWATCH.EXE-03B696DD.pf -->11/05/2009 - 09:30:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->13/05/2009 - 00:15:18
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AE849A8.pf -->06/05/2009 - 23:06:30
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPRTCMD.EXE-09E5018C.pf -->11/05/2009 - 23:12:14
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf -->11/05/2009 - 09:30:38
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-267C5814.pf -->06/05/2009 - 23:29:38
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf -->07/05/2009 - 00:07:50
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf -->13/05/2009 - 00:55:34
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->12/05/2009 - 04:09:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CPSHELPRUNNER.EXE-22868065.pf -->11/05/2009 - 23:11:24
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C078A36.pf -->09/05/2009 - 03:29:28
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-29B1E5C2.pf -->09/05/2009 - 03:29:34
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf -->09/05/2009 - 11:41:06
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -->09/05/2009 - 11:41:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISUSPM.EXE-1ED0B23B.pf -->13/05/2009 - 00:49:54
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGENT.EXE-10B4BAEA.pf -->13/05/2009 - 00:49:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXIO_CENTRAL.EXE-0E211AF2.pf -->10/05/2009 - 02:44:26
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9F.pf -->10/05/2009 - 02:45:16
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf -->10/05/2009 - 02:47:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXLIVESHARE.EXE-0FF4F6F1.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPRTSVC.EXE-14187B3C.pf -->11/05/2009 - 09:30:28
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TGSRVC.EXE-04A90F7A.pf -->11/05/2009 - 09:30:28
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSASS.EXE-20DB6D1B.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSMPENG.EXE-273B5E0F.pf -->13/05/2009 - 00:08:48
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASWUPDSV.EXE-040CB91E.pf -->11/05/2009 - 09:29:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHSERV.EXE-3B661600.pf -->11/05/2009 - 09:29:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADCDLICSVC.EXE-19FF9A09.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLSERVICE.EXE-244174EE.pf -->13/05/2009 - 00:14:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLANCFGG.EXE-11093D29.pf -->13/05/2009 - 00:14:50
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATER.EXE-29743DD2.pf -->12/05/2009 - 00:52:06
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf -->12/05/2009 - 00:52:18
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXINSTALLER.EXE-1B46195F.pf -->12/05/2009 - 00:56:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXCONNECTIONTESTER.EXE-1B95EB9F.pf -->12/05/2009 - 00:56:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXCOMPONENT.EXE-01874DCE.pf -->12/05/2009 - 00:56:18
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PXHPINST.EXE-19CAC65A.pf -->12/05/2009 - 00:56:56
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PXSETUP.EXE-082E93B7.pf -->12/05/2009 - 00:56:58
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-2B5FB89F.pf -->12/05/2009 - 00:57:00
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4733C239.pf -->12/05/2009 - 02:47:48
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf -->12/05/2009 - 11:22:30
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL[1].EXE-0BF59420.pf -->12/05/2009 - 03:38:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\60975309.EXE-11BF7F4C.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\10955314.EXE-05B9BF3B.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->12/05/2009 - 23:17:10
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHAVAST.EXE-12F63458.pf -->12/05/2009 - 21:47:02
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHSIMPL.EXE-14F851AB.pf -->12/05/2009 - 21:47:16
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf -->12/05/2009 - 03:54:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\20959532.EXE-02261029.pf -->12/05/2009 - 03:59:00
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\L_INTLC.EXE-33C69388.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHQUICK.EXE-2A0533AE.pf -->12/05/2009 - 21:46:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf -->11/05/2009 - 09:30:38
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXMEDIADB.EXE-2F72A026.pf -->12/05/2009 - 20:11:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->12/05/2009 - 22:30:38
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf -->12/05/2009 - 19:30:08
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHCHEST.EXE-0FED8209.pf -->12/05/2009 - 19:30:46
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf -->12/05/2009 - 23:13:06
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13CC3015.pf -->12/05/2009 - 19:40:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->12/05/2009 - 21:36:58
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSHTA.EXE-331DF029.pf -->12/05/2009 - 19:40:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->13/05/2009 - 00:49:54
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTSD.EXE-0A9BC67B.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-40CAABC9.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->13/05/2009 - 00:49:54
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf -->12/05/2009 - 20:11:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISSCH.EXE-3ACEF8DC.pf -->12/05/2009 - 20:11:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRGTODSC.EXE-17103D9D.pf -->12/05/2009 - 20:11:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSASCUI.EXE-08BEC8D8.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf -->12/05/2009 - 23:13:24
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-37BEE96E.pf -->12/05/2009 - 23:13:16
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -->12/05/2009 - 20:45:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-14BCBACA.pf -->12/05/2009 - 20:32:02
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSA9.EXE-27CD7DB8.pf -->12/05/2009 - 23:41:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-123ADFB7.pf -->12/05/2009 - 20:29:46
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-0DAB8FD3.pf -->12/05/2009 - 20:31:30
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-1CD252BC.pf -->12/05/2009 - 20:31:20
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-15AFC664.pf -->12/05/2009 - 22:36:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-0225C77B.pf -->12/05/2009 - 22:36:06
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-10FF9549.pf -->12/05/2009 - 20:36:54
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-2BF0CF56.pf -->12/05/2009 - 23:41:04
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-390594EF.pf -->12/05/2009 - 22:59:52
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-0587FE2D.pf -->12/05/2009 - 20:45:52
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-1D01CA32.pf -->13/05/2009 - 00:14:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-2273C599.pf -->12/05/2009 - 21:05:44
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf -->12/05/2009 - 21:11:42
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->11/05/2009 - 23:11:24
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf -->12/05/2009 - 21:13:00
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMITFRAUDFIX.EXE-0B483E4D.pf -->12/05/2009 - 22:35:58
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMIUPDATE.EXE-15DDCCE4.pf -->12/05/2009 - 21:24:54
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REBOOT.EXE-36952AC5.pf -->12/05/2009 - 21:25:00
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWSC.EXE-34DB98D9.pf -->12/05/2009 - 21:25:10
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMITFRAUDFIX.EXE-36B05EE3.pf -->12/05/2009 - 21:37:22
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-2E2DFEF0.pf -->12/05/2009 - 21:37:32
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-2C688686.pf -->12/05/2009 - 21:37:34
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->13/05/2009 - 00:08:58
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-2929D5F3.pf -->12/05/2009 - 21:37:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-38E7D39A.pf -->12/05/2009 - 21:37:50
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf -->12/05/2009 - 22:55:10
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C7B5C4A.pf -->12/05/2009 - 23:13:12
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OTVIEWIT.EXE-2B4B9242.pf -->13/05/2009 - 00:08:48
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->12/05/2009 - 23:17:10
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGRSMMSG.EXE-0034A7F7.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->12/05/2009 - 04:53:18
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHKNTFS.EXE-31921D64.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->12/05/2009 - 22:30:36
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1F9D1CA1.pf -->12/05/2009 - 00:32:12
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->13/05/2009 - 00:55:24
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->11/05/2009 - 14:09:42
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGFAT.EXE-03D95883.pf -->11/05/2009 - 14:09:42
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->12/05/2009 - 09:34:02
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -->13/05/2009 - 00:08:48
      O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf -->12/05/2009 - 21:34:50

      ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
      O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
      O46 - SEH:ShellExecuteHooks - Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll

      ---\\ Export de clé d'application autorisée (ECAA)(O47)
      O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      O47 - AAKE:Key Export - "C:\Program Files\VoipCheap\VoipCheap.exe"="C:\Program Files\VoipCheap\VoipCheap.exe:*:Enabled:VoipCheap"
      O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\agent\bin\bcont.exe"="C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe"
      O47 - AAKE:Key Export - "C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe"="C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe"
      O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe"="C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
      O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\bin\sprtcmd.exe"="C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe"
      O47 - AAKE:Key Export - "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
      O47 - AAKE:Key Export - "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
      O47 - AAKE:Key Export - "C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
      O47 - AAKE:Key Export - "C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
      O47 - AAKE:Key Export - "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
      O47 - AAKE:Key Export - "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
      O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

      ---\\ Déni du service (Local Security Authority) (LSA) (O48)
      O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
      O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

      ---\\ Contrôle du Safe Boot (CSB) (O49)
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
      O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

      ---\\ Image File Execution Options (IFEO) (O50)
      O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

      ---\\ Trojan Driver Search Data (TDSD) (O52)
      O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
      O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.I420"="msh263.drv"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"
      O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
      O52 - TDSD:HKLM\...\Drivers32\"wave"="serwvdrv.dll"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
      O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
      O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
      O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.scg726"="scg726.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.alf2cd"="alf2cd.acm"
      O52 - TDSD:HKLM\...\Drivers32\"msacm.ac3acm"="AC3ACM.acm"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.dvsd"="mcdvd_32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.xvid"="xvidvfw.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.mpg4"="mpg4c32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.mp42"="mpg4c32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.mp43"="mpg4c32.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
      O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="DivX.dll"

      ---\\ Microsoft Control Security Providers (MCSP) (O54)
      O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
      O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

      ---\\ Microsoft Windows Policies System (MWPS) (O55)
      O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
      O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
      O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
      O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
      O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
      O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

      ---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
      O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
      O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
      O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0
      O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
      O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
      O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0


      End of the scan:
      0
  13. lion.d Messages postés 22 Statut Membre
     
    Rapport de ZHPDiag v1.20.2 par Nicolas Coolman
    Enregistré le 13/05/2009 01:58:13
    Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
    MSIE: Internet Explorer v7.0.5730.11
    MFIE: Mozilla Firefox (3.0.10)

    ---\\ Processus lancés
    AGRSMMSG.exe
    SOUNDMAN.EXE
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\WINDOWS\system32\NeroCheck.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\Program Files\Belkin\F5D7051\WLService.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Windows Defender\MsMpEng.exe

    ---\\ Pages de démarrage d'Internet Explorer (R0)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

    ---\\ Pages de recherche d'Internet Explorer (R1)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    ---\\ Applications démarrées automatiquement par le registre (O4)
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data="67108863"
    O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data="323"
    O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
    O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

    ---\\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: Autodata Limited License Service (Autodata Limited License Service) - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - C:\Program Files\Belkin\F5D7051\WLService.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - C:\Program Files\TalkTalk\bin\sprtsvc.exe" /service /p TalkTalk
    O23 - Service: SymWMI Service (SymWSC) - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe" /p TalkTalk
    O23 - Service: Windows Defender (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe

    ---\\ Enumération des composants Active Desktop (O24)
    O24 - Desktop Component 0: My Current Home Page - file:About:Home

    ---\\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
    O40 - ASIC: Vector Graphics Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
    O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
    O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
    O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
    O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
    O40 - ASIC: Dynamic HTML Data Binding for Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
    O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
    O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
    O40 - ASIC: Advanced Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
    O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
    O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
    O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
    O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
    O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
    O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
    O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
    O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
    O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
    O40 - ASIC: Address Book 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
    O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
    O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
    O40 - ASIC: Task Scheduler - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
    O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
    O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
    O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
    O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
    O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: Microsoft Kernel Acoustic Echo Canceller (aec) - C:\WINDOWS\system32\drivers\aec.sys
    O41 - Driver: Agere Systems Soft Modem (AgereSoftModem) - C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    O41 - Driver: SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) (alcan5wn) - C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
    O41 - Driver: SpeedTouch ADSL Modem ATM Transport (alcaudsl) - C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
    O41 - Driver: Service for WDM 3D Audio Driver (ALCXSENS) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    O41 - Driver: AMD K7 Processor Driver (AmdK7) - C:\WINDOWS\system32\DRIVERS\amdk7.sys
    O41 - Driver: RAS Asynchronous Media Driver (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    O41 - Driver: ATM ARP Client Protocol (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    O41 - Driver: Audio Stub Driver (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
    O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
    O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
    O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
    O41 - Driver: DMSKSSRh (DMSKSSRh) - C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys
    O41 - Driver: Microsoft Kernel DLS Syntheiszer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
    O41 - Driver: driverhardwarev2 (driverhardwarev2) - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    O41 - Driver: Microsoft Kernel DRM Audio Descrambler (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
    O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    O41 - Driver: Generic Packet Classifier (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
    O41 - Driver: GTNDIS5 NDIS Protocol Driver (GTNDIS5) - C:\WINDOWS\system32\GTNDIS5.SYS
    O41 - Driver: i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    O41 - Driver: IPv6 Windows Firewall Driver (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
    O41 - Driver: IPSEC driver (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
    O41 - Driver: IR Enumerator Service (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
    O41 - Driver: Microsoft Kernel Wave Audio Mixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
    O41 - Driver: Unimodem Streaming Filter Device (MODEMCSA) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
    O41 - Driver: WebDav Client Redirector (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
    O41 - Driver: Microsoft Streaming Clock Proxy (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    O41 - Driver: Microsoft Streaming Quality Manager Proxy (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
    O41 - Driver: Microsoft System Management BIOS Driver (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    O41 - Driver: Remote Access NDIS TAPI Driver (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    O41 - Driver: NDIS Usermode I/O Protocol (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    O41 - Driver: Remote Access NDIS WAN Driver (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
    O41 - Driver: NetBT (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
    O41 - Driver: D-Link DWA-111 Wireless G USB Adapter Driver (netr73) - C:\WINDOWS\system32\DRIVERS\netr73.sys
    O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    O41 - Driver: WAN Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
    O41 - Driver: QoS Packet Scheduler (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
    O41 - Driver: Direct Parallel Link Driver (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
    O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
    O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
    O41 - Driver: WAN Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    O41 - Driver: Remote Access PPPOE Driver (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    O41 - Driver: Direct Parallel (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
    O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
    O41 - Driver: Digital CD Audio Playback Filter Driver (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
    O41 - Driver: Sony Ericsson Device 046 Driver driver (WDM) (SE2Ebus) - C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
    O41 - Driver: Sony Ericsson Device 046 USB WMC Modem Filter (SE2Emdfl) - C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
    O41 - Driver: Sony Ericsson Device 046 USB WMC Modem Driver (SE2Emdm) - C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
    O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
    O41 - Driver: Serenum Filter Driver (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
    O41 - Driver: (no object) (SiS315) - C:\WINDOWS\system32\DRIVERS\sisgrp.sys
    O41 - Driver: SiS AGP Filter (SISAGP) - C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
    O41 - Driver: (no object) (SiSide) - C:\WINDOWS\system32\DRIVERS\siside.sys
    O41 - Driver: sisidex (sisidex) - C:\WINDOWS\system32\drivers\sisidex.sys
    O41 - Driver: (no object) (SiSkp) - C:\WINDOWS\system32\DRIVERS\srvkp.sys
    O41 - Driver: SiS PCI Fast Ethernet Adapter Driver (SISNIC) - C:\WINDOWS\system32\DRIVERS\sisnic.sys
    O41 - Driver: Add Performance Filter Driver (sisperf) - C:\WINDOWS\system32\drivers\sisperf.sys
    O41 - Driver: Microsoft Kernel Audio Splitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
    O41 - Driver: System Restore Filter Driver (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
    O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
    O41 - Driver: Software Bus Driver (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
    O41 - Driver: Microsoft Kernel GS Wavetable Synthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
    O41 - Driver: Microsoft Kernel System Audio Device (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
    O41 - Driver: TCP/IP Protocol Driver (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
    O41 - Driver: Microcode Update Driver (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
    O41 - Driver: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
    O41 - Driver: USB2 Enabled Hub (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
    O41 - Driver: Microsoft USB Open Host Controller Miniport Driver (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
    O41 - Driver: USB Mass Storage Driver (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    O41 - Driver: Belkin High-Speed Mode Wireless G USB Network Adapter Driver (USB_RNDIS) - C:\WINDOWS\system32\DRIVERS\usb8023.sys
    O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
    O41 - Driver: Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
    O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: AVS Audio Tools version 4.4
    O42 - Logiciel: AVS DVD Player version 2.4
    O42 - Logiciel: Adobe Flash Player 10 ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin
    O42 - Logiciel: Adobe Flash Player 9 ActiveX
    O42 - Logiciel: Adobe Reader 6.0
    O42 - Logiciel: Agere Systems PCI Soft Modem
    O42 - Logiciel: Apple Software Update
    O42 - Logiciel: Archiveur WinRAR
    O42 - Logiciel: Avanquest update
    O42 - Logiciel: Belkin High-Speed Mode Wireless G USB Network Adapter
    O42 - Logiciel: Bible Suite PDF Texts
    O42 - Logiciel: Bible Suite- Disk 1
    O42 - Logiciel: Concise Oxford English Dictionary (Eleventh Edition)
    O42 - Logiciel: DivX Codec
    O42 - Logiciel: DivX Converter
    O42 - Logiciel: DivX Player
    O42 - Logiciel: DivX Plus DirectShow Filters
    O42 - Logiciel: DivX Web Player
    O42 - Logiciel: Driver Updater Pro
    O42 - Logiciel: Driving Test Complete
    O42 - Logiciel: English Grammar in Use
    O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
    O42 - Logiciel: Hotfix for Windows Media Player 11 (KB939683)
    O42 - Logiciel: Hotfix for Windows XP (KB914440)
    O42 - Logiciel: Hotfix for Windows XP (KB915865)
    O42 - Logiciel: Hotfix for Windows XP (KB926239)
    O42 - Logiciel: Le Message et la Sainte Bible
    O42 - Logiciel: Le Monde diplomatique (remove only)
    O42 - Logiciel: Learn to Speak English Deluxe 9.5
    O42 - Logiciel: Letts Practise Maths Stage 1
    O42 - Logiciel: LiveUpdate 1.90 (Symantec Corporation)
    O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
    O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
    O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
    O42 - Logiciel: Ma-Config.com
    O42 - Logiciel: Macromedia Dreamweaver 8
    O42 - Logiciel: Macromedia Extension Manager
    O42 - Logiciel: Malwarebytes' Anti-Malware
    O42 - Logiciel: Microsoft .NET Framework 2.0
    O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
    O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
    O42 - Logiciel: Microsoft National Language Support Downlevel APIs
    O42 - Logiciel: Microsoft Office 2000 Professional
    O42 - Logiciel: Microsoft Office Excel MUI (English) 2007
    O42 - Logiciel: Microsoft Office Shared MUI (English) 2007
    O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2007
    O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
    O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    O42 - Logiciel: Mozilla Firefox (3.0.10)
    O42 - Logiciel: Music Coach Player
    O42 - Logiciel: My First Dictionary 2.0
    O42 - Logiciel: NTI Backup NOW! 3
    O42 - Logiciel: NTI CD & DVD-Maker Gold
    O42 - Logiciel: Nero Suite
    O42 - Logiciel: NetZero Internet and Voice Offer
    O42 - Logiciel: Norton WMI Update
    O42 - Logiciel: Oxford First Encyclopedia
    O42 - Logiciel: Photoshop CS2
    O42 - Logiciel: QuickTime
    O42 - Logiciel: Realtek AC'97 Audio
    O42 - Logiciel: Roxio Easy Media Creator 8 Essentials
    O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB929969)
    O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB933566)
    O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB938127)
    O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB942615)
    O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB944533)
    O42 - Logiciel: Security Update for Windows Media Player (KB911564)
    O42 - Logiciel: Security Update for Windows Media Player 11 (KB936782)
    O42 - Logiciel: Security Update for Windows Media Player 6.4 (KB925398)
    O42 - Logiciel: Security Update for Windows XP (KB890046)
    O42 - Logiciel: Security Update for Windows XP (KB893756)
    O42 - Logiciel: Security Update for Windows XP (KB896358)
    O42 - Logiciel: Security Update for Windows XP (KB896423)
    O42 - Logiciel: Security Update for Windows XP (KB896428)
    O42 - Logiciel: Security Update for Windows XP (KB899587)
    O42 - Logiciel: Security Update for Windows XP (KB899591)
    O42 - Logiciel: Security Update for Windows XP (KB900725)
    O42 - Logiciel: Security Update for Windows XP (KB901017)
    O42 - Logiciel: Security Update for Windows XP (KB901190)
    O42 - Logiciel: Security Update for Windows XP (KB901214)
    O42 - Logiciel: Security Update for Windows XP (KB902400)
    O42 - Logiciel: Security Update for Windows XP (KB904706)
    O42 - Logiciel: Security Update for Windows XP (KB905414)
    O42 - Logiciel: Security Update for Windows XP (KB905749)
    O42 - Logiciel: Security Update for Windows XP (KB908519)
    O42 - Logiciel: Security Update for Windows XP (KB911562)
    O42 - Logiciel: Security Update for Windows XP (KB911927)
    O42 - Logiciel: Security Update for Windows XP (KB913580)
    O42 - Logiciel: Security Update for Windows XP (KB914388)
    O42 - Logiciel: Security Update for Windows XP (KB914389)
    O42 - Logiciel: Security Update for Windows XP (KB917953)
    O42 - Logiciel: Security Update for Windows XP (KB918118)
    O42 - Logiciel: Security Update for Windows XP (KB918439)
    O42 - Logiciel: Security Update for Windows XP (KB919007)
    O42 - Logiciel: Security Update for Windows XP (KB920213)
    O42 - Logiciel: Security Update for Windows XP (KB920670)
    O42 - Logiciel: Security Update for Windows XP (KB920683)
    O42 - Logiciel: Security Update for Windows XP (KB920685)
    O42 - Logiciel: Security Update for Windows XP (KB921503)
    O42 - Logiciel: Security Update for Windows XP (KB922819)
    O42 - Logiciel: Security Update for Windows XP (KB923191)
    O42 - Logiciel: Security Update for Windows XP (KB923414)
    O42 - Logiciel: Security Update for Windows XP (KB923980)
    O42 - Logiciel: Security Update for Windows XP (KB924191)
    O42 - Logiciel: Security Update for Windows XP (KB924270)
    O42 - Logiciel: Security Update for Windows XP (KB924667)
    O42 - Logiciel: Security Update for Windows XP (KB925902)
    O42 - Logiciel: Security Update for Windows XP (KB926255)
    O42 - Logiciel: Security Update for Windows XP (KB926436)
    O42 - Logiciel: Security Update for Windows XP (KB927779)
    O42 - Logiciel: Security Update for Windows XP (KB927802)
    O42 - Logiciel: Security Update for Windows XP (KB928255)
    O42 - Logiciel: Security Update for Windows XP (KB928843)
    O42 - Logiciel: Security Update for Windows XP (KB929123)
    O42 - Logiciel: Security Update for Windows XP (KB930178)
    O42 - Logiciel: Security Update for Windows XP (KB931261)
    O42 - Logiciel: Security Update for Windows XP (KB931784)
    O42 - Logiciel: Security Update for Windows XP (KB932168)
    O42 - Logiciel: Security Update for Windows XP (KB933729)
    O42 - Logiciel: Security Update for Windows XP (KB935839)
    O42 - Logiciel: Security Update for Windows XP (KB935840)
    O42 - Logiciel: Security Update for Windows XP (KB936021)
    O42 - Logiciel: Security Update for Windows XP (KB938829)
    O42 - Logiciel: Security Update for Windows XP (KB941202)
    O42 - Logiciel: Security Update for Windows XP (KB941568)
    O42 - Logiciel: Security Update for Windows XP (KB941569)
    O42 - Logiciel: Security Update for Windows XP (KB941644)
    O42 - Logiciel: Security Update for Windows XP (KB943055)
    O42 - Logiciel: Security Update for Windows XP (KB943460)
    O42 - Logiciel: Security Update for Windows XP (KB943485)
    O42 - Logiciel: Security Update for Windows XP (KB944653)
    O42 - Logiciel: Security Update for Windows XP (KB946026)
    O42 - Logiciel: Shareaza 2.4.0.0
    O42 - Logiciel: SiS 900 PCI Fast Ethernet Adapter Driver
    O42 - Logiciel: Sony Ericsson Media Manager 1.2
    O42 - Logiciel: Sony Ericsson PC Suite 4.010.00
    O42 - Logiciel: SpeedTouch USB Software
    O42 - Logiciel: TalkTalk Assist & Go
    O42 - Logiciel: Teaching-you Guitar Skills
    O42 - Logiciel: The Human body
    O42 - Logiciel: The Junior Visual
    O42 - Logiciel: Update for Windows XP (KB894391)
    O42 - Logiciel: Update for Windows XP (KB898461)
    O42 - Logiciel: Update for Windows XP (KB900485)
    O42 - Logiciel: Update for Windows XP (KB904942)
    O42 - Logiciel: Update for Windows XP (KB908531)
    O42 - Logiciel: Update for Windows XP (KB910437)
    O42 - Logiciel: Update for Windows XP (KB911280)
    O42 - Logiciel: Update for Windows XP (KB916595)
    O42 - Logiciel: Update for Windows XP (KB920872)
    O42 - Logiciel: Update for Windows XP (KB922582)
    O42 - Logiciel: Update for Windows XP (KB927891)
    O42 - Logiciel: Update for Windows XP (KB930916)
    O42 - Logiciel: Update for Windows XP (KB931836)
    O42 - Logiciel: Update for Windows XP (KB938828)
    O42 - Logiciel: Update for Windows XP (KB942763)
    O42 - Logiciel: VC80CRTRedist - 8.0.50727.762
    O42 - Logiciel: VLC media player 0.9.9
    O42 - Logiciel: VoipCheap
    O42 - Logiciel: VoipDiscount
    O42 - Logiciel: WampServer 2.0
    O42 - Logiciel: Windows Defender
    O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
    O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
    O42 - Logiciel: Windows Installer 3.1 (KB893803)
    O42 - Logiciel: Windows Internet Explorer 7
    O42 - Logiciel: Windows Media Format 11 runtime
    O42 - Logiciel: Windows Media Player 11
    O42 - Logiciel: Windows XP Hotfix - KB873339
    O42 - Logiciel: Windows XP Hotfix - KB885835
    O42 - Logiciel: Windows XP Hotfix - KB885836
    O42 - Logiciel: Windows XP Hotfix - KB886185
    O42 - Logiciel: Windows XP Hotfix - KB887472
    O42 - Logiciel: Windows XP Hotfix - KB888302
    O42 - Logiciel: Windows XP Hotfix - KB890859
    O42 - Logiciel: Windows XP Hotfix - KB891781
    0
  14. V-X
     
    Re,

    Comment va le pc , maintenant ?

    As tu réussi en mode normal combofix ?
    0
    1. lion.d Messages postés 22 Statut Membre
       
      re,
      Le pc va mieux mnt, tout semble a nouveau marcher. Grand merci
      J'ai reussi a faire marcher combofix en mode normal. je sais pas si ta besoin que je post le rapport?
      0
  15. V-X
     
    Re,

    Si poste moi le rapport et ensuite tu fait sa dans l'ordre:

    ▶ Télécharge hijackthis

    ▶ Enregistre la cible sous .... "le bureau"

    ▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    ▶ Clique sur Install ensuite sur "I Accept"

    ▶ Clique sur" Do a scan system and save log file"

    ▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    ▶ Tuto hijackthis(Merci à Balltrap34)

    ▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur ' continue ' à l'écran Disclaimer.

    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      ok voici d'abord le rapport combofix

      ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 2:21.3 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.681 [GMT 1:00]
      Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
      .

      ((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
      .

      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\Malwarebytes
      2009-05-13 00:17 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-05-13 00:17 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
      2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
      2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
      2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
      2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
      2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
      2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
      2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
      2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
      2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
      2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
      2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
      2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
      2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
      "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
      "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
      "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
      "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
      "wave"= serwvdrv.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
      "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
      "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
      "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
      "c:\\Program Files\\Shareaza\\Shareaza.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
      "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

      R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
      R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
      R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
      S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
      S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]

      --- Other Services/Drivers In Memory ---

      *NewlyCreated* - GTNDIS5
      .
      Contents of the 'Scheduled Tasks' folder

      2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
      - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

      2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
      - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

      2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://fr.yahoo.com/
      FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
      FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-13 02:23
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(1156)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      c:\windows\system32\browselc.dll
      c:\program files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      .
      Completion time: 2009-05-13 2:24
      ComboFix-quarantined-files.txt 2009-05-13 01:24
      ComboFix2.txt 2009-05-12 23:51

      Pre-Run: 7,227,998,208 bytes free
      Post-Run: 7,234,650,112 bytes free

      124 --- E O F --- 2009-05-01 11:46
      0
    2. lion.d Messages postés 22 Statut Membre
       
      voici le rapport HijackThis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 02:32:56, on 13/05/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Belkin\F5D7051\WLService.exe
      C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      C:\Program Files\TalkTalk\bin\sprtsvc.exe
      C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\TalkTalk\bin\sprtcmd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
      O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
      O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
      O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
      0
    3. lion.d Messages postés 22 Statut Membre
       
      Voici les rapports pour RSIT:
      Preimer rapport "log"

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Hugues Miere at 2009-05-13 02:35:56
      Microsoft Windows XP Home Edition Service Pack 2
      System drive C: has 7 GB (18%) free of 38 GB
      Total RAM: 991 MB (66% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 02:35:57, on 13/05/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Belkin\F5D7051\WLService.exe
      C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      C:\Program Files\TalkTalk\bin\sprtsvc.exe
      C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\TalkTalk\bin\sprtcmd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Documents and Settings\Hugues Miere\Desktop\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Hugues Miere.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
      O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
      O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
      O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
      0
    4. lion.d Messages postés 22 Statut Membre
       
      rapport info resit:

      info.txt logfile of random's system information tool 1.06 2009-05-13 02:35:58

      ======Uninstall list======

      -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
      -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
      -->MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
      -->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
      -->MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
      -->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
      -->MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
      Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
      Agere Systems PCI Soft Modem-->agrsmdel
      Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
      Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
      Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly
      AVS Audio Tools version 4.4-->"C:\Program Files\AVSMedia\AudioTools\unins000.exe"
      AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
      Belkin High-Speed Mode Wireless G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D7051\setup.exe" -l0x9
      Bible Suite- Disk 1-->MsiExec.exe /I{B6F50EFF-0EA7-4A63-868D-2C02C1B9EABF}
      Bible Suite PDF Texts-->MsiExec.exe /I{6C405BCD-8941-4FE4-B4AC-9C2B55414E18}
      Concise Oxford English Dictionary (Eleventh Edition)-->C:\Program Files\COED11\Uninstal.exe
      DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
      DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      Driver Updater Pro-->"C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
      Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe
      Driving Test Complete-->"C:\WINDOWS\Driving Test Complete\uninstall.exe" "/U:C:\Program Files\Driving Test Complete\Uninstall\uninstall.xml"
      English Grammar in Use-->C:\CAMBRI~1\EGU\REMOVE.EXE C:\CAMBRI~1\EGU\Install.log
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
      Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
      Le Message et la Sainte Bible-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF11779E-3A03-11D8-9EAE-0020E0623A55}\setup.exe" -l0x40c -uninst
      Le Monde diplomatique (remove only)-->"C:\Program Files\LeMondediplomatique\uninstall.exe"
      Learn to Speak English Deluxe 9.5-->MsiExec.exe /I{7E9E798E-58CF-468E-B6DC-4EDEB857DB91}
      Letts Practise Maths Stage 1-->C:\LETTS\PRACTISE\MATHSKS1\UNWISE.EXE C:\LETTS\PRACTISE\MATHSKS1\INSTALL.LOG
      LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
      Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
      Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
      Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
      Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
      Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
      Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
      Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
      Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
      Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Music Coach Player-->MsiExec.exe /I{61C7F2BD-A9CE-464D-8B45-873FAED5B33B}
      My First Dictionary 2.0-->C:\WINDOWS\uninst.exe -r"DK Multimedia\My First Dictionary 2.0\2.00" -n"My First Dictionary 2.0" -fC:\PROGRA~1\DKMULT~1\MYFIRS~1.0\DeIsL2.isu -cC:\PROGRA~1\DKMULT~1\MYFIRS~1.0\uninst.dll
      Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
      NetZero Internet and Voice Offer-->MsiExec.exe /X{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}
      Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
      NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
      NTI CD & DVD-Maker Gold -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
      Oxford First Encyclopedia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1F60B9D-30CD-45F3-9797-7F7AB06F8820}
      Photoshop CS2 -->C:\Program Files\Adobe\Adobe Photoshop CS2\uninst.exe
      QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
      Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
      Roxio Easy Media Creator 8 Essentials-->MsiExec.exe /I{21EC1B12-888F-44D3-8C77-14FCF8CAE383}
      Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
      Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
      Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
      Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
      Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
      Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
      Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
      SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
      Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{5F1ECBFB-048E-406E-A7AB-A81F9E359961}
      Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x040c -removeonly
      SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
      TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
      Teaching-you Guitar Skills-->MsiExec.exe /I{424CB226-23FE-4429-A85F-C893D381897F}
      The Human body-->C:\WINDOWS\unvise32.exe C:\Program Files\QA International\The Human body\uninstal.log
      The Junior Visual-->C:\WINDOWS\unvise32.exe C:\Program Files\QA International\The Junior Visual\uninstal.log
      Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
      Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
      Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
      Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
      Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
      Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
      Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
      Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
      Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
      Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
      Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
      Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
      Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
      Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
      Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
      VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
      VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      VoipCheap-->"C:\Program Files\VoipCheap\unins000.exe"
      VoipDiscount-->"C:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe"
      WampServer 2.0-->"c:\wamp\unins000.exe"
      Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
      Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
      Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
      Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
      Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
      Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
      Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
      Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
      Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
      Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
      Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
      Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
      Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

      ======System event log======

      Computer Name: KIMBOULI
      Event Code: 7031
      Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

      Record Number: 78403
      Source Name: Service Control Manager
      Time Written: 20090513004234.000000+060
      Event Type: error
      User:

      Computer Name: KIMBOULI
      Event Code: 7031
      Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

      Record Number: 78401
      Source Name: Service Control Manager
      Time Written: 20090513004234.000000+060
      Event Type: error
      User:

      Computer Name: KIMBOULI
      Event Code: 7031
      Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

      Record Number: 78399
      Source Name: Service Control Manager
      Time Written: 20090513004233.000000+060
      Event Type: error
      User:

      Computer Name: KIMBOULI
      Event Code: 7031
      Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

      Record Number: 78397
      Source Name: Service Control Manager
      Time Written: 20090513004233.000000+060
      Event Type: error
      User:

      Computer Name: KIMBOULI
      Event Code: 7031
      Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

      Record Number: 78395
      Source Name: Service Control Manager
      Time Written: 20090513004232.000000+060
      Event Type: error
      User:

      =====Application event log=====

      Computer Name: KIMBOULI
      Event Code: 1524
      Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



      Record Number: 4733
      Source Name: Userenv
      Time Written: 20080826220733.000000+060
      Event Type: warning
      User: KIMBOULI\Hugues Miere

      Computer Name: KIMBOULI
      Event Code: 5000
      Message:
      Record Number: 4732
      Source Name: MPSampleSubmission
      Time Written: 20080826202152.000000+060
      Event Type: error
      User:

      Computer Name: KIMBOULI
      Event Code: 1517
      Message: Windows saved user KIMBOULI\Hugues Miere registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


      This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

      Record Number: 4717
      Source Name: Userenv
      Time Written: 20080824005405.000000+060
      Event Type: warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: KIMBOULI
      Event Code: 1524
      Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



      Record Number: 4716
      Source Name: Userenv
      Time Written: 20080824005404.000000+060
      Event Type: warning
      User: KIMBOULI\Hugues Miere

      Computer Name: KIMBOULI
      Event Code: 1517
      Message: Windows saved user KIMBOULI\Hugues Miere registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


      This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

      Record Number: 4699
      Source Name: Userenv
      Time Written: 20080822232955.000000+060
      Event Type: warning
      User: NT AUTHORITY\SYSTEM

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
      "windir"=%SystemRoot%
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
      "PROCESSOR_REVISION"=0a00
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
      "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
      "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

      -----------------EOF-----------------
      0
  16. V-X
     
    Re,

    ---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

    ---> Copie le texte en gras ci-dessous par sélection puis Ctrl+C :

    File::
    C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys


    ---> Colle la sélection dans le bloc-notes

    ---> Enregistre ce fichier sur le bureau (Impératif)

    ---> Nom du fichier : CFScript
    ---> Type du fichier : tous les fichiers
    ---> Clique sur Enregistrer
    ---> Quitte le bloc-notes

    ---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

    [*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

    [*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.

    [*] Une fois le scan achevé, un rapport va s'afficher : poste-le

    [*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
    0
    1. lion.d Messages postés 22 Statut Membre
       
      Ok
      voici le rapport:

      ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 3:04.4 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.660 [GMT 1:00]
      Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
      Command switches used :: c:\documents and settings\Hugues Miere\Desktop\CFScript.txt
      .

      ((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
      .

      2009-05-13 01:35 . 2009-05-13 01:35 -------- d-----w C:\rsit
      2009-05-13 01:32 . 2009-05-13 01:32 -------- d-----w c:\program files\Trend Micro
      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\Malwarebytes
      2009-05-13 00:17 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-05-13 00:17 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
      2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
      2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
      2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
      2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
      2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
      2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
      2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
      2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
      2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
      2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
      2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
      2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
      2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
      2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
      2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
      2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-05-12_23.50.22 )))))))))))))))))))))))))))))))))))))))))
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
      "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
      "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
      "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
      "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
      "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
      "wave"= serwvdrv.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
      "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
      "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
      "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
      "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
      "c:\\Program Files\\Shareaza\\Shareaza.exe"=
      "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
      "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
      "c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

      R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
      R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
      R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
      S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
      S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]

      --- Other Services/Drivers In Memory ---

      *NewlyCreated* - GTNDIS5
      .
      Contents of the 'Scheduled Tasks' folder

      2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
      - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

      2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
      - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

      2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://fr.yahoo.com/
      FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
      FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-13 03:05
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(2240)
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      Completion time: 2009-05-13 3:06
      ComboFix-quarantined-files.txt 2009-05-13 02:06
      ComboFix2.txt 2009-05-13 01:24
      ComboFix3.txt 2009-05-12 23:51

      Pre-Run: 7,147,978,752 bytes free
      Post-Run: 7,141,097,472 bytes free

      129 --- E O F --- 2009-05-01 11:46
      0
  17. V-X
     
    Re,

    Redémarre ton pc et refait un log avec RSIT.
    0
    1. lion.d Messages postés 22 Statut Membre
       
      ok! c'est fait. voici le log

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Hugues Miere at 2009-05-13 03:13:33
      Microsoft Windows XP Home Edition Service Pack 2
      System drive C: has 7 GB (18%) free of 38 GB
      Total RAM: 991 MB (68% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 03:13:36, on 13/05/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Belkin\F5D7051\WLService.exe
      C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      C:\Program Files\TalkTalk\bin\sprtsvc.exe
      C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\TalkTalk\bin\sprtcmd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
      C:\Documents and Settings\Hugues Miere\Desktop\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Hugues Miere.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
      O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
      O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
      O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
      O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
      O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
      O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
      O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
      0
  18. V-X
     
    Re,

    Afficher les fichiers et dossiers cachés sous Windows Xp

    ▶ Double clic sur Poste de Travail,

    ▶ Sur le menu du haut vous cliquez sur "Outils"

    ▶ Cliquer sur "Options des dossiers"

    ▶ Cliquez sur l'onglet "Affichage"

    ▶ Dans les options

    ▶ Sélectionnez " Afficher les dossiers et fichiers cachés"

    ▶ Cliquer ensuite sur "Appliquer"

    ▶ validez par "Ok"

    Redémarre ton pc en mode sans échec et ensuite:

    Cherche et suppprime le fichier ci-dessous dans =>C:\WINDOWS\system32\drivers

    C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys

    Ensuite refait un scna complet en mode normal de malwarebyte.

    merci
    0
  19. saroune85 Messages postés 1 Statut Membre
     
    Ca va faire bientot 5 jours que je suis prise avec ce virus et je ne sais pas comment l'enlever malgré que j'aies regardé toutes les réponses sur les forums est -ce que quelqun peut m'aider concrètement svp avec des termes faciles à comprendre.

    Merci
    0