Problème gestionnaire des tâches / Antivirus

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention -
Utilisateur anonyme - 15 juin 2009 à 14:38

Bonjour,

J'espère que vous allez bien.

Je rencontre de nombreux problèmes avec mon ordinateur depuis quelques temps.
Pour commencer, je n'ai plus accès à mon gestionnaire des taches( lorsque je fais ctrl+alt+supp il est écrit que le gestionnaire des tâches a été désactivé par votre administrateur).
Ensuite, il m'est
- impossible d'installer un nouvel antivirus (l'ancien me causait trop problème !)
- impossible de réaliser des scan en ligne sur tous les sites que j'ai essayé (pourtant, j'ai l'impression d'être OK du côté des activex, il y a peut-être quelque chose qui m'échappe)
- Impossible de lancer sypbot
- J'ai même eu droit à la page bleue apparaissant de façon ponctuelle faisant redémarrer mon ordi

J'ai essayé de lancer quelques logiciels :
- Malwarebytes (à chaque scan, j'ai l'impression que les mêmes fichiers douteux revenaient)
- Ad-aware

Voici ci-dessous un rapport hijackthis

Merci d'avance de votre aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:06, on 24/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\yixhdc.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\xlsvt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} (MessengerStatsClient Class) - http://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} (Minesweeper Flags Class) - http://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
O16 - DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} (Checkers Class) - http://messenger.zonenxt.msn-int.com/binary/Checkers.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\SymProxySvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Afficher la suite

A voir également:

Problème gestionnaire des tâches / Antivirus
Gestionnaire des taches windows 11 - Guide
Windows 11 barre des taches a gauche - Guide
Gestionnaire des taches - Guide
Barre des taches - Guide
Gestionnaire de périphérique - Guide

233 réponses

Réponse 161 / 233

Utilisateur anonyme

Copie le texte ci-dessous :

killall::
c:\apps\ActivBoard\nhksrv.exe
c:\apps\ActivBoard\nhksrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Virtual CD v4 SDK\System\vcssecs.exe
c:\windows\system32\rundll32.exe
c:\apps\ActivBoard\Traymon.exe
c:\apps\ActivBoard\osd.exe
c:\program files\Fichiers communs\Real\Update_OB\rnathchk.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe

Driver::
fwdrv
msikbd2k
vcsmpdrv
abp470n5
adiusbae
NAVENG
NAVEX15
BthServ
nv
Aspi32
adiusbae
ADILOADER
ASPI
CdaC15BA
NAVEX15
SYMIDSCO
knbwwgw
adiusbae
V90drv

File::
c:\docume~1\SOLO&K~1\LOCALS~1\temp\winglkuvf.exe
c:\docume~1\SOLO&K~1\LOCALS~1\temp\miph.exe
c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\solo & kad\Local Settings\temp\IadHide3.dll
c:\windows\system32\eslwkuq.dll
F:\trqfq.exe
E:\whwv.pif
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winufhan.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\rifhec.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winpdtwj.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winlcahjb.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winoarfr.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqcfxu.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\dbirs.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winkuhck.exe
c:\windows\system32\usbaaplrc.dll
c:\windows\system32\dllcache\kernel32.dll
c:\documents and settings\solo & kad\pp.exe
c:\windows\PEV.exe
c:\windows\SWREG.exe
c:\windows\sed.exe
c:\windows\system32\drivers\FWDRV.SYS
c:\windows\system32\drivers\Msikbd2k.sys
c:\windows\system32\drivers\vcsmpdrv.sys
c:\windows\system32\drivers\mfhnjq.sys
c:\windows\system32\drivers\adiusbae.sys
c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\naveng.sys
c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\NavEx15.Sys
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
C:\WINDOWS\system32\drivers\Aspi32.sys
c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
c:\documents and settings\solo & kad\Local Settings\temp\IadHide3.dll
c:\windows\system32\DRIVERS\adiusbae.sys
c:\windows\system32\drivers\v90drv.sys

Folder::
c:\program files\Vilma
c:\program files\ToniArts
C:\PROGRA~1\FICHIE~1\SYMANT~1
c:\program files\DesignPro 2000
c:\program files\BitComet
NetSvc::
knbwwgw

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28fefb21-1640-11dd-9bdd-0020ed5dc423}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb36465c-4860-11dd-9c42-0020ed5dc423}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\drwtsn32.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winqqky.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\brusi.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwxlq.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windjqpb.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\cghnb.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\ysmmqv.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\orbiy.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\hnsrfi.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winslve.exe"=-"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winkhtbhb.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windvbcf.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winfogqb.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\gxocw.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\wintjth.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winuylqpg.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\dwbjw.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winxcen.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\windwfv.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winukfheg.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\fpcox.exe"=-
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwehto.exe"=-
c:\\WINDOWS\\PEV.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
"UacDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

Réponse 162 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Ok on va tenter ça

Réponse 163 / 233

Utilisateur anonyme

Cédric tu penses pas qu'elle devrait desinstaller spybot ?

Réponse 164 / 233

Utilisateur anonyme

pourquoi tu dis ça ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 165 / 233

Utilisateur anonyme

ca se trouve il gene pour les executions....peut etre qu il faudrait dévacciner avec et le desinstaller ou...

Réponse 166 / 233

Utilisateur anonyme

vu les restrictions spytruc est hs .........

++

Réponse 167 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

ComboFix 09-06-05.03 - solo & kad 06/06/2009 1:10.23 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.255.46 [GMT 2:00]
Lancé depuis: c:\documents and settings\solo & kad\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\solo & kad\Bureau\CFScript.txt.txt

FILE ::
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\dbirs.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll"
"c:\docume~1\SOLO&K~1\LOCALS~1\temp\miph.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\rifhec.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\temp\winglkuvf.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winkuhck.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winlcahjb.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winoarfr.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winpdtwj.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winqcfxu.exe"
"c:\docume~1\SOLO&K~1\LOCALS~1\Temp\winufhan.exe"
"c:\documents and settings\solo & kad\Local Settings\temp\IadHide3.dll"
"c:\documents and settings\solo & kad\pp.exe"
"c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\naveng.sys"
"c:\progra~1\fichie~1\symant~1\virusd~1\20030626.018\NavEx15.Sys"
"c:\windows\PEV.exe"
"c:\windows\sed.exe"
"c:\windows\SWREG.exe"
"c:\windows\system32\dllcache\kernel32.dll"
"c:\windows\system32\drivers\adiusbae.sys"
"c:\windows\system32\drivers\Aspi32.sys"
"c:\windows\system32\drivers\FWDRV.SYS"
"c:\windows\system32\drivers\mfhnjq.sys"
"c:\windows\system32\drivers\Msikbd2k.sys"
"c:\windows\System32\DRIVERS\nv4_mini.sys"
"c:\windows\system32\drivers\v90drv.sys"
"c:\windows\system32\drivers\vcsmpdrv.sys"
"c:\windows\system32\eslwkuq.dll"
"c:\windows\system32\usbaaplrc.dll"
"E:\whwv.pif"
"F:\trqfq.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\solo & kad\pp.exe
c:\progra~1\FICHIE~1\SYMANT~1
c:\progra~1\FICHIE~1\SYMANT~1\ccWebWnd.dll
c:\progra~1\FICHIE~1\SYMANT~1\Default.rul
c:\progra~1\FICHIE~1\SYMANT~1\Firewall.rul
c:\progra~1\FICHIE~1\SYMANT~1\IDS\DefUtDcd.dll
c:\progra~1\FICHIE~1\SYMANT~1\IDS\IDSaux.dll
c:\progra~1\FICHIE~1\SYMANT~1\IDS\IdsInst.exe
c:\progra~1\FICHIE~1\SYMANT~1\IDS\Patch25.dll
c:\progra~1\FICHIE~1\SYMANT~1\IDS\SymIDSLU.dll
c:\progra~1\FICHIE~1\SYMANT~1\IDSDefs\IDSCoLU.exe
c:\progra~1\FICHIE~1\SYMANT~1\IDSDefs\IDSLU.exe
c:\progra~1\FICHIE~1\SYMANT~1\IraLsClt.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\Defaults.liveReg
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\iraDefA2.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\IraLrShl.exe
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\iraLSCl2.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\iraLSUI.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\IraVcLc2.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\IraVcObj.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\LR2CHLP.HLP
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\LrResEN.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\pftw1.pkg
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\VcCleanUp.exe
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\VcResEN.dll
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\VcSetup.exe
c:\progra~1\FICHIE~1\SYMANT~1\LiveReg\Watermrk.gif
c:\progra~1\FICHIE~1\SYMANT~1\NIMClick.wav
c:\progra~1\FICHIE~1\SYMANT~1\NIMOver.wav
c:\progra~1\FICHIE~1\SYMANT~1\NMAIN.EXE
c:\progra~1\FICHIE~1\SYMANT~1\Persist.Dat
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\sscnav.dll
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\sscnis56.dll
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\sscnis7.dll
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\SSCOpts.dat
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\SymSCWb.dll
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\SymWSC.exe
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\SymWSCNo.exe
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\UsrPrmpt.exe
c:\progra~1\FICHIE~1\SYMANT~1\Security Center\WSCHlpr.dll
c:\progra~1\FICHIE~1\SYMANT~1\SNDInst.exe
c:\progra~1\FICHIE~1\SYMANT~1\SNDSrvc.exe
c:\progra~1\FICHIE~1\SYMANT~1\SNDunin.dll
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\CIDS.GRD
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\CIDS.SIG
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\CIDS.SPM
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\Snd.grd
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\Snd.sig
c:\progra~1\FICHIE~1\SYMANT~1\SPManifests\Snd.spm
c:\progra~1\FICHIE~1\SYMANT~1\Validate.dat
c:\progra~1\FICHIE~1\SYMANT~1\VirusDefs\MyAuth.dat
c:\program files\BitComet
c:\program files\BitComet\[u]0/u.70BitComet.zip
c:\program files\BitComet\BitComet.exe
c:\program files\BitComet\BitComet.url
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\ChangeLog.txt
c:\program files\BitComet\codec\CodecCheck.exe
c:\program files\BitComet\codec\RealMediaSplitter.ax
c:\program files\BitComet\CrashReport.exe
c:\program files\BitComet\dbghelp.dll
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads\[S-F]_One_Piece_Saison_6\One Piece 185.avi
c:\program files\BitComet\Downloads\Gossip girl S02E17 Xvid VOSTFR -- Antoine 4011 --.avi
c:\program files\BitComet\Downloads\Gossip.Girl.S02E18.XviD VOSTFR --Antoine 4011--.avi
c:\program files\BitComet\Downloads\Gossip.Girl.S02E19.XviD VOSTFR --Antoine 4011--.avi
c:\program files\BitComet\Downloads\GossipGirl.S02E20. XviD VOSTFR --Antoine 4011--.avi
c:\program files\BitComet\ERRORLOG.TXT
c:\program files\BitComet\fav\ad\previewdlg_en_us.htm
c:\program files\BitComet\fav\ad\previewdlg_zh_cn.htm
c:\program files\BitComet\fav\ad\previewwnd_en_us.htm
c:\program files\BitComet\fav\ad\previewwnd_zh_cn.htm
c:\program files\BitComet\fav\ad\pv_dlg.swf
c:\program files\BitComet\fav\ad\pv_wnd.swf
c:\program files\BitComet\fav\fav_bg_bg.xml
c:\program files\BitComet\fav\fav_ca_es.xml
c:\program files\BitComet\fav\fav_de_de.xml
c:\program files\BitComet\fav\fav_el_gr.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_es_es.xml
c:\program files\BitComet\fav\fav_fi_fi.xml
c:\program files\BitComet\fav\fav_he_il.xml
c:\program files\BitComet\fav\fav_hu_hu.xml
c:\program files\BitComet\fav\fav_it_it.xml
c:\program files\BitComet\fav\fav_jp_jp.xml
c:\program files\BitComet\fav\fav_ko_kr.xml
c:\program files\BitComet\fav\fav_lv_lv.xml
c:\program files\BitComet\fav\fav_nl_nl.xml
c:\program files\BitComet\fav\fav_pl_pl.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_pt_pt.xml
c:\program files\BitComet\fav\fav_ru_ru.xml
c:\program files\BitComet\fav\fav_sl_si.xml
c:\program files\BitComet\fav\fav_th_th.xml
c:\program files\BitComet\fav\fav_uk_ua.xml
c:\program files\BitComet\fav\fav_va_es.xml
c:\program files\BitComet\fav\fav_vi_vn.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\introduce_zh_cn.mht
c:\program files\BitComet\fav\search_el_gr.mht
c:\program files\BitComet\fav\search_en_us.mht
c:\program files\BitComet\fav\search_uk_ua.mht
c:\program files\BitComet\fav\search_zh_cn.mht
c:\program files\BitComet\Favourite.xml
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\lang\lang_ar_ae.xml
c:\program files\BitComet\lang\lang_ba_ba.xml
c:\program files\BitComet\lang\lang_ba_eu.xml
c:\program files\BitComet\lang\lang_bg_bg.xml
c:\program files\BitComet\lang\lang_ca_es.xml
c:\program files\BitComet\lang\lang_cz_cz.xml
c:\program files\BitComet\lang\lang_da_dk.xml
c:\program files\BitComet\lang\lang_de_de.xml
c:\program files\BitComet\lang\lang_el_gr.xml
c:\program files\BitComet\lang\lang_en_us.xml
c:\program files\BitComet\lang\lang_es_ar.xml
c:\program files\BitComet\lang\lang_es_es.xml
c:\program files\BitComet\lang\lang_et_ee.xml
c:\program files\BitComet\lang\lang_fi_fi.xml
c:\program files\BitComet\lang\lang_fr_fr.xml
c:\program files\BitComet\lang\lang_gl_es.xml
c:\program files\BitComet\lang\lang_he_il.xml
c:\program files\BitComet\lang\lang_hr_hr.xml
c:\program files\BitComet\lang\lang_hu_hu.xml
c:\program files\BitComet\lang\lang_it_it.xml
c:\program files\BitComet\lang\lang_jp_jp.xml
c:\program files\BitComet\lang\lang_ko_kr.xml
c:\program files\BitComet\lang\lang_lt_lt.xml
c:\program files\BitComet\lang\lang_lv_lv.xml
c:\program files\BitComet\lang\lang_nb_no.xml
c:\program files\BitComet\lang\lang_nl_nl.xml
c:\program files\BitComet\lang\lang_pl_pl.xml
c:\program files\BitComet\lang\lang_pt_br.xml
c:\program files\BitComet\lang\lang_pt_pt.xml
c:\program files\BitComet\lang\lang_ro_ro.xml
c:\program files\BitComet\lang\lang_ru_ru.xml
c:\program files\BitComet\lang\lang_sk_sk.xml
c:\program files\BitComet\lang\lang_sl_si.xml
c:\program files\BitComet\lang\lang_sq_al.xml
c:\program files\BitComet\lang\lang_sr_sr.xml
c:\program files\BitComet\lang\lang_sv_se.xml
c:\program files\BitComet\lang\lang_th_th.xml
c:\program files\BitComet\lang\lang_tr_tr.xml
c:\program files\BitComet\lang\lang_uk_ua.xml
c:\program files\BitComet\lang\lang_va_es.xml
c:\program files\BitComet\lang\lang_vi_vn.xml
c:\program files\BitComet\lang\lang_zh_cn.xml
c:\program files\BitComet\lang\lang_zh_tw.xml
c:\program files\BitComet\License.txt
c:\program files\BitComet\ReadMe.txt
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\ipfilter-HowTo.txt
c:\program files\BitComet\rules\ipfilter.dat
c:\program files\BitComet\rules\tracker.dat
c:\program files\BitComet\Torrents\Prison Break S02E04 Season 2 Episode 4 First Down HDTV Xvid LOL.avi_chat.xml
c:\program files\BitComet\Torrents\Prison.Break.S02E01.HDTV.Xvid.avi_chat.xml
c:\program files\BitComet\Torrents\Prison.Break.S02E02.HDTV.XviD-LOL_chat.xml
c:\program files\BitComet\uninst.exe
c:\program files\DesignPro 2000
c:\program files\DesignPro 2000\DESIGNP.CNT
c:\program files\DesignPro 2000\DESIGNP.EXE
c:\program files\DesignPro 2000\designp.GID
c:\program files\DesignPro 2000\DESIGNP.HLP
c:\program files\DesignPro 2000\DESIGNP.ICO
c:\program files\DesignPro 2000\DPSPLSHH.BMP
c:\program files\DesignPro 2000\DPSPLSHL.BMP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\C2651_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8159_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8162_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8360_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8365_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8365_2.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8651_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8666_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8671_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8674_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8760_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8760_2.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8760_3.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\J8766_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7263_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7655_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7664_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7666_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7668_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7670_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7701_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7701_2.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7702_1.ZDP
c:\program files\DesignPro 2000\Echantillons\ÉTIQUE~1\L7702_2.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\C2351_1.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\C2354_1.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8414_1.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8414_2.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8414_3.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8414_4.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8416_1.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8416_2.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8416_3.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8416_4.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8416_5.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8431_1.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8431_2.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8431_3.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8432_2.ZDP
c:\program files\DesignPro 2000\Echantillons\CARTES\J8432_3.ZDP
c:\program files\DesignPro 2000\LFBMP90N.DLL
c:\program files\DesignPro 2000\LFCMP90N.DLL
c:\program files\DesignPro 2000\LFEPS90N.DLL
c:\program files\DesignPro 2000\LFFAX90N.DLL
c:\program files\DesignPro 2000\LFIMG90N.DLL
c:\program files\DesignPro 2000\LFLMB90N.DLL
c:\program files\DesignPro 2000\LFPCD90N.DLL
c:\program files\DesignPro 2000\LFPCX90N.DLL
c:\program files\DesignPro 2000\LFTGA90N.DLL
c:\program files\DesignPro 2000\LFTIF90N.DLL
c:\program files\DesignPro 2000\LFWMF90N.DLL
c:\program files\DesignPro 2000\LFWPG90N.DLL
c:\program files\DesignPro 2000\LTDIS90N.DLL
c:\program files\DesignPro 2000\LTDLG90N.DLL
c:\program files\DesignPro 2000\LTFIL90N.DLL
c:\program files\DesignPro 2000\LTIMG90N.DLL
c:\program files\DesignPro 2000\LTKRN90N.DLL
c:\program files\DesignPro 2000\LTTHK90W.DLL
c:\program files\DesignPro 2000\LTVDD90W.DRV
c:\program files\DesignPro 2000\Modèles\AVERY.ZTR
c:\program files\DesignPro 2000\Modèles\BLNKCARD.ZTR
c:\program files\DesignPro 2000\Modèles\C2351.ZTF
c:\program files\DesignPro 2000\Modèles\C2352.ZTF
c:\program files\DesignPro 2000\Modèles\C2355.ZTF
c:\program files\DesignPro 2000\Modèles\FILING.ZTR
c:\program files\DesignPro 2000\Modèles\GROUPS.ZTG
c:\program files\DesignPro 2000\Modèles\J8416.ZTF
c:\program files\DesignPro 2000\Modèles\J8431.ZTF
c:\program files\DesignPro 2000\Modèles\J8432.ZTF
c:\program files\DesignPro 2000\Modèles\J8434.ZTF
c:\program files\DesignPro 2000\Modèles\J8440.ZTF
c:\program files\DesignPro 2000\Modèles\J8667.ZTF
c:\program files\DesignPro 2000\Modèles\L7411_5.ZTF
c:\program files\DesignPro 2000\Modèles\L7411_6.ZTF
c:\program files\DesignPro 2000\Modèles\L741110.ZTF
c:\program files\DesignPro 2000\Modèles\L741112.ZTF
c:\program files\DesignPro 2000\Modèles\L741115.ZTF
c:\program files\DesignPro 2000\Modèles\L741120.ZTF
c:\program files\DesignPro 2000\Modèles\L741131.ZTF
c:\program files\DesignPro 2000\Modèles\L7411AZ.ZTF
c:\program files\DesignPro 2000\Modèles\L7411JD.ZTF
c:\program files\DesignPro 2000\Modèles\L7412_10.ZTF
c:\program files\DesignPro 2000\Modèles\L7412_12.ZTF
c:\program files\DesignPro 2000\Modèles\L7412_5.ZTF
c:\program files\DesignPro 2000\Modèles\L7412_6.ZTF
c:\program files\DesignPro 2000\Modèles\L7412_8.ZTF
c:\program files\DesignPro 2000\Modèles\L7420_6.ZTF
c:\program files\DesignPro 2000\Modèles\L7420_8.ZTF
c:\program files\DesignPro 2000\Modèles\L7655.ZTF
c:\program files\DesignPro 2000\Modèles\L7660.ZTF
c:\program files\DesignPro 2000\Modèles\L7669.ZTF
c:\program files\DesignPro 2000\Modèles\L7676.ZTF
c:\program files\DesignPro 2000\Modèles\LABELSA4.ZTR
c:\program files\DesignPro 2000\Modèles\MEDIA.ZTR
c:\program files\DesignPro 2000\Modèles\PADJUST.ZPJ
c:\program files\DesignPro 2000\Modèles\PADJUSTU.ZPJ
c:\program files\DesignPro 2000\Modèles\PJPAPERL.JST
c:\program files\DesignPro 2000\Modèles\PJPAPERP.JST
c:\program files\DesignPro 2000\Modèles\PJPAPLLE.JST
c:\program files\DesignPro 2000\Modèles\PJPAPPLE.JST
c:\program files\DesignPro 2000\Modèles\TMPLTS.ZTL
c:\program files\DesignPro 2000\Modèles\TMPLTSDL.ZTR
c:\program files\DesignPro 2000\PCDLIB32.DLL
c:\program files\DesignPro 2000\Wlbvchk.dll
c:\program files\DesignPro 2000\Wlftmrg.dll
c:\program files\DesignPro 2000\WLRCDLL.DLL
c:\program files\DesignPro 2000\Wltlcvrt.dll
c:\program files\DesignPro 2000\Wltlvchk.dll
c:\program files\DesignPro 2000\Wltmplmg.dll
c:\program files\DesignPro 2000\wltmpltd.dpf
c:\program files\ToniArts
c:\program files\ToniArts\EasyCleaner\BlackLst.ecb
c:\program files\ToniArts\EasyCleaner\EasyClea.exe
c:\program files\ToniArts\EasyCleaner\File_id.diz
c:\program files\ToniArts\EasyCleaner\Helps\ancre.bmp
c:\program files\ToniArts\EasyCleaner\Helps\ECEnglish.cnt
c:\program files\ToniArts\EasyCleaner\Helps\ECEnglish.hlp
c:\program files\ToniArts\EasyCleaner\Helps\ECFinnish.cnt
c:\program files\ToniArts\EasyCleaner\Helps\ECFinnish.hlp
c:\program files\ToniArts\EasyCleaner\Helps\ECFrench.htm
c:\program files\ToniArts\EasyCleaner\Helps\ECGreek.htm
c:\program files\ToniArts\EasyCleaner\Helps\ECPortuguese (Brazil).cnt
c:\program files\ToniArts\EasyCleaner\Helps\ECPortuguese (Brazil).hlp
c:\program files\ToniArts\EasyCleaner\Helps\ECRussian.htm
c:\program files\ToniArts\EasyCleaner\Helps\ECSlovak.hlp
c:\program files\ToniArts\EasyCleaner\Helps\French\B-parcourir.png
c:\program files\ToniArts\EasyCleaner\Helps\French\balai.png
c:\program files\ToniArts\EasyCleaner\Helps\French\BAR-INVE.png
c:\program files\ToniArts\EasyCleaner\Helps\French\BLK-LIST.png
c:\program files\ToniArts\EasyCleaner\Helps\French\boule.png
c:\program files\ToniArts\EasyCleaner\Helps\French\bouton.png
c:\program files\ToniArts\EasyCleaner\Helps\French\box.png
c:\program files\ToniArts\EasyCleaner\Helps\French\BUG.png
c:\program files\ToniArts\EasyCleaner\Helps\French\Case-r.png
c:\program files\ToniArts\EasyCleaner\Helps\French\case.png
c:\program files\ToniArts\EasyCleaner\Helps\French\champ.png
c:\program files\ToniArts\EasyCleaner\Helps\French\combox.png
c:\program files\ToniArts\EasyCleaner\Helps\French\debut.png
c:\program files\ToniArts\EasyCleaner\Helps\French\disket.png
c:\program files\ToniArts\EasyCleaner\Helps\French\easy.css
c:\program files\ToniArts\EasyCleaner\Helps\French\exclam.png
c:\program files\ToniArts\EasyCleaner\Helps\French\fl-down.png
c:\program files\ToniArts\EasyCleaner\Helps\French\fl-up.png
c:\program files\ToniArts\EasyCleaner\Helps\French\flag.png
c:\program files\ToniArts\EasyCleaner\Helps\French\Fox-mini.png
c:\program files\ToniArts\EasyCleaner\Helps\French\inter-bl.png
c:\program files\ToniArts\EasyCleaner\Helps\French\key.png
c:\program files\ToniArts\EasyCleaner\Helps\French\lang.png
c:\program files\ToniArts\EasyCleaner\Helps\French\mail.png
c:\program files\ToniArts\EasyCleaner\Helps\French\no-smile.png
c:\program files\ToniArts\EasyCleaner\Helps\French\p-info.png
c:\program files\ToniArts\EasyCleaner\Helps\French\p-lancer2.png
c:\program files\ToniArts\EasyCleaner\Helps\French\p-screen.png
c:\program files\ToniArts\EasyCleaner\Helps\French\paragraf.png
c:\program files\ToniArts\EasyCleaner\Helps\French\pen-writer.png
c:\program files\ToniArts\EasyCleaner\Helps\French\pen.png
c:\program files\ToniArts\EasyCleaner\Helps\French\r-index.png
c:\program files\ToniArts\EasyCleaner\Helps\French\r-sommaire.png
c:\program files\ToniArts\EasyCleaner\Helps\French\radio.png
c:\program files\ToniArts\EasyCleaner\Helps\French\rub.png
c:\program files\ToniArts\EasyCleaner\Helps\French\rubrique.png
c:\program files\ToniArts\EasyCleaner\Helps\French\script.png
c:\program files\ToniArts\EasyCleaner\Helps\French\sigle.png
c:\program files\ToniArts\EasyCleaner\Helps\French\sm-arrow-r.png
c:\program files\ToniArts\EasyCleaner\Helps\French\sm-arrow.png
c:\program files\ToniArts\EasyCleaner\Helps\French\smil-quest.png
c:\program files\ToniArts\EasyCleaner\Helps\French\smile.png
c:\program files\ToniArts\EasyCleaner\Helps\French\smileblk.png
c:\program files\ToniArts\EasyCleaner\Helps\French\smilpink.png
c:\program files\ToniArts\EasyCleaner\Helps\French\space31.png
c:\program files\ToniArts\EasyCleaner\Helps\French\Spacepar.png
c:\program files\ToniArts\EasyCleaner\Helps\French\spacerub.png
c:\program files\ToniArts\EasyCleaner\Helps\French\star.png
c:\program files\ToniArts\EasyCleaner\Helps\French\tabkey.png
c:\program files\ToniArts\EasyCleaner\Helps\French\Tool.png
c:\program files\ToniArts\EasyCleaner\Helps\French\web.png
c:\program files\ToniArts\EasyCleaner\Helps\Greek\commandline.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\doubles.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\ec2.gif
c:\program files\ToniArts\EasyCleaner\Helps\Greek\faq.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\history.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\languages.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\options.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\registry.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\requirements.htm
c:\program files\ToniArts\EasyCleaner\Helps\Greek\uneccessary.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Commandline.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Doubles.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\FAQ.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\History.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Languages.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Options.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Registry.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Requirements.htm
c:\program files\ToniArts\EasyCleaner\Helps\Russian\Unnecessary.htm
c:\program files\ToniArts\EasyCleaner\Languages\Bulgarian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Bulgarian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Catalan.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Catalan.txt
c:\program files\ToniArts\EasyCleaner\Languages\Chinese (Simplified).bmp
c:\program files\ToniArts\EasyCleaner\Languages\Chinese (Simplified).txt
c:\program files\ToniArts\EasyCleaner\Languages\Chinese (Traditional).bmp
c:\program files\ToniArts\EasyCleaner\Languages\Chinese (Traditional).txt
c:\program files\ToniArts\EasyCleaner\Languages\Croatian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Croatian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Czech.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Czech.txt
c:\program files\ToniArts\EasyCleaner\Languages\Danish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Danish.txt
c:\program files\ToniArts\EasyCleaner\Languages\Dutch.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Dutch.txt
c:\program files\ToniArts\EasyCleaner\Languages\English.bmp
c:\program files\ToniArts\EasyCleaner\Languages\English.txt
c:\program files\ToniArts\EasyCleaner\Languages\Estonian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Estonian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Finnish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Finnish.txt
c:\program files\ToniArts\EasyCleaner\Languages\French.bmp
c:\program files\ToniArts\EasyCleaner\Languages\French.txt
c:\program files\ToniArts\EasyCleaner\Languages\Galician.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Galician.txt
c:\program files\ToniArts\EasyCleaner\Languages\German.bmp
c:\program files\ToniArts\EasyCleaner\Languages\German.txt
c:\program files\ToniArts\EasyCleaner\Languages\Greek.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Greek.txt
c:\program files\ToniArts\EasyCleaner\Languages\Hungarian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Hungarian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Italian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Italian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Japanese.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Japanese.txt
c:\program files\ToniArts\EasyCleaner\Languages\Korean.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Korean.txt
c:\program files\ToniArts\EasyCleaner\Languages\Lithuanian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Lithuanian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Norwegian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Norwegian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Polish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Polish.txt
c:\program files\ToniArts\EasyCleaner\Languages\Portuguese (Brazil).bmp
c:\program files\ToniArts\EasyCleaner\Languages\Portuguese (Brazil).txt
c:\program files\ToniArts\EasyCleaner\Languages\Portuguese.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Portuguese.txt
c:\program files\ToniArts\EasyCleaner\Languages\Russian.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Russian.txt
c:\program files\ToniArts\EasyCleaner\Languages\Slovak.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Slovak.txt
c:\program files\ToniArts\EasyCleaner\Languages\Spanish (Argentina).bmp
c:\program files\ToniArts\EasyCleaner\Languages\Spanish (Argentina).txt
c:\program files\ToniArts\EasyCleaner\Languages\Spanish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Spanish.txt
c:\program files\ToniArts\EasyCleaner\Languages\Swedish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Swedish.txt
c:\program files\ToniArts\EasyCleaner\Languages\Turkish.bmp
c:\program files\ToniArts\EasyCleaner\Languages\Turkish.txt
c:\program files\ToniArts\EasyCleaner\license.txt
c:\program files\ToniArts\EasyCleaner\Options.ini
c:\program files\ToniArts\EasyCleaner\Undo\ECUndo01.reg
c:\program files\ToniArts\EasyCleaner\Undo\ECUndo02.reg
c:\program files\ToniArts\EasyCleaner\Undo\ECUndo03.reg
c:\program files\Vilma
c:\program files\Vilma\RegExp\backups\20090513002925250
c:\program files\Vilma\RegExp\backups\20090513003101343
c:\program files\Vilma\RegExp\backups\20090513003205296
c:\program files\Vilma\RegExp\backups\20090513003221015
c:\program files\Vilma\RegExp\backups\20090513003328796
c:\program files\Vilma\RegExp\backups\20090513003335265
c:\program files\Vilma\RegExp\backups\20090513010641703
c:\program files\Vilma\RegExp\backups\20090513201200546
c:\program files\Vilma\RegExp\backups\20090513235258515
c:\program files\Vilma\RegExp\backups\20090513235530671
c:\program files\Vilma\RegExp\backups\20090513235541656
c:\program files\Vilma\RegExp\backups\20090513235550453
c:\program files\Vilma\RegExp\backups\20090516230309453
c:\program files\Vilma\RegExp\backups\20090516230311031
c:\program files\Vilma\RegExp\backups\20090516230418312
c:\program files\Vilma\RegExp\backups\20090516230428500
c:\program files\Vilma\RegExp\backups\20090516230431859
c:\program files\Vilma\RegExp\backups\20090521030147437
c:\program files\Vilma\RegExp\backups\20090521030208578
c:\program files\Vilma\RegExp\backups\20090521030214203
c:\program files\Vilma\RegExp\backups\20090521030244078
c:\program files\Vilma\RegExp\backups\20090521030250906
c:\program files\Vilma\RegExp\backups\20090521032010468
c:\program files\Vilma\RegExp\backups\20090521032018015
c:\program files\Vilma\RegExp\backups\20090521032021546
c:\program files\Vilma\RegExp\backups\20090521032023609
c:\program files\Vilma\RegExp\backups\index
c:\program files\Vilma\RegExp\doc\about.htm
c:\program files\Vilma\RegExp\doc\accelerator.htm
c:\program files\Vilma\RegExp\doc\addbook.gif
c:\program files\Vilma\RegExp\doc\addbook.htm
c:\program files\Vilma\RegExp\doc\agent.gif
c:\program files\Vilma\RegExp\doc\backups.gif
c:\program files\Vilma\RegExp\doc\binary.gif
c:\program files\Vilma\RegExp\doc\bookmarks.htm
c:\program files\Vilma\RegExp\doc\crbin.htm
c:\program files\Vilma\RegExp\doc\crdword.htm
c:\program files\Vilma\RegExp\doc\crkey.htm
c:\program files\Vilma\RegExp\doc\crstring.htm
c:\program files\Vilma\RegExp\doc\delete.gif
c:\program files\Vilma\RegExp\doc\delete.htm
c:\program files\Vilma\RegExp\doc\dword.gif
c:\program files\Vilma\RegExp\doc\dworend.gif
c:\program files\Vilma\RegExp\doc\edit.gif
c:\program files\Vilma\RegExp\doc\edit.htm
c:\program files\Vilma\RegExp\doc\expand.gif
c:\program files\Vilma\RegExp\doc\export.gif
c:\program files\Vilma\RegExp\doc\export.htm
c:\program files\Vilma\RegExp\doc\f8.gif
c:\program files\Vilma\RegExp\doc\favorites.gif
c:\program files\Vilma\RegExp\doc\find.gif
c:\program files\Vilma\RegExp\doc\find.htm
c:\program files\Vilma\RegExp\doc\howto.htm
c:\program files\Vilma\RegExp\doc\import.gif
c:\program files\Vilma\RegExp\doc\import.htm
c:\program files\Vilma\RegExp\doc\index.htm
c:\program files\Vilma\RegExp\doc\key.gif
c:\program files\Vilma\RegExp\doc\keys.htm
c:\program files\Vilma\RegExp\doc\lang.htm
c:\program files\Vilma\RegExp\doc\lg.jpg
c:\program files\Vilma\RegExp\doc\license.htm
c:\program files\Vilma\RegExp\doc\link.gif
c:\program files\Vilma\RegExp\doc\multi.gif
c:\program files\Vilma\RegExp\doc\none.gif
c:\program files\Vilma\RegExp\doc\paper.jpg
c:\program files\Vilma\RegExp\doc\regcomp.gif
c:\program files\Vilma\RegExp\doc\rename.gif
c:\program files\Vilma\RegExp\doc\rename.htm
c:\program files\Vilma\RegExp\doc\reset.gif
c:\program files\Vilma\RegExp\doc\resetdown.gif
c:\program files\Vilma\RegExp\doc\resetover.gif
c:\program files\Vilma\RegExp\doc\reslist.gif
c:\program files\Vilma\RegExp\doc\search.gif
c:\program files\Vilma\RegExp\doc\search.htm
c:\program files\Vilma\RegExp\doc\st.css
c:\program files\Vilma\RegExp\doc\structure.htm
c:\program files\Vilma\RegExp\doc\submit.gif
c:\program files\Vilma\RegExp\doc\submitdown.gif
c:\program files\Vilma\RegExp\doc\submitover.gif
c:\program files\Vilma\RegExp\doc\support.htm
c:\program files\Vilma\RegExp\doc\sz.gif
c:\program files\Vilma\RegExp\doc\treemenu.gif
c:\program files\Vilma\RegExp\doc\types.htm
c:\program files\Vilma\RegExp\doc\undo.htm
c:\program files\Vilma\RegExp\doc\unk.gif
c:\program files\Vilma\RegExp\doc\using.htm
c:\program files\Vilma\RegExp\doc\whatsreg.htm
c:\program files\Vilma\RegExp\INSTALL.LOG
c:\program files\Vilma\RegExp\lang\rcenu.dll
c:\program files\Vilma\RegExp\regexp.exe
c:\program files\Vilma\RegExp\theme.dll
c:\program files\Vilma\RegExp\Uninstall.exe
c:\windows\PEV.exe
c:\windows\sed.exe
c:\windows\SWREG.exe
c:\windows\system32\dllcache\kernel32.dll
c:\windows\system32\drivers\Aspi32.sys
c:\windows\system32\drivers\FWDRV.SYS
c:\windows\system32\drivers\Msikbd2k.sys
c:\windows\System32\DRIVERS\nv4_mini.sys
c:\windows\system32\drivers\v90drv.sys
c:\windows\system32\drivers\vcsmpdrv.sys
c:\windows\system32\usbaaplrc.dll
E:\whwv.pif
F:\trqfq.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Legacy_ASPI32
-------\Legacy_BTHSERV
-------\Legacy_CDAC15BA
-------\Legacy_FWDRV
-------\Legacy_NAVENG
-------\Legacy_NAVEX15
-------\Legacy_SYMIDSCO
-------\Legacy_V90DRV
-------\Service_abp470n5
-------\Service_ADILOADER
-------\Service_adiusbae
-------\Service_ASPI
-------\Service_Aspi32
-------\Service_BthServ
-------\Service_CdaC15BA
-------\Service_fwdrv
-------\Service_msikbd2k
-------\Service_NAVENG
-------\Service_NAVEX15
-------\Service_nv
-------\Service_SYMIDSCO
-------\Service_V90drv
-------\Service_vcsmpdrv

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-05 au 2009-06-05 ))))))))))))))))))))))))))))))))))))
.

2009-06-05 20:39 . 2009-06-05 20:40 -------- d-----w- C:\rsit
2009-06-01 20:56 . 2009-06-01 20:57 -------- d-----w- c:\program files\CCleaner
2009-05-30 20:41 . 2009-05-30 20:42 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-24 08:17 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-05-24 08:17 . 2009-03-06 14:46 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-24 08:17 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-24 08:17 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-24 08:17 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-24 08:17 . 2009-02-09 10:20 685056 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-24 08:17 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-24 08:17 . 2009-02-09 10:08 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-05-24 08:17 . 2009-02-09 10:20 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-24 08:17 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-24 08:16 . 2008-12-16 12:49 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-05-24 08:16 . 2008-04-21 21:27 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-24 00:12 . 2009-06-05 20:20 -------- d-----w- c:\program files\Trend Micro
2009-05-23 08:15 . 2009-05-25 01:40 -------- d-----w- c:\windows\system32\fr-fr
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Yahoo!
2009-05-22 19:42 . 2009-05-22 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-22 19:42 . 2009-05-22 19:42 -------- d-----w- c:\program files\Yahoo!
2009-05-16 21:07 . 2009-05-16 21:07 133 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\fusioncache.dat
2009-05-16 21:07 . 2009-05-16 21:07 -------- d-----w- c:\documents and settings\solo & kad\Local Settings\Application Data\ApplicationHistory
2009-05-12 21:06 . 2009-05-28 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\solo & kad\Application Data\Malwarebytes
2009-05-12 18:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-12 18:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 18:38 . 2009-06-03 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 18:38 . 2009-05-12 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 20:33 . 2009-05-16 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 16:42 . 2002-09-10 10:36 77468 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-28 16:42 . 2002-09-10 10:36 473864 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-27 17:50 . 2003-03-22 09:58 57904 ----a-w- c:\documents and settings\solo & kad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 00:24 . 2007-04-30 22:45 -------- d-----w- c:\program files\adslTV
2009-05-22 23:56 . 2003-01-15 06:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 17:43 . 2003-03-27 21:16 -------- d-----w- c:\program files\Symantec
2009-05-21 21:43 . 2004-07-21 21:06 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-13 22:33 . 2009-04-13 22:33 -------- d-----w- c:\program files\Bonjour
2009-04-13 22:31 . 2009-04-13 22:29 -------- d-----w- c:\program files\QuickTime
2009-03-26 13:23 . 2007-10-03 16:57 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-14 21:37 . 2006-03-31 21:13 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-14 21:37 . 2006-03-31 21:13 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-14 21:37 . 2008-05-09 11:50 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-14 21:37 . 2008-05-09 11:50 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-14 21:37 . 2006-03-31 21:13 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-05_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 23:10 . 2009-06-05 23:10 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat
+ 2009-06-05 23:20 . 2009-06-05 23:20 16384 c:\windows\Temp\Perflib_Perfdata_514.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 192568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 35328]
"ACTIVBOARD"="c:\apps\ActivBoard\MMKeybd.exe" [2002-06-19 262144]
"ActivSurf"="c:\apps\ActivSurf\4448364\Program\backweb-4448364.exe" [2003-01-15 16384]
"RemoteControl"="c:\windows\System32\rmctrl.exe" [2000-10-16 110592]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 532480]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 290816]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-09-13 177880]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 308632]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 251200]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-12-13 225325]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-2-6 1155072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\ActivSurf\\4448364\\Program\\backWeb-4448364.exe"= c:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe
"c:\\Documents and Settings\\solo & kad\\Mes documents\\mircfr\\mircfr\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\rmctrl.exe"=
"c:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Logitech\\Video\\FxSvr2.exe"=
"c:\\Apps\\ActivBoard\\OSD.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Apps\\ActivBoard\\MMKeybd.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\divtools\\unzip\\unzip.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBVE.EXE"=
"c:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe"=
"c:\\Apps\\ActivBoard\\TrayMon.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\rnathchk.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Microsoft Money\\System\\urlmap.exe"=
"c:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\LVCOMSX.EXE"= c:\\WINDOWS\\system32\\LVComsX.exe
"c:\\apps\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"c:\\WINDOWS\\system32\\CF7942.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:BitComet 7593 TCP
"7593:UDP"= 7593:UDP:BitComet 7593 UDP
"18207:TCP"= 18207:TCP:NortonAV
"14790:TCP"= 14790:TCP:NortonAV
"17053:TCP"= 17053:TCP:NortonAV
"16428:TCP"= 16428:TCP:NortonAV
"12094:TCP"= 12094:TCP:NortonAV
"16161:TCP"= 16161:TCP:NortonAV
"15154:TCP"= 15154:TCP:NortonAV
"17769:TCP"= 17769:TCP:NortonAV
"18615:TCP"= 18615:TCP:NortonAV
"17099:TCP"= 17099:TCP:NortonAV
"16624:TCP"= 16624:TCP:NortonAV
"14042:TCP"= 14042:TCP:NortonAV
"13501:TCP"= 13501:TCP:NortonAV
"12666:TCP"= 12666:TCP:NortonAV
"16570:TCP"= 16570:TCP:NortonAV
"17502:TCP"= 17502:TCP:NortonAV
"15401:TCP"= 15401:TCP:NortonAV
"13048:TCP"= 13048:TCP:NortonAV
"14708:TCP"= 14708:TCP:NortonAV
"12292:TCP"= 12292:TCP:NortonAV
"14257:TCP"= 14257:TCP:NortonAV
"16535:TCP"= 16535:TCP:NortonAV
"18739:TCP"= 18739:TCP:NortonAV
"12163:TCP"= 12163:TCP:NortonAV
"18148:TCP"= 18148:TCP:NortonAV
"17868:TCP"= 17868:TCP:NortonAV
"12943:TCP"= 12943:TCP:NortonAV
"16101:TCP"= 16101:TCP:NortonAV
"16251:TCP"= 16251:TCP:NortonAV
"16753:TCP"= 16753:TCP:NortonAV
"15336:TCP"= 15336:TCP:NortonAV
"18647:TCP"= 18647:TCP:NortonAV
"12632:TCP"= 12632:TCP:NortonAV
"15170:TCP"= 15170:TCP:NortonAV
"17090:TCP"= 17090:TCP:NortonAV
"15836:TCP"= 15836:TCP:NortonAV
"17166:TCP"= 17166:TCP:NortonAV
"15233:TCP"= 15233:TCP:NortonAV
"16990:TCP"= 16990:TCP:NortonAV
"17075:TCP"= 17075:TCP:NortonAV
"12489:TCP"= 12489:TCP:NortonAV
"12933:TCP"= 12933:TCP:NortonAV
"14226:TCP"= 14226:TCP:NortonAV
"15048:TCP"= 15048:TCP:NortonAV
"15247:TCP"= 15247:TCP:NortonAV
"16454:TCP"= 16454:TCP:NortonAV
"14550:TCP"= 14550:TCP:NortonAV
"13250:TCP"= 13250:TCP:NortonAV
"15433:TCP"= 15433:TCP:NortonAV
"15524:TCP"= 15524:TCP:NortonAV
"17694:TCP"= 17694:TCP:NortonAV
"12374:TCP"= 12374:TCP:NortonAV
"14274:TCP"= 14274:TCP:NortonAV
"16379:TCP"= 16379:TCP:NortonAV
"16610:TCP"= 16610:TCP:NortonAV
"16062:TCP"= 16062:TCP:NortonAV
"14002:TCP"= 14002:TCP:NortonAV
"17939:TCP"= 17939:TCP:NortonAV
"16422:TCP"= 16422:TCP:NortonAV
"15837:TCP"= 15837:TCP:NortonAV
"12238:TCP"= 12238:TCP:NortonAV
"12756:TCP"= 12756:TCP:NortonAV
"14745:TCP"= 14745:TCP:NortonAV
"12059:TCP"= 12059:TCP:NortonAV
"13540:TCP"= 13540:TCP:NortonAV
"14504:TCP"= 14504:TCP:NortonAV
"16185:TCP"= 16185:TCP:NortonAV
"17627:TCP"= 17627:TCP:NortonAV
"18380:TCP"= 18380:TCP:NortonAV
"18906:TCP"= 18906:TCP:NortonAV
"13762:TCP"= 13762:TCP:NortonAV
"14045:TCP"= 14045:TCP:NortonAV
"12887:TCP"= 12887:TCP:NortonAV
"12719:TCP"= 12719:TCP:NortonAV
"17875:TCP"= 17875:TCP:NortonAV
"18757:TCP"= 18757:TCP:NortonAV
"1851:TCP"= 1851:TCP:saeztun

R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [01/01/1980 01:00 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [01/01/1980 01:00 231983]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [13/05/2005 19:00 21344]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ABP470N5
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - Netman
*Deregistered* - nhksrv
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SLService
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - VCSSecS
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - c:\apps\IECustom\script.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} - hxxp://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} - hxxp://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} - hxxp://messenger.zonenxt.msn-int.com/binary/Checkers.cab
FF - ProfilePath - c:\documents and settings\solo & kad\Application Data\Mozilla\Firefox\Profiles\36a4s2zn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 01:36
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1907411925-840360825-1460304000-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(228)
c:\docume~1\SOLO&K~1\LOCALS~1\Temp\IadHide3.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\apps\ActivBoard\nhksrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Virtual CD v4 SDK\System\vcssecs.exe
c:\program files\Fichiers communs\Real\Update_OB\rnathchk.exe
c:\apps\ActivBoard\Traymon.exe
c:\apps\ActivBoard\osd.exe
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Heure de fin: 2009-06-05 2:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-06 00:17
ComboFix2.txt 2009-06-05 22:43

Avant-CF: 13 632 086 016 octets libres
Après-CF: 13 688 418 304 octets libres

932 --- E O F --- 2009-05-31 18:08

Réponse 168 / 233

Utilisateur anonyme

je crois que explorer.exe est contaminé ... et c est pa bon

refais un scan rsit et post log.txt stp

Réponse 169 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Logfile of random's system information tool 1.06 (written by random/random)
Run by solo & kad at 2009-06-06 02:50:49
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 13 GB (18%) free of 74 GB
Total RAM: 255 MB (34% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-12-13 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-12-13 2436160]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-01-28 35328]
"ACTIVBOARD"=C:\Apps\ActivBoard\MMKeybd.exe [2002-06-19 262144]
"ActivSurf"=C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe [2003-01-15 16384]
"RemoteControl"=C:\WINDOWS\System32\rmctrl.exe [2000-10-16 110592]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 532480]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 290816]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-09-13 177880]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 308632]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-26 251200]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2003-12-13 225325]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\Money Express.exe [2001-07-25 192568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\ActivSurf\4448364\Program\backWeb-4448364.exe"="C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe:*:Enabled:ipsec"
"C:\Documents and Settings\solo & kad\Mes documents\mircfr\mircfr\mirc.exe"="C:\Documents and Settings\solo & kad\Mes documents\mircfr\mircfr\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SPSSInc\Statistics17\statistics.com"="C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com"
"C:\Program Files\SPSSInc\Statistics17\statistics.exe"="C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe"
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\System32\rmctrl.exe"="C:\WINDOWS\System32\rmctrl.exe:*:Enabled:ipsec"
"C:\PROGRA~1\SYMNET~1\SNDMon.exe"="C:\PROGRA~1\SYMNET~1\SNDMon.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Logitech\Video\FxSvr2.exe"="C:\Program Files\Logitech\Video\FxSvr2.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\OSD.exe"="C:\Apps\ActivBoard\OSD.exe:*:Enabled:ipsec"
"C:\Program Files\Logitech\Video\LogiTray.exe"="C:\Program Files\Logitech\Video\LogiTray.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\MMKeybd.exe"="C:\Apps\ActivBoard\MMKeybd.exe:*:Enabled:ipsec"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ipsec"
"C:\divtools\unzip\unzip.exe"="C:\divtools\unzip\unzip.exe:*:Enabled:ipsec"
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE:*:Enabled:ipsec"
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe:*:Enabled:ipsec"
"C:\Apps\ActivBoard\TrayMon.exe"="C:\Apps\ActivBoard\TrayMon.exe:*:Enabled:ipsec"
"C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe:*:Enabled:ipsec"
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Microsoft Money\System\urlmap.exe"="C:\Program Files\Microsoft Money\System\urlmap.exe:*:Enabled:ipsec"
"C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe:*:Enabled:ipsec"
"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\LVCOMSX.EXE"="C:\WINDOWS\system32\LVComsX.exe:*:Enabled:ipsec"
"C:\apps\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\apps\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jucheck.exe"="C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:ipsec"
"C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE:*:Enabled:ipsec"
"C:\WINDOWS\system32\drwtsn32.exe"="C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:ipsec"
"C:\ComboFix\NirCmd.cfexe"="C:\ComboFix\NirCmd.cfexe:*:Enabled:ipsec"
"C:\WINDOWS\system32\CF7942.exe"="C:\WINDOWS\system32\CF7942.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec"
"C:\Documents and Settings\solo & kad\Application Data\Real\Update\setup\setup.exe"="C:\Documents and Settings\solo & kad\Application Data\Real\Update\setup\setup.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwhwnql.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winwhwnql.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\vnhyx.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\vnhyx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\yfbbg.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\yfbbg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\tqrw.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\tqrw.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winpclskc.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winpclskc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winvnea.exe"="C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winvnea.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-06-06 02:17:11 ----A---- C:\ComboFix.txt
2009-06-05 23:39:17 ----D---- C:\Qoobox
2009-06-05 22:39:56 ----D---- C:\rsit
2009-06-05 22:20:11 ----A---- C:\TCleaner.txt
2009-06-03 19:17:54 ----A---- C:\del.txt
2009-06-01 22:56:58 ----D---- C:\Program Files\CCleaner
2009-05-26 00:50:36 ----RASHD---- C:\autorun.inf
2009-05-25 03:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-25 03:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-25 03:37:47 ----D---- C:\WINDOWS\ie7updates
2009-05-25 03:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-25 03:32:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-25 03:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-25 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-24 02:12:19 ----D---- C:\Program Files\Trend Micro
2009-05-23 10:15:59 ----D---- C:\WINDOWS\WBEM
2009-05-23 10:15:58 ----D---- C:\WINDOWS\system32\fr-fr
2009-05-23 10:13:03 ----HDC---- C:\WINDOWS\ie7
2009-05-23 10:12:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-05-23 10:10:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-05-23 10:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-05-23 10:06:07 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-22 21:42:54 ----D---- C:\Documents and Settings\solo & kad\Application Data\Yahoo!
2009-05-22 21:42:53 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-05-22 21:42:44 ----D---- C:\Program Files\Yahoo!
2009-05-12 23:06:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-12 20:38:37 ----D---- C:\Documents and Settings\solo & kad\Application Data\Malwarebytes
2009-05-12 20:38:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-12 20:38:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-11 22:33:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-10 20:44:08 ----A---- C:\WINDOWS\zip.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\SWSC.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-10 20:44:08 ----A---- C:\WINDOWS\grep.exe
2009-05-10 20:43:56 ----D---- C:\WINDOWS\ERDNT
2009-04-18 14:03:21 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-14 00:33:39 ----D---- C:\Program Files\Bonjour
2009-04-14 00:29:40 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 2 months======

2009-06-06 02:46:28 ----D---- C:\WINDOWS\Temp
2009-06-06 02:45:50 ----D---- C:\WINDOWS\system32\drivers
2009-06-06 02:45:24 ----AD---- C:\Program Files\Fichiers communs
2009-06-06 02:45:24 ----AD---- C:\Program Files
2009-06-06 02:43:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-06 02:31:50 ----D---- C:\WINDOWS\Prefetch
2009-06-06 02:17:18 ----AD---- C:\WINDOWS\system32
2009-06-06 01:58:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-06 01:38:16 ----D---- C:\WINDOWS
2009-06-06 01:38:16 ----A---- C:\WINDOWS\system.ini
2009-06-06 01:17:31 ----D---- C:\WINDOWS\system32\config
2009-06-06 01:17:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-06 01:14:25 ----D---- C:\WINDOWS\AppPatch
2009-06-02 20:35:40 ----D---- C:\WINDOWS\Minidump
2009-06-02 20:11:30 ----SHD---- C:\System Volume Information
2009-06-02 20:11:30 ----D---- C:\WINDOWS\system32\Restore
2009-06-02 04:09:12 ----SHD---- C:\WINDOWS\Installer
2009-06-02 04:09:09 ----D---- C:\Config.Msi
2009-05-31 23:18:14 ----D---- C:\WINDOWS\Help
2009-05-31 10:49:09 ----D---- C:\WINDOWS\Debug
2009-05-28 18:42:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-26 03:20:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-26 03:19:53 ----HD---- C:\WINDOWS\inf
2009-05-26 01:34:53 ----D---- C:\Program Files\Mozilla Firefox
2009-05-25 08:45:25 ----D---- C:\Program Files\Internet Explorer
2009-05-25 08:45:24 ----D---- C:\WINDOWS\system32\wbem
2009-05-25 03:42:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-25 00:22:08 ----SD---- C:\WINDOWS\Tasks
2009-05-23 10:15:45 ----D---- C:\WINDOWS\Media
2009-05-23 02:26:34 ----D---- C:\WINDOWS\system32\oobe
2009-05-23 02:26:33 ----SHD---- C:\DRIVERS
2009-05-23 02:24:23 ----D---- C:\Program Files\adslTV
2009-05-23 02:21:18 ----D---- C:\WINDOWS\repair
2009-05-23 01:56:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-22 19:43:59 ----D---- C:\Program Files\Symantec
2009-05-22 19:28:37 ----A---- C:\WINDOWS\msiosd.ini
2009-05-17 13:47:57 ----A---- C:\WINDOWS\ActiveSurfUI.INI
2009-05-16 23:07:25 ----SD---- C:\Documents and Settings\solo & kad\Application Data\Microsoft
2009-05-11 23:10:32 ----D---- C:\APPS
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-14 00:24:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-14 00:24:06 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-20 40320]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\mfhnjq.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-01-28 22210]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-01-28 67698]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2001-11-29 172708]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-03-26 45568]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2001-12-05 322948]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2001-11-29 33028]
R3 STAC97NA;SigmaTel 3D Environmental Audio; C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 296179]
R3 STAC97NH;STAC97NH; C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 231983]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-20 41600]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-20 14848]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2002-11-22 122505]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHMODEM;Pilote de communication série Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2002-01-28 50994]
S3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-01-28 5842]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2001-11-29 2383460]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2001-11-29 607732]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-10-25 162816]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2001-11-29 175160]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-02-09 39936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nhksrv;Netropa NHK Server; C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 28672]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2001-11-29 45056]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 SymProxySvc;Norton Internet Security Proxy Service; C:\Program Files\Norton Internet Security\SymProxySvc.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-13 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Réponse 170 / 233

mr.soluce

Chercher ici http://twasha.free.fr/forum1

Réponse 171 / 233

Utilisateur anonyme

ok fais ceci stp :

élécharge HijackThis (outils de diagnostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> HijackThis

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

Réponse 172 / 233

Utilisateur anonyme

Ororo ne fais que ce que Chiquitine te dit

Cédric c'est quoi tous ces ports ouverts du nom de Norton ?

Réponse 173 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

mon Clavier ne marche plus (Copier Coller de lettres) C pire

Réponse 174 / 233

Utilisateur anonyme

redémarre le pc , ça ira mieux ...

Réponse 175 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:12:37, on 06/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] ""C:\Program Files\Microsoft Money\System\Money Express.exe""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1EA1F119-9BCB-4B95-84BB-2B49D00CE9DE} (MessengerStatsClient Class) - http://messenger.zonenxt.msn-int.com/binary/MessengerStatsClient.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BEC31341-BE4C-4358-B79B-B89A5FCF8885} (Minesweeper Flags Class) - http://messenger.zonenxt.msn-int.com/binary/MineSweeper.cab
O16 - DPF: {E3CE3CB2-A027-469F-9073-B9440036174F} (Checkers Class) - http://messenger.zonenxt.msn-int.com/binary/Checkers.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\SymProxySvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Réponse 176 / 233

loloetseb Messages postés 5508 Date d'inscription Statut Membre Dernière intervention 174

pour suivre,)

Réponse 177 / 233

Utilisateur anonyme

Copie le texte ci-dessous :

killall::
C:\WINDOWS\System32\rmctrl.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\drivers\mfhnjq.sys
C:\WINDOWS\explorer.exe

FileLook::
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe

Driver::
SymProxySvc
SymWSC
abp470n5

File::
C:\WINDOWS\system32\drivers\mfhnjq.sys
C:\TCleaner.txt
C:\del.txt
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\uofl.exe
C:\DOCUME~1\SOLO&K~1\LOCALS~1\Temp\winbpuqv.exe

Folder::
C:\Program Files\Norton Internet Security
C:\Program Files\Fichiers communs\Symantec Shared

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

Réponse 178 / 233

Ororo Messages postés 115 Date d'inscription Statut Membre Dernière intervention

mon Clavier ne marche pas, dure pour Communiquer

Réponse 179 / 233

Utilisateur anonyme

Cedric juste une idée comme ca :

en fermant les 016 ca servirait à rien ?

Réponse 180 / 233

Utilisateur anonyme

c est des actives X alors ça va pas faire avancer le truc

le truc ets de debusquer ki relance l infection .. pour moi c est explorer.exe mais j ai le droit de dire une connerie ;)

on en saura plus avec le dernier script car on aura des infos sur certains fichiers ..

si notre amis se depatouille avec son clavier recalcitrant .

Votre réponse