Sujet Précédent Sujet Suivant

Infection par tdss.au

Fermé
tombu - 30 mai 2009 à 00:09
 tombu - 31 mai 2009 à 22:16
Bonjour,
je ne parviens plus à mettre à jour AVG. j'ai donc utilisé panda et je me suis aperçu que mon PC était infecté avec tdss.au.
comment puis-je m'en débarasser svp ? d'avance merci pour votre sollicitude.
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
30 mai 2009 à 00:10
Bonjour,

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 2 / 26
tombu
30 mai 2009 à 01:02
merci pour ton aide.
voici le rapport :

ComboFix 09-05-29.01 - Chefs deTribu BH 30/05/2009 0:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1040.18.895.563 [GMT 2:00]
Lancé depuis: c:\documents and settings\Chefs deTribu BH\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CHEFSD~1\IMPOST~1\Temp\tmp1.tmp
c:\docume~1\CHEFSD~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Chefs deTribu BH\Dati applicazioni\addon.dat
c:\documents and settings\Chefs deTribu BH\Dati applicazioni\inst.exe
c:\windows\system32\drivers\gxvxcmxfmultgrwsunttkdairqlxmoblvahyl.sys
c:\windows\system32\drivers\gxvxcqqtvvrjnswwyuoyiswxdtylrnmupqlmq.sys
c:\windows\system32\drivers\gxvxcttvvmkhbfsfogrrnruocaohodjklsdnm.sys
c:\windows\system32\drivers\gxvxcxfqhtavhoewqxyvbvxudrxroeqboexbi.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcpxjsmieojbqhnnpsbppobtnckidliqpj.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-29 21:19 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-29 21:18 . 2009-05-29 21:18 -------- d-----w c:\programmi\Panda Security
2009-05-25 19:12 . 2009-05-25 19:12 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Apple
2009-05-18 19:53 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-18 19:53 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-18 19:53 . 2009-05-18 19:53 -------- d-----w c:\programmi\iPod
2009-05-18 19:37 . 2009-05-20 13:58 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Apple Computer
2009-05-18 19:37 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\Bonjour
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\QuickTime
2009-05-18 19:36 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\documents and settings\Chefs deTribu BH\Impostazioni locali\Dati applicazioni\Apple
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w c:\programmi\Apple Software Update
2009-05-18 19:36 . 2009-03-26 13:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-18 19:36 . 2009-03-26 13:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-18 19:35 . 2009-05-18 19:42 -------- d-----w c:\programmi\File comuni\Apple
2009-05-18 19:35 . 2009-05-18 19:35 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-05-18 19:35 . 2009-05-18 19:37 -------- d-----w c:\documents and settings\Chefs deTribu BH\Impostazioni locali\Dati applicazioni\Apple Computer
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\Conduit
2009-05-15 21:38 . 2009-05-18 19:40 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Impostazioni locali\Dati applicazioni\IsoBuster
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----r c:\documents and settings\LocalService.NT AUTHORITY\Preferiti
2009-05-15 21:38 . 2009-05-15 21:38 -------- d-----w c:\programmi\BlueRaTech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 21:28 . 2008-03-28 20:39 -------- d-----w c:\programmi\Mozilla Thunderbird
2009-05-29 21:28 . 2008-03-28 09:57 -------- d-----w c:\programmi\Wanadoo
2009-05-29 18:27 . 2008-03-28 20:47 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Skype
2009-05-29 18:27 . 2008-07-29 19:50 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\uTorrent
2009-05-29 14:01 . 2008-03-28 20:49 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\skypePM
2009-05-29 13:09 . 2008-03-19 13:59 1 ----a-w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-29 13:09 . 2008-03-19 13:56 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2
2009-05-27 09:17 . 2008-03-23 17:33 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\dvdcss
2009-05-24 19:01 . 2008-09-03 21:56 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-05-20 13:41 . 2008-03-29 13:05 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\temp
2009-05-20 07:43 . 2008-03-29 20:25 -------- d-----w c:\programmi\eMule
2009-05-13 18:20 . 2008-04-06 14:17 -------- d-----w c:\programmi\TvAnts
2009-05-13 11:14 . 2008-03-18 13:14 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Canon
2009-05-13 10:50 . 2008-12-21 12:03 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\DVD Shrink
2009-05-13 09:58 . 2008-10-29 16:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Ahead
2009-05-13 09:57 . 2008-10-29 16:54 -------- d-----w c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Ahead
2009-04-23 20:57 . 2008-03-28 20:46 -------- d-----r c:\programmi\Skype
2009-04-23 20:57 . 2008-03-28 20:46 -------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Skype
2009-04-23 20:57 . 2009-04-23 20:57 -------- d-----w c:\programmi\File comuni\Skype
2009-04-05 13:37 . 2008-08-14 11:55 816 ----a-w c:\windows\eReg.dat
2009-04-05 13:31 . 2008-03-16 23:28 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-05 13:28 . 2009-04-05 13:21 -------- d-----w c:\programmi\Maxis
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 07:10 . 2008-03-16 23:01 42156 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 07:10 . 2008-03-16 23:01 323842 ----a-w c:\windows\system32\perfh010.dat
2009-03-23 20:33 . 2008-03-17 17:23 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-23 20:33 . 2008-03-17 17:23 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2008-03-28 08:51 . 2008-03-28 08:51 278528 ----a-w c:\programmi\File comuni\FDEUnInstaller.exe
2008-03-17 17:27 . 2008-03-17 17:27 0 --sha-w c:\windows\crack\klog.dat
.

------- Sigcheck -------

[-] 2008-03-18 10:05 504832 2E4B40A64C2FAFD29480D6516B993B09 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2009-05-15 21:39 1883672 ----a-w c:\programmi\IsoBuster\tbIso1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-07 15360]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2008-10-25 270128]
"WOOKIT"="c:\progra~2\Wanadoo\Shell.exe" [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-13 7626752]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"WOOWATCH"="c:\progra~2\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~2\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-09-07 160256]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-13 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 07:26 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chefs deTribu BH^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Chefs deTribu BH\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\TvAnts\\Tvants.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Programmi\\Vsk5Online\\Vsk5Online.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Ubisoft\\Chessmaster 10th Edition Demo\\game.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26135:TCP"= 26135:TCP:ut1
"26135:UDP"= 26135:UDP:ut2
"5222:TCP"= 5222:TCP:emuleTCP
"5322:UDP"= 5322:UDP:emuleUDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/05/2009 23:19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2008 23:56 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2008 23:56 107272]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [01/04/2008 15:47 94208]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - PAVBOOT
*Deregistered* - AdobeActiveFileMonitor5.0
*Deregistered* - AdobeActiveFileMonitor6.0
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FTRTSVC
*Deregistered* - gupdate1c9abf661f64c10
*Deregistered* - helpsvc
*Deregistered* - InCDsrv
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C5CD9787-54F4-6B5A-7054-5E50F28A8F48}]
c:\windows\crack\crack.exe s
.
Contenu du dossier 'Tâches planifiées'

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-23 20:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
IE: { - c:\programmi\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\Chefs deTribu BH\Dati applicazioni\Mozilla\Firefox\Profiles\r5hsrwkx.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: e:\program files\itunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 00:56
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-29 0:57
ComboFix-quarantined-files.txt 2009-05-29 22:57

Avant-CF: 19 992 383 488 byte disponibili
Après-CF: 26 359 595 008 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

253
0
Réponse 3 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
30 mai 2009 à 01:04
--> Menu Démarrer > Exécuter > Tape combofix /u et valide.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 4 / 26
tombu
30 mai 2009 à 12:14
bonjour
ma connexion internet ne marche plus donc mes réponses seront plus sporadiques...
HijackThis n'a donc pas pu être téléchargé lors du lancement de RSIT.
je vais rester en ligne dans un cybercafé quelques minutes après l'envoi de ce message, au cas où tu serais en mesure de me répondre dans les minutes qui suivent. merci encore pour ton aide précieuse.

voici les deux rapports :
-le rapport INFO :

info.txt logfile of random's system information tool 1.06 2009-05-30 01:07:38

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programmi\File comuni\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Programmi\AVG\AVG8\setup.exe /UNINSTALL
BlueRaTech-->"C:\Programmi\BlueRaTech\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon i560-->C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi040c.dll"
CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~2\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x40c anything
Chessmaster 10th Edition Demo-->C:\Programmi\File comuni\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5C208298-6507-46F4-B0CF-B740DE044080}
DJ Mix Lite-->C:\Programmi\DJ Mix Lite\uninstall.exe
DVD Shrink 3.2-->"C:\Programmi\DVD Shrink\unins000.exe"
eMule-->"C:\Programmi\eMule\Uninstall.exe"
Gestionnaire Internet-->C:\PROGRA~2\Wanadoo\uninstall.exe
Google Chrome-->"C:\Programmi\Google\Chrome\Application\1.0.154.65\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hercules DualPix Exchange Webcam-->C:\Programmi\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
IsoBuster 2.4-->"C:\Programmi\Smart Projects\IsoBuster\Uninst\unins000.exe"
IsoBuster Toolbar-->C:\PROGRA~2\ISOBUS~1\UNWISE.EXE C:\PROGRA~2\ISOBUS~1\INSTALL.LOG
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
IZArc 3.81-->"C:\Programmi\IZArc\unins000.exe"
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Les Sims Deluxe-->RunDll32 C:\PROGRA~2\FILECO~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
LFP MANAGER 08-->C:\Programmi\EA SPORTS\LFP MANAGER 08\eauninstall.exe
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Magic ISO Maker v5.4 (build 0247)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MozBackup 1.4.7-->"C:\Programmi\MozBackup\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Programmi\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Programmi\Mozilla Thunderbird\uninstall\helper.exe
MyHeritage Family Tree Builder-->C:\Documents and Settings\Chefs deTribu BH\Desktop\MyHeritage\Bin\Uninstall.exe
Navigateur Orange-->C:\PROGRA~2\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Nero 6 Ultra Edition-->C:\Programmi\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
Panda ActiveScan 2.0-->C:\Programmi\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoFiltre Studio-->"C:\Documents and Settings\Chefs deTribu BH\Desktop\PhotoFiltre Studio\Uninst.exe"
Picasa 2-->"C:\Programmi\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Programmi\File comuni\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SopCast 1.1.1-->C:\Programmi\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~2\FILECO~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmi\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Ston3D Web Player 1.6.0.0-->C:\Programmi\StoneTrip\Player\Ston3D Web Player-uninst.exe
Téléchargement PHOTOWAYS 3.1.0-->"C:\Programmi\Téléchargement PHOTOWAYS\uninstall.exe"
TVAnts 1.0-->C:\PROGRA~2\TvAnts\UNWISE.EXE C:\PROGRA~2\TvAnts\INSTALL.LOG
VideoLAN VLC media player 0.8.6e-->C:\Programmi\VideoLAN\VLC\uninstall.exe
Vsk5Online-->"C:\Programmi\Vsk5Online\unins000.exe"
Windows Media Format 11 runtime-->"C:\Programmi\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Securitycenter WMI appears to be broken

======System event log======

Computer Name: LA-E1E3291C3C0D
Event Code: 9
Message: La periferica \Device\Scsi\iviVD1 non ha risposto entro il tempo di attesa.

Record Number: 11727
Source Name: iviVD
Time Written: 20090416202112.000000+120
Event Type: error
User:

Computer Name: LA-E1E3291C3C0D
Event Code: 7003
Message: Il servizio Compatibilità di Cambio rapido utente dipende dal servizio TermService che non esiste.

Record Number: 11721
Source Name: Service Control Manager
Time Written: 20090416003450.000000+120
Event Type: error
User:

Computer Name: LA-E1E3291C3C0D
Event Code: 36
Message: Il servizio Ora non è riuscito a sincronizzare l'ora del sistema
per 49152 secondi, in quanto nessuno dei provider dell'ora è stato in grado di
fornire un timestamp utilizzabile. Il clock di sistema non è sincronizzato.

Record Number: 11712
Source Name: W32Time
Time Written: 20090415221618.000000+120
Event Type: warning
User:

Computer Name: LA-E1E3291C3C0D
Event Code: 4226
Message: È stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Record Number: 11711
Source Name: Tcpip
Time Written: 20090415182414.000000+120
Event Type: warning
User:

Computer Name: LA-E1E3291C3C0D
Event Code: 4226
Message: È stato raggiunto il limite di protezione imposto sul numero di tentativi temporanei di connessione TCP.

Record Number: 11706
Source Name: Tcpip
Time Written: 20090415143831.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: LA-E1E3291C3C0D
Event Code: 1090
Message: Impossibile registrare lo stato della sessione di Gruppo di criteri risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita alcuna registrazione di Gruppo di criteri risultante per questa applicazione di criteri.

Record Number: 6071
Source Name: Userenv
Time Written: 20081208234309.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LA-E1E3291C3C0D
Event Code: 1090
Message: Impossibile registrare lo stato della sessione di Gruppo di criteri risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita alcuna registrazione di Gruppo di criteri risultante per questa applicazione di criteri.

Record Number: 6070
Source Name: Userenv
Time Written: 20081208224809.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LA-E1E3291C3C0D
Event Code: 1090
Message: Impossibile registrare lo stato della sessione di Gruppo di criteri risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita alcuna registrazione di Gruppo di criteri risultante per questa applicazione di criteri.

Record Number: 6069
Source Name: Userenv
Time Written: 20081208215809.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LA-E1E3291C3C0D
Event Code: 1090
Message: Impossibile registrare lo stato della sessione di Gruppo di criteri risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita alcuna registrazione di Gruppo di criteri risultante per questa applicazione di criteri.

Record Number: 6068
Source Name: Userenv
Time Written: 20081208211209.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LA-E1E3291C3C0D
Event Code: 1090
Message: Impossibile registrare lo stato della sessione di Gruppo di criteri risultante. Tentativo di connessione a WMI non riuscito. Non verrà più eseguita alcuna registrazione di Gruppo di criteri risultante per questa applicazione di criteri.

Record Number: 6067
Source Name: Userenv
Time Written: 20081208202809.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programmi\Smart Projects\IsoBuster;C:\Programmi\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programmi\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


-le rapport LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chefs deTribu BH at 2009-05-30 01:24:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (19%) free of 131 GB
Total RAM: 895 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
IsoBuster Toolbar - C:\Programmi\IsoBuster\tbIso1.dll [2009-05-15 1883672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-23 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - IsoBuster Toolbar - C:\Programmi\IsoBuster\tbIso1.dll [2009-05-15 1883672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-13 7626752]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"WOOWATCH"=C:\PROGRA~2\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~2\Wanadoo\GestMaj.exe [2004-10-14 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-07 15360]
"uTorrent"=C:\Programmi\uTorrent\uTorrent.exe [2008-10-25 270128]
"WOOKIT"=C:\PROGRA~2\Wanadoo\Shell.exe [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDP]
C:\Programmi\Hercules\DualPix Exchange\Camservice.exe [2007-08-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Documents and Settings\Chefs deTribu BH\Desktop\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Programmi\Ahead\InCD\InCD.exe [2004-09-13 1450096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\itunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-07-13 7626752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-07-13 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programmi\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programmi\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programmi\Analog Devices\Core\smax4pnp.exe [2005-05-21 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2009-03-23 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~2\Wanadoo\Shell.exe [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~2\Wanadoo\GestMaj.exe [2004-10-14 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~2\Wanadoo\Watch.exe [2004-08-23 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
C:\PROGRA~2\INTERV~1\Common\Bin\WINCIN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chefs deTribu BH^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
C:\PROGRA~2\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\SopCast\SopCast.exe"="C:\Programmi\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programmi\SopCast\adv\SopAdver.exe"="C:\Programmi\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programmi\TvAnts\Tvants.exe"="C:\Programmi\TvAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programmi\Mozilla Firefox\firefox.exe"="C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Programmi\Mozilla Thunderbird\thunderbird.exe"="C:\Programmi\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Programmi\Vsk5Online\Vsk5Online.exe"="C:\Programmi\Vsk5Online\Vsk5Online.exe:*:Enabled:Vsk5Online"
"C:\Programmi\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Programmi\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Programmi\Ubisoft\Chessmaster 10th Edition Demo\game.exe"="C:\Programmi\Ubisoft\Chessmaster 10th Edition Demo\game.exe:*:Enabled:Chessmaster 10th Edition"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\itunes\iTunes.exe"="E:\Program Files\itunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-05-30 01:07:38 ----D---- C:\rsit
2009-05-30 01:07:38 ----D---- C:\Programmi\trend micro
2009-05-30 00:57:41 ----D---- C:\WINDOWS\temp
2009-05-30 00:57:36 ----A---- C:\ComboFix.txt
2009-05-30 00:42:45 ----A---- C:\Boot.bak
2009-05-30 00:42:42 ----RASHD---- C:\cmdcons
2009-05-30 00:40:47 ----D---- C:\WINDOWS\ERDNT
2009-05-29 23:18:38 ----D---- C:\Programmi\Panda Security
2009-05-18 21:53:19 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-05-18 21:53:05 ----D---- C:\Programmi\iPod
2009-05-18 21:37:43 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Apple Computer
2009-05-18 21:37:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 21:36:55 ----D---- C:\Programmi\Bonjour
2009-05-18 21:36:21 ----D---- C:\Programmi\QuickTime
2009-05-18 21:36:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-05-18 21:36:08 ----D---- C:\Programmi\Apple Software Update
2009-05-18 21:36:02 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-18 21:35:54 ----D---- C:\Programmi\File comuni\Apple
2009-05-18 21:35:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-05-15 23:38:24 ----D---- C:\Programmi\BlueRaTech
2009-04-23 22:57:13 ----D---- C:\Programmi\File comuni\Skype
2009-04-15 11:34:10 ----SHD---- C:\WINDOWS\ftpcache
2009-04-05 15:21:45 ----D---- C:\Programmi\Maxis
2009-03-23 22:34:06 ----D---- C:\Programmi\File comuni\xing shared

======List of files/folders modified in the last 3 months======

2009-05-30 01:20:18 ----D---- C:\Programmi\Mozilla Firefox
2009-05-30 01:20:15 ----D---- C:\Programmi\Wanadoo
2009-05-30 01:20:00 ----D---- C:\Programmi\Mozilla Thunderbird
2009-05-30 01:19:52 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\uTorrent
2009-05-30 01:17:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-30 01:07:38 ----RD---- C:\Programmi
2009-05-30 01:06:46 ----D---- C:\WINDOWS
2009-05-30 01:06:40 ----D---- C:\WINDOWS\system32
2009-05-30 01:06:36 ----SHD---- C:\System Volume Information
2009-05-30 01:06:36 ----D---- C:\WINDOWS\system32\Restore
2009-05-30 01:06:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-30 00:56:04 ----A---- C:\WINDOWS\system.ini
2009-05-30 00:53:22 ----D---- C:\WINDOWS\system32\drivers
2009-05-30 00:53:22 ----D---- C:\WINDOWS\AppPatch
2009-05-30 00:53:20 ----D---- C:\Programmi\File comuni
2009-05-30 00:42:45 ----RASH---- C:\boot.ini
2009-05-30 00:40:53 ----D---- C:\WINDOWS\Prefetch
2009-05-29 23:19:10 ----HD---- C:\WINDOWS\inf
2009-05-29 23:05:03 ----A---- C:\WINDOWS\win.ini
2009-05-29 20:27:56 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Skype
2009-05-29 16:01:46 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\skypePM
2009-05-29 15:09:07 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2
2009-05-27 14:11:06 ----HD---- C:\$AVG8.VAULT$
2009-05-27 11:17:16 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\dvdcss
2009-05-24 21:59:15 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-24 21:01:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-05-20 15:41:06 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\temp
2009-05-20 09:43:44 ----D---- C:\Programmi\eMule
2009-05-18 21:53:37 ----SHD---- C:\WINDOWS\Installer
2009-05-18 21:53:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-18 21:36:10 ----SD---- C:\WINDOWS\Tasks
2009-05-13 20:20:12 ----D---- C:\Programmi\TvAnts
2009-05-13 13:15:12 ----A---- C:\WINDOWS\CSTBox.INI
2009-05-13 13:14:49 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Canon
2009-05-13 12:50:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\DVD Shrink
2009-05-13 11:58:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Ahead
2009-05-13 11:57:36 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Ahead
2009-04-23 22:57:14 ----RD---- C:\Programmi\Skype
2009-04-23 22:57:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Skype
2009-04-05 15:31:19 ----HD---- C:\Programmi\InstallShield Installation Information
2009-03-29 10:29:07 ----D---- C:\Programmi\EA SPORTS
2009-03-29 10:28:24 ----D---- C:\Programmi\Tourisma2008
2009-03-29 10:26:10 ----RD---- C:\Program Files
2009-03-29 10:16:15 ----D---- C:\Programmi\Football Superstars
2009-03-29 09:10:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-23 22:36:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-23 22:34:00 ----D---- C:\Programmi\File comuni\Real
2009-03-23 22:33:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-03-23 22:33:44 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-03-23 22:33:44 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-03-23 22:33:40 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-23 22:33:40 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-23 22:33:39 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-23 22:32:03 ----D---- C:\Programmi\Google
2009-03-17 15:46:25 ----A---- C:\WINDOWS\MyHeritage.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-31 107272]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
R3 camfilt2;camfilt2; C:\WINDOWS\System32\Drivers\camfilt2.sys [2007-05-29 94208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-13 3934592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-16 9602944]
R3 usbaudio;Driver audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-09-07 26624]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-07 57600]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-09-07 17024]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-13 93440]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-26 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;Periferica video USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-21 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 Bonjour Service;Service Bonjour; C:\Programmi\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 InCDsrv;InCD Helper; C:\Programmi\Ahead\InCD\InCDsrv.exe [2004-09-13 1192050]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-13 155715]
S2 gupdate1c9abf661f64c10;Service Google Update (gupdate1c9abf661f64c10); C:\Programmi\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-21 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-06 654848]
S3 gusvc;Google Updater Service; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 iPod Service;Service de l’iPod; C:\Programmi\iPod\bin\iPodService.exe [2009-04-02 656168]

-----------------EOF-----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
30 mai 2009 à 14:07
Pourquoi tu n'as plus de connexion ?
0
Réponse 6 / 26
Tombu
30 mai 2009 à 16:16
+ précisément j'ai encore une connexion (skype fonctionne par exemple) c'est firefox et thunderbird qui ne fionctionnent plus d'où mes difficultés
0
Réponse 7 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
30 mai 2009 à 16:18
--> Télécharge WinsockXPFix sur ton Bureau.

--> Double-clique sur WinsockXPFix.exe.
--> Tout d'abord, clique sur le boutton ReG-Backup. Cela sauvegardera ton registre par précaution.
--> Clique sur OK, et encore une fois. Tu verras une fenêtre de sauvegarde de ton registre, tu cliqueras une nouvelle fois sur OK.

--> Retourne à la fenêtre principale.
--> Clique sur Fix.
--> Clique sur Yes.
--> Il se lancera pendant une minute ou deux et un bip se fera entendre et tu verras cette fenêtre.
--> Finalement, clique sur OK et laisse ton PC redémarrer.
0
Réponse 8 / 26
tombu
30 mai 2009 à 16:46
j'ai téléchargé le logiciel winsock sur une clé usb et je vais l'installer sur mon PC
si je suis ces consignes, je récupère internet chez moi ???
0
Réponse 9 / 26
tombu
30 mai 2009 à 16:52
par ailleurs j'ai téléchargé HijackThis ce midi et je t'envoie le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:54, on 30/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\Wanadoo\TaskBarIcon.exe
C:\PROGRA~2\Wanadoo\GestionnaireInternet.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~2\Wanadoo\ComComp.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~2\Wanadoo\Toaster.exe
C:\PROGRA~2\Wanadoo\Inactivity.exe
C:\PROGRA~2\Wanadoo\PollingModule.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\PROGRA~2\AVG\AVG8\avgrsx.exe
C:\PROGRA~2\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~2\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chefs deTribu BH\Desktop\RSIT.exe
D:\Chefs deTribu BH.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.liberation.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.myheritage.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~2\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~2\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~2\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~2\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Programmi\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Programmi\KeyScrambler\getting_started.html (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c9abf661f64c10) (gupdate1c9abf661f64c10) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 10 / 26
tombu
30 mai 2009 à 17:10
j'ai récupéré mon accès à internet merci
0
Réponse 11 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
30 mai 2009 à 18:40
---> Désinstalle Java 6 Update 4 et Java 6 Update 6.

---> Mets à jour Java.

---> Mets à jour Adobe Reader.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 12 / 26
tombu
31 mai 2009 à 12:33
aucun problème pour l'examen rapide de Malwarebyte's mais j'ai aussi fait un examen approfondi qui a détecté 3 fichiers infectés.

voici le rapport de l'examen rapide :
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2199
Windows 5.1.2600 Service Pack 2

31/05/2009 09:44:00
mbam-log-2009-05-31 (09-44-00).txt

Type de recherche: Examen rapide
Eléments examinés: 78041
Temps écoulé: 3 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


voici le rapport de l'examen approfondi
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2199
Windows 5.1.2600 Service Pack 2

31/05/2009 12:28:57
mbam-log-2009-05-31 (12-28-52).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 256898
Temps écoulé: 1 hour(s), 15 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\chefs detribu bh\Desktop\médiathèque\xp sp2\Software\Burning\nero6603-full\KeyGen.exe (Backdoor.Sdbot) -> No action taken.
c:\documents and settings\tribu bunel horrière\Bureau\xp sp2 final\Software\Burning\nero6603-full\KeyGen.exe (Backdoor.Sdbot) -> No action taken.
c:\system volume information\_restore{04764e16-3909-4f9d-b125-741ff8c460c4}\RP333\A0047440.exe (Trojan.DNSChanger) -> No action taken.
0
Réponse 13 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
31 mai 2009 à 12:35
Tu as supprimé ce qui a été supprimé ?
0
Réponse 14 / 26
tombu
31 mai 2009 à 12:39
non j'attendais ton avis avant de le faire vu que j'avais pris l'initiative d'aller plus loin que ce que tu m'avais suggéré
0
Réponse 15 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
31 mai 2009 à 12:42
Tu peux supprimer.

---> Refais un scan RSIT et poste le rapport log.
0
Réponse 16 / 26
tombu
31 mai 2009 à 12:49
voici le rapport log de RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chefs deTribu BH at 2009-05-31 12:47:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (19%) free of 131 GB
Total RAM: 895 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-23 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG8\avgssie.dll [2009-05-30 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2009-05-31 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-31 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-13 7626752]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2009-05-30 1947928]
"WOOWATCH"=C:\PROGRA~2\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~2\Wanadoo\GestMaj.exe [2004-10-14 32768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-13 86016]
"SunJavaUpdateSched"=C:\Programmi\Java\jre6\bin\jusched.exe [2009-05-31 148888]
"Adobe Reader Speed Launcher"=C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-09-07 15360]
"uTorrent"=C:\Programmi\uTorrent\uTorrent.exe [2008-10-25 270128]
"WOOKIT"=C:\PROGRA~2\Wanadoo\Shell.exe [2004-08-23 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDP]
C:\Programmi\Hercules\DualPix Exchange\Camservice.exe [2007-08-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Documents and Settings\Chefs deTribu BH\Desktop\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Programmi\Ahead\InCD\InCD.exe [2004-09-13 1450096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\itunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programmi\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programmi\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programmi\Analog Devices\Core\smax4pnp.exe [2005-05-21 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2009-03-23 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2009-02-27 542096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
C:\PROGRA~2\INTERV~1\Common\Bin\WINCIN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chefs deTribu BH^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.4.lnk]
C:\PROGRA~2\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-30 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmi\uTorrent\uTorrent.exe"="C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Programmi\eMule\emule.exe"="C:\Programmi\eMule\emule.exe:*:Enabled:eMule"
"C:\Programmi\SopCast\SopCast.exe"="C:\Programmi\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programmi\SopCast\adv\SopAdver.exe"="C:\Programmi\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programmi\TvAnts\Tvants.exe"="C:\Programmi\TvAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Programmi\Mozilla Firefox\firefox.exe"="C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Programmi\Mozilla Thunderbird\thunderbird.exe"="C:\Programmi\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Programmi\Vsk5Online\Vsk5Online.exe"="C:\Programmi\Vsk5Online\Vsk5Online.exe:*:Enabled:Vsk5Online"
"C:\Programmi\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Programmi\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"E:\Program Files\itunes\iTunes.exe"="E:\Program Files\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programmi\Skype\Phone\Skype.exe"="C:\Programmi\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Programmi\Bonjour\mDNSResponder.exe"="C:\Programmi\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Programmi\Ubisoft\Chessmaster 10th Edition Demo\game.exe"="C:\Programmi\Ubisoft\Chessmaster 10th Edition Demo\game.exe:*:Disabled:Chessmaster 10th Edition"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-05-31 09:39:32 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Malwarebytes
2009-05-31 09:39:26 ----D---- C:\Programmi\Malwarebytes' Anti-Malware
2009-05-31 09:39:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2009-05-31 09:37:10 ----SHD---- C:\Config.Msi
2009-05-31 09:35:18 ----D---- C:\Programmi\NOS
2009-05-31 09:35:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\NOS
2009-05-31 09:34:30 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-30 17:04:54 ----A---- C:\WINDOWS\resetlog.txt
2009-05-30 17:04:19 ----D---- C:\ERDNT
2009-05-30 08:15:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-30 01:31:05 ----SHD---- C:\RECYCLER
2009-05-30 01:07:38 ----D---- C:\rsit
2009-05-30 01:07:38 ----D---- C:\Programmi\trend micro
2009-05-30 00:57:41 ----D---- C:\WINDOWS\temp
2009-05-30 00:57:36 ----A---- C:\ComboFix.txt
2009-05-30 00:42:45 ----A---- C:\Boot.bak
2009-05-30 00:42:42 ----RASHD---- C:\cmdcons
2009-05-30 00:40:47 ----D---- C:\WINDOWS\ERDNT
2009-05-29 23:18:38 ----D---- C:\Programmi\Panda Security
2009-05-18 21:53:19 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-05-18 21:53:05 ----D---- C:\Programmi\iPod
2009-05-18 21:37:43 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Apple Computer
2009-05-18 21:37:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-18 21:36:55 ----D---- C:\Programmi\Bonjour
2009-05-18 21:36:21 ----D---- C:\Programmi\QuickTime
2009-05-18 21:36:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-05-18 21:36:08 ----D---- C:\Programmi\Apple Software Update
2009-05-18 21:36:02 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-18 21:35:54 ----D---- C:\Programmi\File comuni\Apple
2009-05-18 21:35:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-04-23 22:57:13 ----D---- C:\Programmi\File comuni\Skype
2009-04-15 11:34:10 ----SHD---- C:\WINDOWS\ftpcache
2009-04-05 15:21:45 ----D---- C:\Programmi\Maxis
2009-03-23 22:34:06 ----D---- C:\Programmi\File comuni\xing shared

======List of files/folders modified in the last 3 months======

2009-05-31 12:47:32 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\uTorrent
2009-05-31 12:47:30 ----D---- C:\Programmi\Wanadoo
2009-05-31 12:46:37 ----D---- C:\WINDOWS\Prefetch
2009-05-31 12:44:45 ----D---- C:\WINDOWS\system32\drivers
2009-05-31 12:44:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-31 12:29:53 ----D---- C:\Programmi\Mozilla Firefox
2009-05-31 12:29:30 ----D---- C:\Programmi\Mozilla Thunderbird
2009-05-31 09:39:26 ----RD---- C:\Programmi
2009-05-31 09:38:26 ----SHD---- C:\WINDOWS\Installer
2009-05-31 09:38:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Adobe
2009-05-31 09:38:01 ----D---- C:\Programmi\File comuni\Adobe
2009-05-31 09:37:42 ----D---- C:\Programmi\Adobe
2009-05-31 09:37:37 ----D---- C:\WINDOWS\WinSxS
2009-05-31 09:36:47 ----D---- C:\WINDOWS\system32
2009-05-31 09:34:19 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-31 09:34:19 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-31 09:34:19 ----A---- C:\WINDOWS\system32\java.exe
2009-05-31 09:34:16 ----D---- C:\Programmi\Java
2009-05-30 17:08:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-30 17:04:54 ----D---- C:\WINDOWS
2009-05-30 12:45:03 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-30 12:04:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-30 09:41:58 ----RASH---- C:\boot.ini
2009-05-30 09:41:58 ----A---- C:\WINDOWS\win.ini
2009-05-30 09:41:58 ----A---- C:\WINDOWS\system.ini
2009-05-30 08:42:41 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Skype
2009-05-30 08:42:07 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\skypePM
2009-05-30 08:09:06 ----D---- C:\Programmi\Conduit
2009-05-30 01:36:10 ----HD---- C:\WINDOWS\inf
2009-05-30 01:06:36 ----SHD---- C:\System Volume Information
2009-05-30 01:06:36 ----D---- C:\WINDOWS\system32\Restore
2009-05-30 00:53:22 ----D---- C:\WINDOWS\AppPatch
2009-05-30 00:53:20 ----D---- C:\Programmi\File comuni
2009-05-29 15:09:07 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\OpenOffice.org2
2009-05-27 14:11:06 ----HD---- C:\$AVG8.VAULT$
2009-05-27 11:17:16 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\dvdcss
2009-05-24 21:01:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-05-20 15:41:06 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\temp
2009-05-20 09:43:44 ----D---- C:\Programmi\eMule
2009-05-18 21:53:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-18 21:36:10 ----SD---- C:\WINDOWS\Tasks
2009-05-13 20:20:12 ----D---- C:\Programmi\TvAnts
2009-05-13 13:15:12 ----A---- C:\WINDOWS\CSTBox.INI
2009-05-13 13:14:49 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Canon
2009-05-13 12:50:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\DVD Shrink
2009-05-13 11:58:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Ahead
2009-05-13 11:57:36 ----D---- C:\Documents and Settings\Chefs deTribu BH\Dati applicazioni\Ahead
2009-04-23 22:57:14 ----RD---- C:\Programmi\Skype
2009-04-23 22:57:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Skype
2009-04-05 15:31:19 ----HD---- C:\Programmi\InstallShield Installation Information
2009-03-29 10:29:07 ----D---- C:\Programmi\EA SPORTS
2009-03-29 10:28:24 ----D---- C:\Programmi\Tourisma2008
2009-03-29 10:26:10 ----RD---- C:\Program Files
2009-03-29 10:16:15 ----D---- C:\Programmi\Football Superstars
2009-03-29 09:10:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-23 22:36:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-23 22:34:00 ----D---- C:\Programmi\File comuni\Real
2009-03-23 22:33:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-03-23 22:33:44 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-03-23 22:33:44 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-03-23 22:33:40 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-23 22:33:40 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-23 22:33:39 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-03-23 22:32:03 ----D---- C:\Programmi\Google
2009-03-17 15:46:25 ----A---- C:\WINDOWS\MyHeritage.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-30 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-30 108552]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
R3 camfilt2;camfilt2; C:\WINDOWS\System32\Drivers\camfilt2.sys [2007-05-29 94208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-13 3934592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-16 9602944]
R3 usbaudio;Driver audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Driver Miniport controller enhanced host USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-09-07 26624]
R3 usbhub;Hub abilitato USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-07 57600]
R3 usbohci;Driver miniport per controller open host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-09-07 17024]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-13 93440]
S3 CCDECODE;Decoder sottotitoli codificati; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
S3 MSTEE;Convertitore a T/Sito a sito per flusso Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connesione TV/Video Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-26 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbscan;Driver scanner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;Periferica video USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;Codec World Standard Teletext; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-21 102400]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-05-30 908568]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-05-30 298776]
R2 Bonjour Service;Service Bonjour; C:\Programmi\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 InCDsrv;InCD Helper; C:\Programmi\Ahead\InCD\InCDsrv.exe [2004-09-13 1192050]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmi\Java\jre6\bin\jqs.exe [2009-05-31 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-13 155715]
S2 gupdate1c9abf661f64c10;Service Google Update (gupdate1c9abf661f64c10); C:\Programmi\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-21 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-06 654848]
S3 gusvc;Google Updater Service; C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 iPod Service;Service de l’iPod; C:\Programmi\iPod\bin\iPodService.exe [2009-04-02 656168]

-----------------EOF-----------------
0
Réponse 17 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
31 mai 2009 à 12:58
- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le Bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
0
Réponse 18 / 26
tombu
31 mai 2009 à 13:01
voici le rapport HijackThis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:03, on 31/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~2\AVG\AVG8\avgrsx.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\PROGRA~2\AVG\AVG8\avgnsx.exe
C:\PROGRA~2\Wanadoo\TaskBarIcon.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Wanadoo\GestionnaireInternet.exe
C:\Programmi\Wanadoo\ComComp.exe
C:\PROGRA~2\Wanadoo\Toaster.exe
C:\PROGRA~2\Wanadoo\Inactivity.exe
C:\PROGRA~2\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Programmi\Wanadoo\Watch.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberation.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~2\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~2\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~2\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~2\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Programmi\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Programmi\KeyScrambler\getting_started.html (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1c9abf661f64c10) (gupdate1c9abf661f64c10) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 19 / 26
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
31 mai 2009 à 13:04
---> Mets à jour Internet Explorer.

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

---> Télécharge OTM (OldTimer) sur ton Bureau.

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 20 / 26
tombu
31 mai 2009 à 13:25
je ne pense pas avoir mis à jour IE car j'ai un message qui me dit que l'installation ne prend pas en charge la langue de mon système d'exploitation (NDLR : qui est en italien).
je continue qd même la procédure comme indiqué dans ton précédent mail ???
0

Discussions similaires

"Nous n'avons pas pu nous connecter à ce réseau"
Aurore_1606 -
Damiennn -

25 réponses
Connaitre la date d'une photo.
Lilouu.UK -
o -

18 réponses
Message : votre iPhone a été piraté. Que faire ?
Paqi5241 -
LeRoiBerny -

12 réponses
"Votre colis n'a pas pu vous être remis"
KlyWirtz -
contrariness -

11 réponses