Bonjour, Je viens d,être infecté par le virus trojanSPM XL, et cela m'empêche d'effectuer une tonne de truc sur mon ordi sauf lorsque je suis en mode sans echec. j'ai réussi à scanner mon ordi avec AVG antivirus seulement en mode sans echec.. puisqu'en mode normal il y a un message d'erreur qui dit que AVG est infecté... j'ai le rapport du scan, mais je ne m'y connais vraiment pas en informatique, est ce que quelqu'un pourrait m'aider?? En passant j'ai fait le scan une première fois en mode sans echec et sa disait 38 fichier infecté et suprimés, mais lorsque je suis redevenu en mode normal s,étais toujours comme avant avec plein de messages d,erreur disant que mon ordi est infecté. je suis donc retourné en mode sans echec et jai réffectué le scan et voici le rapport MERCI JO voilà le rapport: VG 8.5 Anti-Virus command line scanner Copyright (c) 1992 - 2009 AVG Technologies Program version 8.0.354, engine 8.0.372 Virus Database: Version 270.12.69/2176 2009-06-14 C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Locked file. Not tested. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested. C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\User\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\User\ntuser.dat.LOG Locked file. Not tested. C:\pagefile.sys Locked file. Not tested. C:\System Volume Information\ Locked file. Not tested. C:\WINDOWS\system32\config\default Locked file. Not tested. C:\WINDOWS\system32\config\default.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SAM Locked file. Not tested. C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested. C:\WINDOWS\system32\config\SECURITY Locked file. Not tested. C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested. C:\WINDOWS\system32\config\software Locked file. Not tested. C:\WINDOWS\system32\config\software.LOG Locked file. Not tested. C:\WINDOWS\system32\config\system Locked file. Not tested. C:\WINDOWS\system32\config\system.LOG Locked file. Not tested. C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested. ------------------------------------------------------------ Objects scanned : 228781 Found infections : 0 Found PUPs : 0 Healed infections : 0 Healed PUPs : 0 Warnings : 0 ------------------------------------------------------------ p.s je ne peux plus voir l'ancien scan qui nommait plusieurs fichier infecté par trojan spm xl..

Hello jo et Rolly 41, Nous sommes sur le forum virus/sécurité: ici le formatage est le dernier recours. Jo, nous allons essayer ensemble de supprimer tes infections, afin de faire un diagnostic: - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau. - Double-clique sur RSIT.exe afin de lancer le programme. - Clique sur Continue à l'écran Disclaimer. -Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches) dans deux messages différents.

Mon ordi à été infecté par le virus TrojanSpm

Réponse 41 / 90

Jomamoto125

la question voulez vous corriger le fichier ne ma pas été posé et l'ordi na pas redémarrée.. es ce normal?

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Oui, c'est normal.

*Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

*Télécharge OTM (OldTimer) sur ton Bureau :

*Double-clique sur OTM.exe afin de le lancer.

* Copie (Ctrl+C) le texte en gras ci-dessous :

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"13485784"="C:\\Documents and Settings\\All Users\\Application Data\\13485784\\13485784.exe"

[HKEY_USERS\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
"c"="13485784.exe"

[HKEY_USERS\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\All Users\\Application Data\\13485784\\13485784.exe"="13485784"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avpa]
"command"="C:\\WINDOWS\\system32\\avpo.exe"

:files
c:\Documents and Settings\All Users\Application Data\13485784\13485784.exe

:commands
[purity]
[emptytemp]
[reboot]

*Colle (Ctrl+V) le texte précédemment copié dans le cadre "Paste Instructions for Items to be Moved".

*Clique maintenant sur le bouton "MoveIt"! puis ferme OTMoveIt3.

*Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

*Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Réponse 42 / 90

Jomamoto125

Voilà:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"13485784"|"C:\\Documents and Settings\\All Users\\Application Data\\13485784\\13485784.exe" /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\\"c"|"13485784.exe" /E!
Unable to set value : HKEY_USERS\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\"C:\\Documents and Settings\\All Users\\Application Data\\13485784\\13485784.exe"|"13485784" /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avpa\\"command"|"C:\\WINDOWS\\system32\\avpo.exe" /E : value set successfully!
========== FILES ==========
c:\Documents and Settings\All Users\Application Data\13485784\13485784.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6698515 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 230736 bytes
->Temporary Internet Files folder emptied: 2533919 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP folder deleted successfully.
%systemroot% .tmp files removed: 2150906 bytes
%systemroot%\System32 .tmp files removed: 48612881 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 3562440 bytes

Total Files Cleaned = 60.96 mb

OTM by OldTimer - Version 3.0.0.4 log created on 07122009_171129

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

1/

Suis ces instructions, pour installer et exécuter ccleaner.

En résumé:
Ne pas installer le yahoo toolbar.

Il faut cocher ces deux cases avant le nettoyage:
* clique sur "Options", "Avancé" et décoche la case: "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".

*Dans Nettoyeur/Windows /avancé il faut cocher la case vieilles données du prefetch.

Et fais ensuite ces deux procédures:
1/Nettoyage classique
2/Recherche des erreurs .--> Tu peux effectuer 3 fois la recherche des erreurs de registre.(en n'oubliant pas à chaque fois comme proposé de faire une sauvegarde dans mes documents)

CCleaner ne génère pas de rapports: ne perd pas ton temps à en chercher un. :)

2/

Tu n'arrives toujours pas à démarre en mode normal?
F8 au démarrage, sélectionne mode normal et valide.

3/
Après avoir exécuté Ccleaner, lance RSIT.exe qui est sur ton bureau, et poste moi le rapport "Log.txt".

rolly41 Messages postés 281 Statut Membre 1 > Trying2 Messages postés 7751 Statut Contributeur sécurité

tu a l'aire de bien connaitre l'informatique, moi j'ai un problemme:

Mon pc est sous le windows 7 et il met impossible d'instaler le windows xp car le windows 7 bloc le cd du windows xp et meme en modifient le bios il met impossible de démarer mon pc par le cd allor je voudrais savoir si tu n'a pas une solution pour que je sache instaler mon windows xp?

voila.

Merci d'avance.

Réponse 43 / 90

jomamoto125

Lorsque windows a ouvert en mode normal il y a eu un message d,erreur qui était déjà arrivé sa dit quelquechose comme: error in c: windows/system32\spool\drivers\w32x86\3\xcjtime.dll missing entry:runDLLentry est ce que sa se répare ca ?

Voila le rapport log .txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-07-12 17:52:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 86 GB (75%) free of 114 GB
Total RAM: 2038 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:15, on 7/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [13485784] C:\Documents and Settings\All Users\Application Data\13485784\13485784.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: www.registrefoncier.gouv.qc.ca
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPCViewAX/CpcViewAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/ActiveCGM/Acgm.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1390F1B6-5A7D-4034-B740-3C893A610B40}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B8AD2D0-F900-44ED-A990-6EE24F250B2F}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{1390F1B6-5A7D-4034-B740-3C893A610B40}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{1390F1B6-5A7D-4034-B740-3C893A610B40}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{1390F1B6-5A7D-4034-B740-3C893A610B40}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CS4\Services\Tcpip\..\{1390F1B6-5A7D-4034-B740-3C893A610B40}: NameServer = 85.255.112.229,85.255.112.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.229,85.255.112.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

k.laanait Messages postés 40 Statut Membre

ta perdu bcp de temps;

ecoute ta un CD windows .
installez sur votre pc sans rein changer au format
apres la fin de linstallation install 1er chose un antivirus (avast pro) qui va anlyse tt le pc > ensuite copier vous fichier et dossier desire dans une cle usb....

>2eme format tt le pc.

> je tu jure que je fait la meme chose avec le pc d'une adminisration de departement de la ministre de l'interiruer.

bonne chance amie

Réponse 44 / 90

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Télécharge WareOut Removal Tool (par dj QUIOU & la team sécurité MH) .

Installe le.

Ensuite redémarre en mode sans échec:

Redémarre l’ordinateur.

Dès le chargement du BIOS, commence à appuyer sur la touche F8 de ton clavier. Procède ainsi jusqu'à ce que le menu des options avancées de Windows apparaisse.
(Si tu commences à appuyer sur la touche F8 trop tôt, il est possible que ton ordinateur affiche
le message "erreur clavier". Si ceci se produit, redémarre l'ordinateur et essaye de nouveau).

Dans le menu d'options avancées de Windows, sélectionne Mode sans échec si cette option n'est pas sélectionnée.
(Utilise les touches fléchées (flèches de direction) pour sélectionner l'option)

Appuie sur Entrée.
Windows démarre en mode sans échec. (Ceci peut prendre quelques minutes.)

Lance le fichier WareOut_Removal_Tool.bat qui se trouve sur ton bureau et choisis l'option n°1

Patiente (une à deux minutes maximum) pendant que le programme sauvegarde le registre

Lis bien attentivement les instructions qui te seront données.

A la fin de l'analyse, un rapport (WORT_report.txt ) va s'ouvrir, poste le moi .

Réponse 45 / 90

jomamoto125

Voilà

===== Rapport WareOut Removal Tool =====

version 3.2

analyse effectuée le Sun 07/12/2009 à 19:33:04.14

Résultats de l'analyse :
========================

~~~~ Recherche d'infections dans C:\ ~~~~

C:\autorun.inf trouvé!
C:\autorun.inf suppression impossible

~~~~ Recherche d'infections dans C:\Program Files\ ~~~~

~~~~ Recherche d'infections dans C:\WINDOWS\system\ ~~~~

~~~~ Recherche d'infections dans C:\WINDOWS\system32\ ~~~~

~~~~ Recherche d'infections dans C:\WINDOWS\system32\drivers\ ~~~~

~~~~ Recherche d'infections dans C:\Documents and Settings\User\Application Data\ ~~~~

~~~~ Recherche d'infections dans C:\Documents and Settings\User\Bureau\ ~~~~

~~~~ Recherche de détournement de DNS ~~~~

~~~~ Recherche du Rootkit kd???.exe ~~~~

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ

~~~~ Recherche d'infections dans C:\DOCUME~1\User\LOCALS~1\Temp\ ~~~~

~~~~ Recherche d'infections dans C:\Documents and Settings\User\Start Menu\Programs\ ~~~~

~~~~ Nettoyage du registre ~~~~

~~~~ Tentative de réparation des entrées suivantes: ~~~~

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

[HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

~~~~ Vérification: ~~~~

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ

_________________________________

développé par http://pc-system.fr
_________________________________

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

On va réessayer MBAM:

Télécharge Malwarebytes' Anti-Malware (MBAM)

* Fais un clic droit sur le fichier téléchargé (mbam-setup.exe) et choisi"exécuter en tant qu'administrateur" pour lancer le processus d'installation.
* Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'install', alors télécharge le ici : COMCTL32.OCX
* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
* Sélectionne "Exécuter un examen rapide"
* Clique sur "Rechercher"
* L'analyse démarre, le scan est relativement long, c'est normal.
* A la fin de l'analyse, un message s'affiche :

"L'examen s'est terminé normalement. "

Clique sur "Afficher les résultats" pour afficher tous les objets trouvés.

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs. (Internet Explorer/ Firefox...)
* Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Réponse 46 / 90

jomamoto125

je n'arrive pas a installer mbam, mon ordi est en englais donc est ce que c,est bel et bien cliquer a droit et run as...?? je l'ai fait je réussi a démarrer l'installation c'est long et dès que c'est terminer je double clique sur malware... et rien ne se passe comme si le programme ne démarre pas... je ne sais plus trop quoi faire...

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Donc tu me dis que le logiciel s'installe "normalement", mais qu'ensuite, il est impossible de le lancer?

Tu as essayé de faire un clic droit sur le raccourci sur le bureau et choisir "run as administrator" pour le lancer?

Tu as essayé en mode sans échec?

Réponse 47 / 90

jomamoto125

oui c,est exact je réussi à l'installer je trouve l'installation longue mais bon .. et lorsque je le lance, rien ne se passe. et j'étais en mode sans echec et sa ne fonctionnait pas, maintenant je l'ai essayé en mode normal et sa ne fonctionne toujours pas....

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Il y a quelque chose qui m'échappe...

Télécharge OTL de OLDTimer et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases "Lop" et "Purity".

Coche la case devant "scan all users".

Clic sur "Run Scan".

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

NE LE POSTE PAS SUR LE FORUM (car ce rapport est très long).

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier "OTL.txt"
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".

Patiente un peu, un lien va être créé: Copie/colle ce lien dans ta prochaine réponse.

Réponse 48 / 90

jomamoto125

ok voila le lien,

mais es ce que sa pourrait avoir un rapport avec le message derreur que je t'ai parlé un peu plus tot sur les missing entry dll...?

http://www.cijoint.fr/cjlink.php?file=cj200907/cijWgYo2E7.txt

Réponse 49 / 90

jomamoto125

mon ordi a planté et dès que jai redémaré, jai un Resident shield alert multiple threat detection:

"C:\WINDOWS\system32\SKYNETijnklvdh.dll";"Virus identified Packed.Monder";"Infected"
"C:\WINDOWS\system32\SKYNETijnklvdh.dll";"Virus identified Packed.Monder";"Infected"
"C:\WINDOWS\system32\SKYNETijnklvdh.dll";"Virus identified Packed.Monder";"Infected"
et je ne peut pas les suprimer..?

cest un message d'allerte d'avg...

Réponse 50 / 90

jomamoto125

lorsque je fais remove sa dit specified files was not found donc ca pourrait être un vieux message que je ne dois plus tenir compte??

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

* Télécharge Lop S&D d'Angeldark et Eric71 sur ton Bureau,

* Double-clique sur Lop S&D.exe pour lancer l'installation,

* Puis double-clique sur le raccourci Lop S&D présent sur le Bureau,

Attention Désactive tes protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

* Séléctionne la langue souhaitée , puis choisi l'Option 1 (Recherche)

* Le scan prend moins d'une minute,

* A l'issue du scan, le bloc notes va s'ouvrir avec le résultat de la recherche,

* il sera sauvegardé automatiquement à la racine de la partition système : C:\LopR.txt

*Poste le moi dans ta prochaine réponse

Réponse 51 / 90

jomamoto125

voila

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2400 @ 1.83GHz )
BIOS : Ver 1.00PARTTBL
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 15.0.0.60 (Activated)
Firewall : Norton Internet Security 15.0.0.60 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:83 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 07/12/2009|22:11 )

--------------------\\ Listing des dossiers dans APPLIC~1

[12/26/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[07/12/2009|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\13485784
[06/06/2009|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/26/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/26/2008|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/09/2009|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
[07/09/2009|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[07/02/2009|13:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[01/17/2009|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[02/16/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[07/11/2009|17:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/19/2008|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/22/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
[02/16/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[02/16/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[03/26/2008|08:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[07/07/2009|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
[07/12/2009|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[02/15/2008|00:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[07/03/2009|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[02/17/2008|03:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/10/2007|18:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[07/09/2009|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/16/2008|06:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[07/09/2009|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[06/06/2009|12:48] C:\DOCUME~1\User\APPLIC~1\Adobe
[03/15/2009|19:00] C:\DOCUME~1\User\APPLIC~1\Apple Computer
[07/02/2009|13:04] C:\DOCUME~1\User\APPLIC~1\AVS4YOU
[06/06/2009|12:51] C:\DOCUME~1\User\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[05/10/2009|16:36] C:\DOCUME~1\User\APPLIC~1\Druide
[02/14/2008|23:39] C:\DOCUME~1\User\APPLIC~1\Google
[03/09/2009|18:25] C:\DOCUME~1\User\APPLIC~1\Help
[08/10/2007|18:55] C:\DOCUME~1\User\APPLIC~1\Identities
[03/21/2008|03:57] C:\DOCUME~1\User\APPLIC~1\InstallShield
[01/06/2009|20:04] C:\DOCUME~1\User\APPLIC~1\Leadertech
[07/06/2009|20:53] C:\DOCUME~1\User\APPLIC~1\LimeWire
[02/14/2008|23:39] C:\DOCUME~1\User\APPLIC~1\Macromedia
[09/25/2008|08:47] C:\DOCUME~1\User\APPLIC~1\Media Player Classic
[07/09/2009|17:36] C:\DOCUME~1\User\APPLIC~1\Microsoft
[02/16/2008|06:28] C:\DOCUME~1\User\APPLIC~1\Research In Motion
[02/16/2008|06:32] C:\DOCUME~1\User\APPLIC~1\Roxio
[11/19/2008|16:15] C:\DOCUME~1\User\APPLIC~1\SanDisk
[03/26/2008|09:04] C:\DOCUME~1\User\APPLIC~1\Sony Corporation
[03/21/2008|04:12] C:\DOCUME~1\User\APPLIC~1\Sun
[07/07/2009|16:40] C:\DOCUME~1\User\APPLIC~1\Symantec
[07/06/2009|22:27] C:\DOCUME~1\User\APPLIC~1\uTorrent

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/12/2009 22:00][--ah-----] C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[12/26/2008 16:58][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/31/2008 20:53][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[07/12/2009 21:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/06/2009|12:48] C:\Program Files\Adobe
[07/10/2009|00:45] C:\Program Files\Ad-remover
[03/11/2008|23:17] C:\Program Files\Alcohol Soft
[11/24/2008|11:29] C:\Program Files\Alwil Software
[12/26/2008|16:58] C:\Program Files\Apple Software Update
[07/09/2009|17:36] C:\Program Files\AVG
[07/05/2009|11:54] C:\Program Files\AVS4YOU
[07/11/2009|16:39] C:\Program Files\Bonjour
[07/12/2009|17:37] C:\Program Files\CCleaner
[07/12/2009|21:51] C:\Program Files\Common Files
[08/10/2007|18:48] C:\Program Files\ComPlus Applications
[08/10/2007|19:15] C:\Program Files\CONEXANT
[03/23/2008|14:14] C:\Program Files\Disney Interactive
[05/10/2009|16:52] C:\Program Files\Druide
[07/03/2009|17:20] C:\Program Files\DVDTool
[04/10/2009|09:50] C:\Program Files\Fun Web Products
[01/11/2009|18:04] C:\Program Files\FunWebProducts
[01/17/2009|17:03] C:\Program Files\Google
[08/10/2007|19:12] C:\Program Files\Hewlett-Packard
[01/07/2009|16:21] C:\Program Files\hilopoker
[08/10/2007|19:13] C:\Program Files\HP Analog TV Tuner
[08/10/2007|19:15] C:\Program Files\HP DVB-T TV Tuner
[08/10/2007|19:12] C:\Program Files\HPQ
[03/23/2008|14:16] C:\Program Files\Infogrames
[09/22/2008|10:24] C:\Program Files\InstallShield Installation Information
[08/10/2007|16:21] C:\Program Files\Intel
[06/13/2009|15:50] C:\Program Files\Internet Explorer
[12/26/2008|16:59] C:\Program Files\iPod
[12/26/2008|16:59] C:\Program Files\iTunes
[02/14/2008|21:46] C:\Program Files\Java
[09/22/2008|13:56] C:\Program Files\Lexmark 8300 Series
[09/22/2008|10:23] C:\Program Files\Lexmark Applications
[02/16/2008|01:13] C:\Program Files\LimeWire
[06/29/2009|16:51] C:\Program Files\Lx_cats
[07/05/2009|20:19] C:\Program Files\MagicISO
[07/12/2009|21:36] C:\Program Files\Malwarebytes' Anti-Malware
[08/16/2008|12:23] C:\Program Files\Messenger
[03/27/2008|20:43] C:\Program Files\Microsoft ActiveSync
[08/10/2007|18:51] C:\Program Files\microsoft frontpage
[03/27/2008|20:43] C:\Program Files\Microsoft Office
[03/27/2008|20:44] C:\Program Files\Microsoft.NET
[08/10/2007|18:49] C:\Program Files\Movie Maker
[08/10/2007|18:47] C:\Program Files\MSN
[08/10/2007|18:48] C:\Program Files\MSN Gaming Zone
[02/17/2008|06:41] C:\Program Files\MSXML 4.0
[02/17/2008|06:42] C:\Program Files\MSXML 6.0
[01/11/2009|14:32] C:\Program Files\MyWebSearch
[08/10/2007|18:49] C:\Program Files\NetMeeting
[08/10/2007|19:14] C:\Program Files\NetWaiting
[07/05/2009|11:54] C:\Program Files\Nitto 1320 Legends
[07/07/2009|18:38] C:\Program Files\Norton Internet Security
[03/22/2008|15:37] C:\Program Files\NVIDIA Corporation
[08/10/2007|18:48] C:\Program Files\Online Services
[01/17/2008|16:47] C:\Program Files\Outlook Express
[03/09/2009|18:19] C:\Program Files\Plus!
[12/26/2008|16:58] C:\Program Files\QuickTime
[02/16/2008|06:20] C:\Program Files\Research In Motion
[02/16/2008|06:25] C:\Program Files\Roxio
[10/03/2008|13:51] C:\Program Files\Sierra
[03/26/2008|09:01] C:\Program Files\Sony
[03/26/2008|09:01] C:\Program Files\Sony Corporation
[08/10/2007|16:24] C:\Program Files\SP35887
[05/10/2009|16:51] C:\Program Files\StarOffice
[07/07/2009|17:40] C:\Program Files\Symantec
[08/10/2007|19:16] C:\Program Files\Synaptics
[08/10/2007|19:14] C:\Program Files\Texas Instruments Inc
[07/12/2009|17:52] C:\Program Files\trend micro
[07/03/2009|17:08] C:\Program Files\Ultra PSP Movie Converter
[08/10/2007|18:55] C:\Program Files\Uninstall Information
[11/24/2008|10:40] C:\Program Files\uTorrent
[01/17/2008|14:39] C:\Program Files\WIDCOMM
[07/05/2009|12:00] C:\Program Files\Winamp
[02/17/2008|03:10] C:\Program Files\Windows Live
[02/15/2008|00:34] C:\Program Files\Windows Media Connect 2
[03/23/2008|14:14] C:\Program Files\Windows Media Player
[08/10/2007|18:47] C:\Program Files\Windows NT
[07/07/2009|16:39] C:\Program Files\Windows Sidebar
[08/10/2007|18:50] C:\Program Files\WindowsUpdate
[07/03/2009|00:23] C:\Program Files\WinZip
[08/10/2007|18:51] C:\Program Files\xerox
[07/03/2009|00:33] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[06/06/2009|12:47] C:\Program Files\Common Files\Adobe
[06/06/2009|12:48] C:\Program Files\Common Files\Adobe AIR
[12/26/2008|16:59] C:\Program Files\Common Files\Apple
[07/05/2009|11:54] C:\Program Files\Common Files\AVSMedia
[03/27/2008|20:43] C:\Program Files\Common Files\DESIGNER
[02/16/2008|06:24] C:\Program Files\Common Files\InstallShield
[02/14/2008|21:44] C:\Program Files\Common Files\Java
[07/02/2009|13:03] C:\Program Files\Common Files\Microsoft Shared
[08/10/2007|18:49] C:\Program Files\Common Files\MSSoap
[08/10/2007|11:43] C:\Program Files\Common Files\ODBC
[01/17/2009|18:19] C:\Program Files\Common Files\Research In Motion
[02/16/2008|06:25] C:\Program Files\Common Files\Roxio Shared
[08/10/2007|18:49] C:\Program Files\Common Files\Services
[02/16/2008|06:26] C:\Program Files\Common Files\Sonic Shared
[03/26/2008|09:01] C:\Program Files\Common Files\Sony Shared
[08/10/2007|11:43] C:\Program Files\Common Files\SpeechEngines
[07/12/2009|22:10] C:\Program Files\Common Files\Symantec Shared
[03/27/2008|20:43] C:\Program Files\Common Files\System
[02/17/2008|03:10] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 63 Processes )

iexplore.exe ~ [PID:2664]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 22:12:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:18][D:4]-> C:\DOCUME~1\User\LOCALS~1\Temp
[F:31][D:0]-> C:\DOCUME~1\User\Cookies
[F:554][D:7]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 07/12/2009|22:13 - Option : [1]

--------------------\\ Fin du rapport a 22:13:05

Réponse 52 / 90

jomamoto125

je ne sais pas pourquoi mais malware a decider de fonctionner je vais donc faire le scan et tenvoyer le tout

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Super, ça m'arrange, car pour être sincère il y a un outil que je ne souhaite pas te faire utiliser pour certaines raisons, et je commençais à te faire faire n'importe quoi...

Aux autres qui passeront dans le coin et me liront: ma boîte mp est ouverte...

Réponse 53 / 90

jomamoto125

hehe secret professionnel j'imagine... bon maintenant je t'envoi le scan de malware...
le voici:

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2413
Windows 5.1.2600 Service Pack 2

7/12/2009 10:25:47 PM
mbam-log-2009-07-12 (22-25-47).txt

Type de recherche: Examen rapide
Eléments examinés: 88581
Temps écoulé: 5 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 112

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-46d8-afe6-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5f43bef-ce2f-afe6-46d8-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5f43bef-ce2f-46d8-afe6-a647bacd1f09} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13485784 (Rogue.Multiple) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\User\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\internet explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0000D66A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0000E09C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0002BBA5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0002BC60.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0002BD0C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0002BDC8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0010596C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00105B12 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00105B8F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00105BED.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00105C7A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00105D06.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00917B1A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\User\start menu\Programs\DVDTool\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\DVDTool\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETlrswijkd.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETuwpuhrmo.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Réponse 54 / 90

jomamoto125

Par contre dès que je redémarre mon ordi, il y a toujours le message d'erreur qui dit: error in c: windows/system32\spool\drivers\w32x86\3\xcjtime.dll missing entry:runDLLentry
es ce que sa va toujours rester la?

Réponse 55 / 90

jomamoto125

Es ce que je peux utiliser ce lien pour régler le problème??

http://windows-system32.com/?gclid=CPLc5__S0ZsCFeFM5QodrlIJKQ

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

es ce que sa va toujours rester la?

Non, ce problème est mineur.
Je te garantie qu'on va le résoudre ensemble, sois un peu patient.

Tu avais bien redémarrer ton pc après l'utilisation d'MBAM?

Réponse 56 / 90

jomamoto125

ok, et je me demandais est ce que le processus de désinfection de mon ordinateur achève? parce que mon ordi semble aller mieux, mais je sais que tu ma dit que le processus est long mais j'aimerais savoir jusqu'à quel point, donc ,reste t-il beaucoup d,étapes?

juste par curiosité, :P

merci encore pour l'aide c,est vraiment apprécié

jo

Réponse 57 / 90

jomamoto125

et oui il me semble que je l'avais bien redémarer après le scan si je ne me trompe pas je n,avais pas le choix de la redémarrer..

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Oki,

Je suis en train de te préparer une "étape", si celle ci se déroule convenablement, je te ferai ensuite faire un scan un ligne: comme ce scan dure assez longtemps, essaie de me prévenir avant d'aller te coucher, je te donnerai les instructions et comme ça tu pourras le lancer.

La suite consistera à te faire virer ce qui est inutile sur ton pc, et te donner quelques conseils afin de le sécuriser pour que cela ne se reproduise plus.

Reposte moi un nouveau rapport OTL stp.

Réponse 58 / 90

jomamoto125

parfait donc ça tire à sa fin , je vais aller me coucher bientôt je dors mal depuis quelques jours et je manque de sommeil, j'ai un boulot assez exigent physiquement donc je dois être en forme demain... merci mille fois pour tout ce que tu fais et l'intérêt que tu donne à mon problème d,ordi, c,est quand même drôle je fais réparer mon ordi par quelqu'un de la France ( si je ne me trompe pas) et je suis au Canada (québec) .. hehe

bon voilà le rapport otl je te l'envoi et j,attends tes infos avant d,aller me coucher.

merci encore !!

OTL logfile created on: 7/12/2009 11:01:10 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.54% Memory free
3.84 Gb Paging File | 3.34 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 83.70 Gb Free Space | 74.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-29AC0B4C5F
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/03/23 14:38:38 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2006/08/14 17:39:08 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2006/08/14 17:41:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/08/14 17:38:08 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/06/16 19:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/12/14 07:42:38 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PRC - [2006/01/07 05:36:10 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2007/03/09 14:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/04/10 17:46:52 | 00,709,992 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2005/09/30 10:49:22 | 00,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
PRC - [2005/08/01 08:05:04 | 00,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 8300 Series\ezprint.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/08/23 09:35:32 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/07/09 17:36:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/09 17:36:54 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/16 21:03:25 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/08/16 15:49:52 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/10/18 15:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2006/09/11 08:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/09/10 21:49:18 | 00,439,992 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
PRC - [2005/08/16 15:56:00 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/03/15 18:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009/07/09 17:36:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/09 17:36:56 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/10/24 08:33:04 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
PRC - [2009/04/25 01:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/12/14 07:42:37 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
PRC - [2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/07/12 21:42:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/08/23 09:35:32 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/07/09 17:36:52 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/08/16 15:49:52 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/08/21 20:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2009/04/22 21:11:58 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/03/15 18:28:32 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2004/10/22 07:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/08/23 09:35:24 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Running])
SRV - [2005/10/24 08:33:04 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe -- (lxcj_device [On_Demand | Running])
SRV - [2005/11/24 20:03:22 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/11/24 19:57:44 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2007/07/24 09:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 09:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 12:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 12:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 12:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2005/11/24 19:47:30 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/01/07 01:25:12 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2009/07/07 17:03:57 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/10/18 15:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 19:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2009/07/09 17:37:07 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/09 17:37:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/09 17:37:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/08/16 15:40:48 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/08/16 15:38:22 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2007/08/08 12:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])
DRV - [2005/11/03 11:31:52 | 00,157,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/06/16 12:44:44 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/06/16 12:44:44 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2006/06/02 17:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/22 03:06:16 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/08/22 03:07:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/08/14 19:00:24 | 01,109,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/12 08:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2006/02/14 22:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/06/16 12:44:44 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090712.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/06/16 12:44:44 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090712.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2006/12/11 14:05:26 | 01,711,488 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2005/06/30 15:23:34 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\System32\Drivers\nvport.sys -- (nvport [System | Running])
DRV - [2005/06/13 19:27:56 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/04/28 16:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/05/20 20:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 14:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/03/11 23:10:58 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/07/30 19:43:42 | 00,278,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/07/30 19:43:42 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/07/30 19:43:42 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/02/19 13:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/07/07 17:40:33 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/19 13:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/19 13:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/06/25 01:37:16 | 00,251,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090710.006\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2009/02/19 13:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 13:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/02/19 13:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 13:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2009/02/19 13:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/06/16 18:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/07/06 16:44:10 | 00,168,448 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/04/10 17:46:53 | 01,966,312 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Stopped])
DRV - [2005/08/22 03:06:10 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-573735546-682003330-1004\S-1-5-21-2052111302-573735546-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Afficher Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\..\Toolbar\WebBrowser: (Afficher Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL ()
O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] File not found
O4 - HKLM..\Run: [QlbCtrl] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-2052111302-573735546-682003330-1004..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2052111302-573735546-682003330-1004..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.)
O4 - HKU\S-1-5-21-2052111302-573735546-682003330-1004..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2052111302-573735546-682003330-1004..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2052111302-573735546-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\..Trusted Domains: qc.ca ([www.registrefoncier.gouv] * in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-573735546-682003330-1004\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/CPCViewAX/CpcViewAX.cab (CPC View ax Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/ActiveCGM/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/10 18:51:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/12 19:29:08 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2009/07/12 22:16:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2009/07/12 22:10:21 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/07/12 22:09:59 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\User\Desktop\LopSD.exe
[2009/07/12 21:51:34 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/12 21:42:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/07/12 20:49:52 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\comctl32.ocx
[2009/07/12 19:28:05 | 00,000,000 | ---D | C] -- C:\WORT
[2009/07/12 19:27:42 | 00,000,508 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WareOut Removal Tool.bat
[2009/07/12 19:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\WORT
[2009/07/12 19:24:36 | 01,286,273 | ---- | C] () -- C:\Documents and Settings\User\Desktop\WORT.exe
[2009/07/12 17:37:57 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/07/12 17:37:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/12 17:36:03 | 03,252,640 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup221.exe
[2009/07/12 17:10:55 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/07/12 17:09:57 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTM.exe
[2009/07/12 15:49:53 | 00,152,934 | ---- | C] (changelog.fr ) -- C:\Documents and Settings\User\Desktop\OAD.exe
[2009/07/12 15:48:57 | 00,252,928 | ---- | C] (S!Ri.URZ) -- C:\Documents and Settings\User\Desktop\RHosts.exe
[2009/07/12 15:44:34 | 00,005,658 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/12 15:43:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\SmitfraudFix
[2009/07/12 15:43:38 | 01,885,088 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SmitfraudFix.exe
[2009/07/11 17:11:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 17:11:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 17:10:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 17:10:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/11 16:08:04 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2009/07/11 15:58:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/10 22:54:58 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/07/10 20:16:35 | 00,001,388 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FindyKill.lnk
[2009/07/10 20:16:32 | 00,000,000 | ---D | C] -- C:\FindyKill
[2009/07/10 20:15:47 | 01,457,631 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FindyKill.exe
[2009/07/09 23:41:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Ad-remover.lnk
[2009/07/09 23:41:42 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/07/09 23:18:44 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/07/09 23:18:43 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/09 23:17:58 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RSIT.exe
[2009/07/09 21:56:12 | 03,053,617 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2009/07/09 17:42:42 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/09 17:37:08 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/09 17:37:07 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/09 17:37:07 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/09 17:37:07 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/09 17:37:06 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/09 17:37:04 | 38,089,105 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/09 17:37:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/09 17:37:04 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/09 17:37:04 | 00,025,283 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/09 17:37:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/09 17:37:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/09 17:36:52 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/09 17:36:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/09 17:07:11 | 66,216,864 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\User\Desktop\avg_free_stf_en_85_374a15645.exe
[2009/07/07 21:56:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13485784
[2009/07/07 16:50:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/07/07 16:40:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Symantec
[2009/07/07 16:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/07/07 16:39:06 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/07/07 16:38:28 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/07 16:38:28 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/07 16:38:28 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/07 16:38:28 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/07 16:38:22 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/07/07 16:38:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/07/07 16:36:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/07/06 16:19:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\jo psp
[2009/07/05 20:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/07/03 18:04:53 | 00,000,000 | ---D | C] -- C:\psp_video
[2009/07/03 17:58:27 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\User\Desktop\music shop confirmation.doc
[2009/07/03 17:08:31 | 00,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\WINDOWS\System32\GplMpgDec.ax
[2009/07/03 17:08:31 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/07/03 17:08:31 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/07/03 17:08:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ultra PSP Movie Converter
[2009/07/03 00:32:44 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/03 00:32:44 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/03 00:32:44 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/07/03 00:32:44 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/07/03 00:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\WinZip
[2009/07/03 00:23:06 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/07/02 13:50:20 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/07/02 13:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/07/02 13:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVS4YOU
[2009/07/02 13:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/07/02 13:03:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/07/02 13:03:43 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/07/02 13:03:43 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/07/02 13:03:43 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/07/02 13:03:42 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2009/07/02 13:03:42 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/07/02 13:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/07/01 21:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Michael Jackson
[2009/06/28 16:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Nitto 1320 Legends
[2009/06/24 21:00:58 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Mélissa Lacroix Gagnon.doc
[2009/05/10 16:16:10 | 00,000,147 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2008/10/03 14:06:43 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/09/22 11:22:41 | 00,001,075 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2008/09/22 10:24:10 | 00,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2008/09/22 10:24:10 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/11 21:11:04 | 00,000,355 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/31 20:53:15 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2008/03/27 20:44:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/23 14:38:59 | 00,000,445 | ---- | C] () -- C:\WINDOWS\7thlevel.ini
[2008/03/23 14:13:32 | 00,000,985 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/03/23 14:02:05 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/03/21 03:46:17 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2008/03/11 23:10:57 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/08/10 19:16:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007/08/10 19:14:11 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005/10/24 08:36:58 | 00,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
[2005/10/24 08:36:06 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
[2005/10/24 08:34:22 | 00,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
[2005/10/24 08:34:06 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
[2005/10/24 08:33:10 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
[2005/10/24 08:32:44 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
[2005/10/24 08:32:22 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
[2005/10/24 08:29:54 | 01,122,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
[2005/10/24 08:28:32 | 00,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
[2005/08/16 15:45:36 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/07/22 11:54:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
[2004/08/04 08:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 03:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 22:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 17:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2009/07/12 22:32:12 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/12 22:32:12 | 00,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/12 22:32:12 | 00,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/12 22:27:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 22:27:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 22:26:26 | 05,336,390 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2009/07/12 22:26:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/07/12 22:26:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/07/12 22:10:01 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\User\Desktop\LopSD.exe
[2009/07/12 21:42:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2009/07/12 20:55:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/12 20:49:54 | 00,608,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\comctl32.ocx
[2009/07/12 20:48:25 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
[2009/07/12 19:25:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/07/12 19:25:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/07/12 19:24:39 | 01,286,273 | ---- | M] () -- C:\Documents and Settings\User\Desktop\WORT.exe
[2009/07/12 17:48:02 | 38,089,105 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/12 17:47:46 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/12 17:47:46 | 00,025,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/12 17:37:57 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2009/07/12 17:36:09 | 03,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup221.exe
[2009/07/12 17:09:58 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTM.exe
[2009/07/12 16:59:35 | 00,005,658 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/07/12 16:25:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/07/12 16:25:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/07/12 15:49:54 | 00,152,934 | ---- | M] (changelog.fr ) -- C:\Documents and Settings\User\Desktop\OAD.exe
[2009/07/12 15:49:05 | 00,252,928 | ---- | M] (S!Ri.URZ) -- C:\Documents and Settings\User\Desktop\RHosts.exe
[2009/07/12 15:43:38 | 01,885,088 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SmitfraudFix.exe
[2009/07/10 20:16:35 | 00,001,388 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FindyKill.lnk
[2009/07/10 20:15:47 | 01,457,631 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FindyKill.exe
[2009/07/09 23:41:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Ad-remover.lnk
[2009/07/09 23:18:10 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RSIT.exe
[2009/07/09 21:56:16 | 03,053,617 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2009/07/09 17:37:08 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/07/09 17:37:07 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/09 17:37:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/09 17:37:07 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/09 17:37:06 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/09 17:37:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/09 17:11:28 | 66,216,864 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\User\Desktop\avg_free_stf_en_85_374a15645.exe
[2009/07/09 16:29:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 17:40:33 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/07 17:40:33 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/07 17:40:33 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/07 17:40:33 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/05 20:02:18 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 17:58:27 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\User\Desktop\music shop confirmation.doc
[2009/07/03 16:22:26 | 00,000,558 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
[2009/06/25 20:58:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/25 20:58:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/24 21:35:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/24 21:35:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/06/24 21:24:36 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Mélissa Lacroix Gagnon.doc
[2009/06/24 11:24:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/06/24 11:24:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/23 13:27:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/23 13:27:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/21 23:25:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/21 23:25:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/13 15:51:01 | 00,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[color=#E56717]========== LOP Check ==========/color

[2009/07/11 16:55:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/26 16:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/12 17:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\13485784
[2009/07/09 17:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/02 13:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/02/16 06:28:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/07/07 16:50:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/07/03 00:23:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/08/10 11:41:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/02/16 06:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/02/16 06:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/08/10 18:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/07/12 22:16:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2009/07/02 13:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVS4YOU
[2009/06/06 12:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/10 16:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Druide
[2009/01/06 20:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/07/06 20:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2008/02/16 06:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2008/02/16 06:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Roxio
[2008/11/19 16:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SanDisk
[2009/07/06 22:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2008/12/26 16:58:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/05/31 20:53:33 | 00,000,138 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job
[2009/07/12 22:27:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========/color

< End of report >

Réponse 59 / 90

jomamoto125

Bon je t'envoi le dernier rapport dsl si ca été long un peu je ne me souvenait plus que je devait tenvoyer le lien... je vais aller me coucher dès que tu m,aura envoyé les instruction pour la prochaine étape, je manque de sommeil et j'ai besoins de toute ma tête à mon boulot.. merci encore pour tout ce que tu fait pour moi!!

c,est quand même cocasse que je fasse réparer mon ordinater présentement au Québec par quelqu,un de la France ( si je ne me trompe pas??)

bref voici le rapport:

http://www.cijoint.fr/cjlink.php?file=cj200907/cij7pH8wrT.txt

j,attend ton prochain message avant daller me coucher

Trying2 Messages postés 7751 Statut Contributeur sécurité 234

Ecoute, le plus sage est que je te fasse faire le scan avec Kaspersky en ligne.
Tu le lances et tu peux aller te coucher^^.
Tu me colleras ton rapport ici demain.

Concernant l'aide sur CCM, tu as raison, il n'y a pas de frontières...

Je vais prendre le temps de bien regarder ton rapport OTL, et te donnerai quelques consignes plus tard.

Good night.
@+

Réponse 60 / 90

jomamoto125

parfait je vais démarer le scan, et tenvoyer le rapport demain , merci pour tout ! je te souhaite une good night a toi aussi hehe

a demain

jo

Mon ordi à été infecté par le virus TrojanSpm

90 réponses

Votre réponse

Discussions similaires

Newsletters