Quelqu'un peut m'aider silvouplait
mag
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai plusieurs pages d'Internet qui souvrent pouvez-vous m'aidez silvouplait.
voici le rapport . merci:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:12, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\rnamfler\radprcmp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\magnify.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.orange.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://nec-computers.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
j'ai plusieurs pages d'Internet qui souvrent pouvez-vous m'aidez silvouplait.
voici le rapport . merci:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:12, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\rnamfler\radprcmp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\magnify.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.orange.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://nec-computers.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
A voir également:
- Quelqu'un peut m'aider silvouplait
- Des problèmes sont survenus lors de l'installation des mises à jour, mais nous réessaierons ultérieurement. si le problème persiste et que vous souhaitez rechercher des informations sur internet ou contacter l'assistance pour en obtenir, ceci peut vous aider : (0x80070005) - Guide
- Aider un ami à récupérer son compte facebook - Guide
- Quelqu'un poura peut être m'aider ici ? - Forum Vos droits sur internet
- Personne peut m'aider - Forum Logiciels
- ERREUR 0x80070643 - Forum Windows 10
15 réponses
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Trend je trouve ca un peu moche, on l'utilise au travail...
Installe Avast! fait ses mise a jour, puis planifie un scan au demarrage dans Avast.
Installe Avast! fait ses mise a jour, puis planifie un scan au demarrage dans Avast.
RE
Telecharges Malwarebytes
Tu le lances, fais la mise a jour et un scanne rapide.
A la fin, clic sur Afficher les resultats, verifies que tout soit coche, et supprimer la selection. Redemarres si c'est demande.
Postes le rapport qui est dans l'onglet Rapport/log.
A+
Telecharges Malwarebytes
Tu le lances, fais la mise a jour et un scanne rapide.
A la fin, clic sur Afficher les resultats, verifies que tout soit coche, et supprimer la selection. Redemarres si c'est demande.
Postes le rapport qui est dans l'onglet Rapport/log.
A+
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 2
16/07/2009 11:43:09
mbam-log-2009-07-16 (11-43-09).txt
Type de recherche: Examen rapide
Eléments examinés: 105072
Temps écoulé: 17 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
voila le rapport et excuser moi pour hier j'ai eu un probléme et je ne pouver plus me connecté
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 2
16/07/2009 11:43:09
mbam-log-2009-07-16 (11-43-09).txt
Type de recherche: Examen rapide
Eléments examinés: 105072
Temps écoulé: 17 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
voila le rapport et excuser moi pour hier j'ai eu un probléme et je ne pouver plus me connecté
RE
Télécharges Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-cliques sur RSIT.exe.
Cliques sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Postes le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
A noter: Les rapports se trouvent également ici: C:\rsit.
A+
Télécharges Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-cliques sur RSIT.exe.
Cliques sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Postes le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
A noter: Les rapports se trouvent également ici: C:\rsit.
A+
Re,merci et voila les deux rapports
rapport 1:Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-16 13:13:41
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 52 GB (76%) free of 68 GB
Total RAM: 999 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:47, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
rapport 1:Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-16 13:13:41
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 52 GB (76%) free of 68 GB
Total RAM: 999 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:47, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\apps\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\rnamfler\naomf.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\rnamfler\radprcmp.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
RE
# Télécharges ComboFix (par sUBs) sur le Bureau.
# Désactives tes logiciels de protection avant de lancer Combofix.Antivirus et autres
# Double-cliques sur ComboFix.exe pour le lancer
# A l'apparition du message d'alerte, acceptez les conditions d'utilisation puis suivez les instructions.
# Il est vivement recommandé d'installer la Console de récupération ! (Sous XP)
# Le rapport sera créé dans : C:/Combofix.txt. Tu me fais un Copier/Coller de ce rapport dans un prochain message ci dessous.
# Réactives tes logiciels de protection.
---------------------------------------
Un Tuto a lire
A+
# Télécharges ComboFix (par sUBs) sur le Bureau.
# Désactives tes logiciels de protection avant de lancer Combofix.Antivirus et autres
# Double-cliques sur ComboFix.exe pour le lancer
# A l'apparition du message d'alerte, acceptez les conditions d'utilisation puis suivez les instructions.
# Il est vivement recommandé d'installer la Console de récupération ! (Sous XP)
# Le rapport sera créé dans : C:/Combofix.txt. Tu me fais un Copier/Coller de ce rapport dans un prochain message ci dessous.
# Réactives tes logiciels de protection.
---------------------------------------
Un Tuto a lire
A+
ComboFix 09-07-14.08 - Administrateur 16/07/2009 16:58.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.999.594 [GMT 4:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprlib.dll
c:\windows\Installer\1b9e6.msp
c:\windows\Installer\1b9f9.msp
c:\windows\Installer\1ba00.msp
c:\windows\Installer\329170.msp
c:\windows\Installer\329183.msp
c:\windows\Installer\329189.msp
c:\windows\Installer\d5f499.msp
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 09:13 . 2009-07-16 09:22 -------- d-----w- C:\rsit
2009-07-16 05:59 . 2009-07-13 09:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 05:59 . 2009-07-16 05:59 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-16 05:43 . 2009-07-16 05:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-07-16 05:43 . 2009-07-16 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 05:43 . 2009-07-16 07:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 05:43 . 2009-07-13 09:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 14:28 . 2009-07-15 14:28 -------- d-----w- c:\program files\Trend Micro
2009-07-13 07:06 . 2009-07-16 12:17 117760 ----a-w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-13 07:00 . 2009-07-13 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 06:57 . 2009-07-13 06:57 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-13 06:25 . 2009-07-13 06:25 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-13 06:25 . 2009-07-13 06:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help
2009-07-10 06:18 . 2009-07-13 06:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-10 06:16 . 2009-07-13 06:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-09 15:26 . 2009-07-15 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-09 15:26 . 2009-07-09 15:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-09 14:22 . 2009-07-13 06:21 -------- d-----w- c:\windows\system32\LogFiles
2009-07-09 14:03 . 2009-07-09 14:03 -------- d-----w- c:\windows\ServicePackFiles
2009-07-09 14:00 . 2004-08-05 13:00 81408 ----a-w- c:\windows\system32\wscsvc(3).dll
2009-07-09 14:00 . 2004-08-05 13:00 2986496 ----a-w- c:\windows\system32\xpsp2res(3).dll
2009-07-09 14:00 . 2004-08-05 13:00 6656 ----a-w- c:\windows\system32\wuauserv(3).dll
2009-07-09 14:00 . 2008-12-16 12:49 351232 ----a-w- c:\windows\system32\winhttp(3).dll
2009-07-09 13:59 . 2004-08-05 13:00 71680 ----a-w- c:\windows\system32\wbem\wbemcons(3).dll
2009-07-09 13:57 . 2008-07-07 20:31 253952 ----a-w- c:\windows\system32\es(3).dll
2009-07-06 10:48 . 2009-07-13 06:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CyberLink
2009-07-06 10:48 . 2009-07-09 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-01 13:58 . 2001-05-24 08:59 162304 ----a-w- C:\UNWISE.EXE
2009-07-01 11:22 . 2009-07-16 12:17 -------- d-----w- c:\documents and settings\Administrateur\Tracing
2009-07-01 11:05 . 2009-07-13 06:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-01 11:05 . 2009-07-01 11:05 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-07-01 11:05 . 2009-02-06 14:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-07-01 11:04 . 2009-07-01 11:04 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 11:03 . 2006-11-29 09:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-01 11:02 . 2009-07-01 11:02 -------- d-----w- c:\program files\Microsoft
2009-07-01 11:01 . 2009-07-01 11:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 10:24 . 2009-07-01 10:24 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-01 09:06 . 2009-07-01 09:06 -------- d-----w- c:\program files\Microsoft Works
2009-07-01 09:06 . 2009-07-01 09:06 -------- d-----w- c:\program files\MSBuild
2009-07-01 09:05 . 2009-07-01 09:05 -------- d-----w- c:\program files\Microsoft.NET
2009-07-01 09:02 . 2009-07-01 09:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-01 09:02 . 2009-07-01 09:06 -------- d-----w- c:\windows\SHELLNEW
2009-07-01 09:02 . 2009-07-01 09:02 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft Help
2009-07-01 09:02 . 2009-07-16 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-01 09:01 . 2009-07-01 09:01 -------- d--h--r- C:\MSOCache
2009-07-01 06:04 . 2008-10-16 10:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 06:04 . 2008-10-16 10:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 17:02 . 2009-06-30 17:02 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 09:59 . 2009-06-30 16:19 -------- d--h--r- c:\program files\rnamfler
2009-07-16 04:28 . 2009-07-16 04:31 429786 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2009-07-09 14:15 . 2004-08-18 15:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-09 13:52 . 2009-07-09 13:52 3240 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-09 13:52 . 2004-08-18 15:11 76506 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-09 13:52 . 2004-08-18 15:11 469590 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 11:15 . 2009-06-30 09:06 107400 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 11:05 . 2009-06-30 14:04 -------- d-----w- c:\program files\Windows Live
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\System Control Manager
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\Services en ligne
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\Roxio
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\PDFCreator Toolbar
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\PDFCreator
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-30 14:41 . 2009-06-30 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-30 14:24 . 2009-06-30 14:04 -------- dcsh--w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-06-30 14:22 . 2009-06-30 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-30 14:19 . 2009-06-30 14:19 86576 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-30 14:19 . 2009-06-30 14:19 392728 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-30 14:19 . 2009-06-30 14:19 135680 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-30 14:19 . 2009-06-30 14:19 132672 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-06-30 10:11 . 2009-06-30 10:11 -------- d-----w- c:\program files\Google
2009-06-16 14:54 . 2004-08-18 15:11 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2004-08-18 15:10 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-18 15:11 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:43 . 2004-08-18 15:10 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2009-07-09 13:58 1024000 ----a-w- c:\windows\system32\browseui(3).dll
2009-04-29 04:52 . 2004-08-18 15:10 1024000 ----a-w- c:\windows\system32\browseui(4).dll
2009-04-29 04:52 . 2009-07-09 13:57 474624 ----a-w- c:\windows\system32\shlwapi(3).dll
2009-04-29 04:52 . 2004-08-18 15:11 663552 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-18 15:11 474624 ----a-w- c:\windows\system32\shlwapi(4).dll
2009-04-29 04:52 . 2009-06-30 14:53 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:09 . 2004-08-18 15:11 1846784 ----a-w- c:\windows\system32\win32k.sys
2008-03-10 09:39 . 2008-03-10 09:39 15397 ----a-w- c:\program files\settings.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-03 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-03 138008]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 408088]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-06-20 180736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RemoteControl"="c:\apps\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253960]
"PostOOBE"="c:\windows\system32\wscript.exe" [2004-08-05 114688]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-30 68592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-03 16377344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2007-07-03 89541]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-30 135680]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-30 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-07-15 11:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/06/2009 17:36 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/06/2009 17:36 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/07/2009 15:05 55152]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [10/03/2008 12:19 40960]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/03/2008 12:18 1464856]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [10/03/2008 12:19 9088]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LanguageShortcut - c:\apps\PowerDVD\Language\Language.exe
HKLM-Run-AuditMode - c:\sysprep\factory.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 17:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt00.sqm 3288 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt01.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt02.sqm 6660 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt03.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031\sqmnoopt00.sqm 672 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031\sqmnoopt01.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\3448660140
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\986561820
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt01.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt02.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt03.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt04.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt05.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt06.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt07.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt08.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt09.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt10.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt11.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt12.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt13.sqm 296 bytes
scan completed successfully
hidden files: 25
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-618655676-2818055098-1424546844-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,84,10,78,e1,a8,1d,4a,88,25,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,84,10,78,e1,a8,1d,4a,88,25,d8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3052)
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
.
Completion time: 2009-07-16 17:02
ComboFix-quarantined-files.txt 2009-07-16 13:02
Pre-Run: 55 277 527 040 octets libres
Post-Run: 55 261 167 616 octets libres
232 --- E O F --- 2009-07-16 10:39
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.999.594 [GMT 4:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprlib.dll
c:\windows\Installer\1b9e6.msp
c:\windows\Installer\1b9f9.msp
c:\windows\Installer\1ba00.msp
c:\windows\Installer\329170.msp
c:\windows\Installer\329183.msp
c:\windows\Installer\329189.msp
c:\windows\Installer\d5f499.msp
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 09:13 . 2009-07-16 09:22 -------- d-----w- C:\rsit
2009-07-16 05:59 . 2009-07-13 09:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 05:59 . 2009-07-16 05:59 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-16 05:43 . 2009-07-16 05:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-07-16 05:43 . 2009-07-16 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 05:43 . 2009-07-16 07:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 05:43 . 2009-07-13 09:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 14:28 . 2009-07-15 14:28 -------- d-----w- c:\program files\Trend Micro
2009-07-13 07:06 . 2009-07-16 12:17 117760 ----a-w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-13 07:00 . 2009-07-13 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 06:57 . 2009-07-13 06:57 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-13 06:25 . 2009-07-13 06:25 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-13 06:25 . 2009-07-13 06:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help
2009-07-10 06:18 . 2009-07-13 06:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-10 06:16 . 2009-07-13 06:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-09 15:26 . 2009-07-15 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-09 15:26 . 2009-07-09 15:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-09 14:22 . 2009-07-13 06:21 -------- d-----w- c:\windows\system32\LogFiles
2009-07-09 14:03 . 2009-07-09 14:03 -------- d-----w- c:\windows\ServicePackFiles
2009-07-09 14:00 . 2004-08-05 13:00 81408 ----a-w- c:\windows\system32\wscsvc(3).dll
2009-07-09 14:00 . 2004-08-05 13:00 2986496 ----a-w- c:\windows\system32\xpsp2res(3).dll
2009-07-09 14:00 . 2004-08-05 13:00 6656 ----a-w- c:\windows\system32\wuauserv(3).dll
2009-07-09 14:00 . 2008-12-16 12:49 351232 ----a-w- c:\windows\system32\winhttp(3).dll
2009-07-09 13:59 . 2004-08-05 13:00 71680 ----a-w- c:\windows\system32\wbem\wbemcons(3).dll
2009-07-09 13:57 . 2008-07-07 20:31 253952 ----a-w- c:\windows\system32\es(3).dll
2009-07-06 10:48 . 2009-07-13 06:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CyberLink
2009-07-06 10:48 . 2009-07-09 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-01 13:58 . 2001-05-24 08:59 162304 ----a-w- C:\UNWISE.EXE
2009-07-01 11:22 . 2009-07-16 12:17 -------- d-----w- c:\documents and settings\Administrateur\Tracing
2009-07-01 11:05 . 2009-07-13 06:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-01 11:05 . 2009-07-01 11:05 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-07-01 11:05 . 2009-02-06 14:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-07-01 11:04 . 2009-07-01 11:04 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 11:03 . 2006-11-29 09:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-01 11:02 . 2009-07-01 11:02 -------- d-----w- c:\program files\Microsoft
2009-07-01 11:01 . 2009-07-01 11:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 10:24 . 2009-07-01 10:24 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-01 09:06 . 2009-07-01 09:06 -------- d-----w- c:\program files\Microsoft Works
2009-07-01 09:06 . 2009-07-01 09:06 -------- d-----w- c:\program files\MSBuild
2009-07-01 09:05 . 2009-07-01 09:05 -------- d-----w- c:\program files\Microsoft.NET
2009-07-01 09:02 . 2009-07-01 09:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-01 09:02 . 2009-07-01 09:06 -------- d-----w- c:\windows\SHELLNEW
2009-07-01 09:02 . 2009-07-01 09:02 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft Help
2009-07-01 09:02 . 2009-07-16 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-01 09:01 . 2009-07-01 09:01 -------- d--h--r- C:\MSOCache
2009-07-01 06:04 . 2008-10-16 10:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 06:04 . 2008-10-16 10:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 17:02 . 2009-06-30 17:02 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 09:59 . 2009-06-30 16:19 -------- d--h--r- c:\program files\rnamfler
2009-07-16 04:28 . 2009-07-16 04:31 429786 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2009-07-09 14:15 . 2004-08-18 15:31 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-09 13:52 . 2009-07-09 13:52 3240 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-09 13:52 . 2004-08-18 15:11 76506 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-09 13:52 . 2004-08-18 15:11 469590 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 11:15 . 2009-06-30 09:06 107400 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 11:05 . 2009-06-30 14:04 -------- d-----w- c:\program files\Windows Live
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\System Control Manager
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\Services en ligne
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\Roxio
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\PDFCreator Toolbar
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\PDFCreator
2009-06-30 16:22 . 2009-06-30 16:19 -------- d-----w- c:\program files\OpenOffice.org 2.3
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\program files\Fichiers communs\Sonic Shared
2009-06-30 16:21 . 2009-06-30 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-30 14:41 . 2009-06-30 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-30 14:24 . 2009-06-30 14:04 -------- dcsh--w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-06-30 14:22 . 2009-06-30 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-30 14:19 . 2009-06-30 14:19 86576 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-30 14:19 . 2009-06-30 14:19 392728 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-30 14:19 . 2009-06-30 14:19 135680 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-30 14:19 . 2009-06-30 14:19 132672 ----a-w- c:\documents and settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-06-30 10:11 . 2009-06-30 10:11 -------- d-----w- c:\program files\Google
2009-06-16 14:54 . 2004-08-18 15:11 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2004-08-18 15:10 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-18 15:11 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:43 . 2004-08-18 15:10 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2009-07-09 13:58 1024000 ----a-w- c:\windows\system32\browseui(3).dll
2009-04-29 04:52 . 2004-08-18 15:10 1024000 ----a-w- c:\windows\system32\browseui(4).dll
2009-04-29 04:52 . 2009-07-09 13:57 474624 ----a-w- c:\windows\system32\shlwapi(3).dll
2009-04-29 04:52 . 2004-08-18 15:11 663552 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-18 15:11 474624 ----a-w- c:\windows\system32\shlwapi(4).dll
2009-04-29 04:52 . 2009-06-30 14:53 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:09 . 2004-08-18 15:11 1846784 ----a-w- c:\windows\system32\win32k.sys
2008-03-10 09:39 . 2008-03-10 09:39 15397 ----a-w- c:\program files\settings.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-15 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-03 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-03 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-03 138008]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 408088]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-06-20 180736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"RemoteControl"="c:\apps\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253960]
"PostOOBE"="c:\windows\system32\wscript.exe" [2004-08-05 114688]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-30 68592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-03 16377344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2007-07-03 89541]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-30 135680]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-30 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-07-15 11:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30/06/2009 17:36 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14:07 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/06/2009 17:36 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/07/2009 15:05 55152]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [10/03/2008 12:19 40960]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/03/2008 12:18 1464856]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [10/03/2008 12:19 9088]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14:07 7408]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LanguageShortcut - c:\apps\PowerDVD\Language\Language.exe
HKLM-Run-AuditMode - c:\sysprep\factory.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 17:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt00.sqm 3288 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt01.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt02.sqm 6660 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1110989593\sqmnoopt03.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031\sqmnoopt00.sqm 672 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\1569679031\sqmnoopt01.sqm 244 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\3448660140
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\986561820
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt00.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt01.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt02.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt03.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt04.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt05.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt06.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt07.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt08.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt09.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt10.sqm 164 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt11.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt12.sqm 296 bytes
c:\documents and settings\Administrateur\Application Data\Microsoft\MSN Messenger\sqmnoopt13.sqm 296 bytes
scan completed successfully
hidden files: 25
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-618655676-2818055098-1424546844-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,84,10,78,e1,a8,1d,4a,88,25,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,84,10,78,e1,a8,1d,4a,88,25,d8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3052)
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
.
Completion time: 2009-07-16 17:02
ComboFix-quarantined-files.txt 2009-07-16 13:02
Pre-Run: 55 277 527 040 octets libres
Post-Run: 55 261 167 616 octets libres
232 --- E O F --- 2009-07-16 10:39
re ben excuse moi c'est pa toujour évident car les page internet pose problémes et j'ai du male a revenir a la page actuelle merci beaucoups
RE
Telecharges CCleaner il est preregle, ne modifies rien.
Tu le lances, clic sur nettoyeur, analyser, a la fin, clic sur lancer le nettoyage;
Ensuite, clic sur registre, chercher les erreurs, a la fin, clic sur reparer les erreurs ( toutes), fais la sauvegardes demandee.
-----------------------------------------
Vas dans demarrer, tous les programmes, accessoires, outils d'administration, defragmenteur, tu fais analyse et si besoin defragmentation.
------------------------------------------
Telecharges IE7 et installes le: http://www.microsoft.com/downloads/details.aspx?FamilyID=9ae91ebe-3385-447c-8a30-081805b2f90b&DisplayLang=fr
Ouvres le, regardes si il marche et ensuite, vas faire les mises a jour sur Windows Updates.
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fr
Tu t'arretes au SP3, tu redemarres, tu retournes sur Windows Updates et tu l'installes tout seul,
------------------------------------------
Vas dans le panneau de configuration, clic sur l'icone JAVA et fais la mise a jour.
Ouvres Adobe avec l'icone du bureau, clic sur le point d'interrogation ou aide, et rechercher les mises a jour, tu les installes.
-------------------------------------------
Vas dans Ajout et suppression de programmes, desinstalles toutes les anciennes versions de JAVA et de Adobe.
Tu dois avoir en derniere version Adobe Reader 9.1.2 et JAVA 6 update 13
------------------------------------------
Donnes moi les resultats apres tout ca. Si tu es bloque a un moment, repostes en m'expliquant ce qui se passe.
A+
Telecharges CCleaner il est preregle, ne modifies rien.
Tu le lances, clic sur nettoyeur, analyser, a la fin, clic sur lancer le nettoyage;
Ensuite, clic sur registre, chercher les erreurs, a la fin, clic sur reparer les erreurs ( toutes), fais la sauvegardes demandee.
-----------------------------------------
Vas dans demarrer, tous les programmes, accessoires, outils d'administration, defragmenteur, tu fais analyse et si besoin defragmentation.
------------------------------------------
Telecharges IE7 et installes le: http://www.microsoft.com/downloads/details.aspx?FamilyID=9ae91ebe-3385-447c-8a30-081805b2f90b&DisplayLang=fr
Ouvres le, regardes si il marche et ensuite, vas faire les mises a jour sur Windows Updates.
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fr
Tu t'arretes au SP3, tu redemarres, tu retournes sur Windows Updates et tu l'installes tout seul,
------------------------------------------
Vas dans le panneau de configuration, clic sur l'icone JAVA et fais la mise a jour.
Ouvres Adobe avec l'icone du bureau, clic sur le point d'interrogation ou aide, et rechercher les mises a jour, tu les installes.
-------------------------------------------
Vas dans Ajout et suppression de programmes, desinstalles toutes les anciennes versions de JAVA et de Adobe.
Tu dois avoir en derniere version Adobe Reader 9.1.2 et JAVA 6 update 13
------------------------------------------
Donnes moi les resultats apres tout ca. Si tu es bloque a un moment, repostes en m'expliquant ce qui se passe.
A+
