Soucis de cheval de troie certainement
Résolu
aphrael_n
-
aphrael_n Messages postés 36 Statut Membre -
aphrael_n Messages postés 36 Statut Membre -
Bonjour à tous,
ça me fait tout drôle de me retrouver de l'autre coté de la barrière, car d'habitude j'aide les autres pour leurs problemes d'ordi, mais là je coince. j'ai plusieurs probleme je pense:
1/ j'ai une page internet explorer qui n'arrete pas de s'ouvrir mais sans pub. juste un message me disant qu'il n'arrive pas a se connecter.
2/ j'ai un probleme de connection internet depuis quelques jours: je peux naviguer pendant environ quelques minutes puis firefox charge les pages mais sans les afficher. de plus en parallele lorsque j'essaye d'ouvrir (de moi meme) internet explorer, il me dit que j'ai un probleme de connection. pourtant mes antivirus (nod32 et avast) se mettent a jour sans probleme. ma boite mail (thunderbird) arrive aussi la majorité du temps à charger mes mails.
je suis un peu perdu, du coup si une ame charitable veut bien me donner un coup de main, je vous poste mon log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:52, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\wein nicolas\local settings\application data\mwyuqes.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wein Nicolas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mwyuqes] "c:\documents and settings\wein nicolas\local settings\application data\mwyuqes.exe" mwyuqes
O4 - HKCU\..\Run: [qiyww] "c:\documents and settings\wein nicolas\local settings\application data\qiyww.exe" qiyww
O4 - HKCU\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aphraellerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - Winlogon Notify: awtsq - awtsq.dll (file missing)
O20 - Winlogon Notify: ddccb - ddccb.dll (file missing)
O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: vtsqr - vtsqr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eMule MorphXT as a service (eMule) - https://sourceforge.net/projects/emulemorph/ - D:\Program Files\eMule\emule.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
ça me fait tout drôle de me retrouver de l'autre coté de la barrière, car d'habitude j'aide les autres pour leurs problemes d'ordi, mais là je coince. j'ai plusieurs probleme je pense:
1/ j'ai une page internet explorer qui n'arrete pas de s'ouvrir mais sans pub. juste un message me disant qu'il n'arrive pas a se connecter.
2/ j'ai un probleme de connection internet depuis quelques jours: je peux naviguer pendant environ quelques minutes puis firefox charge les pages mais sans les afficher. de plus en parallele lorsque j'essaye d'ouvrir (de moi meme) internet explorer, il me dit que j'ai un probleme de connection. pourtant mes antivirus (nod32 et avast) se mettent a jour sans probleme. ma boite mail (thunderbird) arrive aussi la majorité du temps à charger mes mails.
je suis un peu perdu, du coup si une ame charitable veut bien me donner un coup de main, je vous poste mon log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:52, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\wein nicolas\local settings\application data\mwyuqes.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wein Nicolas\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mwyuqes] "c:\documents and settings\wein nicolas\local settings\application data\mwyuqes.exe" mwyuqes
O4 - HKCU\..\Run: [qiyww] "c:\documents and settings\wein nicolas\local settings\application data\qiyww.exe" qiyww
O4 - HKCU\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aphraellerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - Winlogon Notify: awtsq - awtsq.dll (file missing)
O20 - Winlogon Notify: ddccb - ddccb.dll (file missing)
O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: vtsqr - vtsqr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eMule MorphXT as a service (eMule) - https://sourceforge.net/projects/emulemorph/ - D:\Program Files\eMule\emule.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:
- Soucis de cheval de troie certainement
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Pourquoi certains contacts disparaissent de mon répertoire - Accueil - Guide Android
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie - Forum Virus
- Comment eliminer un cheval de troie? ✓ - Forum Virus
62 réponses
Bonjour,
1) As tu supprimer les infections trouvé ?
Si oui fait ceci :
Vide la quarantaine de Malwarebyte's
- Lance Malwarebyte's
- Onglet quarantaine
- Supprimer tout
2) UsbFix
==> Usb Fix <==
Server 2 : http://pagesperso-orange.fr/nostools/usbfix.html
● Installe sur ton bureaux Usbfix ( de Chiquitine29 et C_XX )
● Double clique sur l'icône Usbfix le programme se lance ...
● Sur le menu principal de USBFix choisit l'option 1
Un message t'indique alors de brancher tous tes médias amovibles, insère les puis appuie sur une touche pour lancer le scan.
(!) Le menu démarrer et les icônes vont disparaître.. c'est normal (!)
A la fin du scan un rapport s'ouvre dans le bloc note :
● Clique sur le menu Édition puis Sélectionner tout.
● Clique à nouveau sur le menu Édition puis coller.
● Colle le contenue du rapport dans ta prochaine réponse
1) As tu supprimer les infections trouvé ?
Si oui fait ceci :
Vide la quarantaine de Malwarebyte's
- Lance Malwarebyte's
- Onglet quarantaine
- Supprimer tout
2) UsbFix
==> Usb Fix <==
Server 2 : http://pagesperso-orange.fr/nostools/usbfix.html
● Installe sur ton bureaux Usbfix ( de Chiquitine29 et C_XX )
● Double clique sur l'icône Usbfix le programme se lance ...
● Sur le menu principal de USBFix choisit l'option 1
Un message t'indique alors de brancher tous tes médias amovibles, insère les puis appuie sur une touche pour lancer le scan.
(!) Le menu démarrer et les icônes vont disparaître.. c'est normal (!)
A la fin du scan un rapport s'ouvre dans le bloc note :
● Clique sur le menu Édition puis Sélectionner tout.
● Clique à nouveau sur le menu Édition puis coller.
● Colle le contenue du rapport dans ta prochaine réponse
désolé pour la lenteur des choses mais je bossais. je ne pourrais malheureusement pas avancé ce soir non plus... en tout cas j'ai une demi heure devant moi, donc voici el log de usbfix
############################## | UsbFix V6.052 |
User : Wein Nicolas (Administrateurs) # NICO
Update on 13/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:14:21 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : NOD32 Antivirus System 2.51 2.51 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,67 Go (2,79 Go free) [windows] # NTFS
D:\ -> Disque fixe local # 51,23 Go (3,36 Go free) [programme] # NTFS
E:\ -> Disque fixe local # 4,88 Go (2,18 Go free) [SAUVEGARDE] # FAT32
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 232,88 Go (229,7 Go free) [CMT power!!] # NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque amovible
O:\ -> Disque amovible
P:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 476
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\SYSTEM32\winlogon.exe 572
C:\WINDOWS\system32\services.exe 616
C:\WINDOWS\system32\lsass.exe 628
C:\WINDOWS\system32\svchost.exe 796
C:\WINDOWS\system32\svchost.exe 844
C:\WINDOWS\System32\svchost.exe 876
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1028
C:\WINDOWS\system32\spoolsv.exe 1168
C:\WINDOWS\Explorer.EXE 1452
C:\WINDOWS\System32\svchost.exe 1528
C:\Program Files\Eset\nod32krn.exe 1656
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1668
C:\Program Files\Eset\nod32kui.exe 1740
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 1812
C:\WINDOWS\Philips\SPC220NC\Monitor.exe 1872
C:\WINDOWS\system32\sessmgr.exe 1884
D:\Program Files\SuperCopier2\SuperCopier2.exe 1944
C:\WINDOWS\System32\locator.exe 1956
C:\WINDOWS\system32\ctfmon.exe 1992
C:\WINDOWS\System32\svchost.exe 208
C:\WINDOWS\System32\wdfmgr.exe 932
C:\WINDOWS\System32\Fast.exe 1204
C:\WINDOWS\system32\wuauclt.exe 2088
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe 2284
C:\WINDOWS\System32\alg.exe 2528
C:\WINDOWS\System32\svchost.exe 2792
C:\WINDOWS\system32\wbem\wmiprvse.exe 3352
C:\WINDOWS\system32\wuauclt.exe 3540
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{573e718e-45c8-11dd-ba8a-000c7636d1ee}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
HKCU\..\..\Explorer\MountPoints2\{cfdca160-962c-11d8-b1a0-000b0d219efc}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\Alcohol Soft\Serial.exe" 31/05/2003 22:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"C:\Program Files\Alcohol Soft\Alcohol 120\Serial.exe" 31/05/2003 23:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"D:\Telchargement\trojan remover\Keygen\TR_REM-K.EXE" 07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\trjsetup.exe" 10/05/2002 23:46 |Size 2025133 |Crc32 b6d10b2f |Md5 2787aa86540798f121ca0533e528e223
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Keygen\TR_REM-K.EXE" 07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trdb6085.exe" 17/02/2004 01:40 |Size 1156039 |Crc32 51754658 |Md5 5cef455630fc84dd044bb65346424532
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trj616.exe" 17/02/2004 01:39 |Size 3245468 |Crc32 71ccd72e |Md5 35ef08db0484adb26805fcd25f490328
################## | ! Fin du rapport # UsbFix V6.052 ! |
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
############################## | UsbFix V6.052 |
User : Wein Nicolas (Administrateurs) # NICO
Update on 13/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:14:21 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : NOD32 Antivirus System 2.51 2.51 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,67 Go (2,79 Go free) [windows] # NTFS
D:\ -> Disque fixe local # 51,23 Go (3,36 Go free) [programme] # NTFS
E:\ -> Disque fixe local # 4,88 Go (2,18 Go free) [SAUVEGARDE] # FAT32
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 232,88 Go (229,7 Go free) [CMT power!!] # NTFS
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque amovible
O:\ -> Disque amovible
P:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 476
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\SYSTEM32\winlogon.exe 572
C:\WINDOWS\system32\services.exe 616
C:\WINDOWS\system32\lsass.exe 628
C:\WINDOWS\system32\svchost.exe 796
C:\WINDOWS\system32\svchost.exe 844
C:\WINDOWS\System32\svchost.exe 876
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\System32\svchost.exe 1028
C:\WINDOWS\system32\spoolsv.exe 1168
C:\WINDOWS\Explorer.EXE 1452
C:\WINDOWS\System32\svchost.exe 1528
C:\Program Files\Eset\nod32krn.exe 1656
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1668
C:\Program Files\Eset\nod32kui.exe 1740
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 1812
C:\WINDOWS\Philips\SPC220NC\Monitor.exe 1872
C:\WINDOWS\system32\sessmgr.exe 1884
D:\Program Files\SuperCopier2\SuperCopier2.exe 1944
C:\WINDOWS\System32\locator.exe 1956
C:\WINDOWS\system32\ctfmon.exe 1992
C:\WINDOWS\System32\svchost.exe 208
C:\WINDOWS\System32\wdfmgr.exe 932
C:\WINDOWS\System32\Fast.exe 1204
C:\WINDOWS\system32\wuauclt.exe 2088
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe 2284
C:\WINDOWS\System32\alg.exe 2528
C:\WINDOWS\System32\svchost.exe 2792
C:\WINDOWS\system32\wbem\wmiprvse.exe 3352
C:\WINDOWS\system32\wuauclt.exe 3540
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{573e718e-45c8-11dd-ba8a-000c7636d1ee}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
HKCU\..\..\Explorer\MountPoints2\{cfdca160-962c-11d8-b1a0-000b0d219efc}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\Alcohol Soft\Serial.exe" 31/05/2003 22:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"C:\Program Files\Alcohol Soft\Alcohol 120\Serial.exe" 31/05/2003 23:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"D:\Telchargement\trojan remover\Keygen\TR_REM-K.EXE" 07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\trjsetup.exe" 10/05/2002 23:46 |Size 2025133 |Crc32 b6d10b2f |Md5 2787aa86540798f121ca0533e528e223
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Keygen\TR_REM-K.EXE" 07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trdb6085.exe" 17/02/2004 01:40 |Size 1156039 |Crc32 51754658 |Md5 5cef455630fc84dd044bb65346424532
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trj616.exe" 17/02/2004 01:39 |Size 3245468 |Crc32 71ccd72e |Md5 35ef08db0484adb26805fcd25f490328
################## | ! Fin du rapport # UsbFix V6.052 ! |
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
● Relance UsbFix
● Dans le menu principale cette fois choisit l'option2
(!) Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal. (!)
Si un message te demande de redémarrer l'ordinateur fait le ...
● Au redémarrage, le fix se relance... laisse l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoie le dans la prochaine réponse
● Dans le menu principale cette fois choisit l'option2
(!) Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal. (!)
Si un message te demande de redémarrer l'ordinateur fait le ...
● Au redémarrage, le fix se relance... laisse l'opération s'effectuer.
● Le bloc note s'ouvre avec un rapport, envoie le dans la prochaine réponse
usbfix ne veut plus se lancer... a priori nod32 le bloque car il voit une contamination dedans. meme si j'inactive nod32. que faire? mode sans échec????
merci d'avance
merci d'avance
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok voici
############################## | UsbFix V6.052 |
User : Wein Nicolas (Administrateurs) # NICO
Update on 13/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:32:04 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : NOD32 Antivirus System 2.51 2.51 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,67 Go (2,78 Go free) [windows] # NTFS
D:\ -> Disque fixe local # 51,23 Go (3,36 Go free) [programme] # NTFS
E:\ -> Disque fixe local # 4,88 Go (2,18 Go free) [SAUVEGARDE] # FAT32
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque amovible
O:\ -> Disque amovible
P:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 476
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\SYSTEM32\winlogon.exe 572
C:\WINDOWS\system32\services.exe 616
C:\WINDOWS\system32\lsass.exe 628
C:\WINDOWS\system32\svchost.exe 792
C:\WINDOWS\system32\svchost.exe 840
C:\WINDOWS\System32\svchost.exe 872
C:\WINDOWS\System32\svchost.exe 956
C:\WINDOWS\System32\svchost.exe 1024
C:\WINDOWS\SYSTEM32\logonui.exe 1096
C:\WINDOWS\system32\spoolsv.exe 1172
C:\WINDOWS\System32\svchost.exe 1304
C:\Program Files\Eset\nod32krn.exe 1404
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1416
C:\WINDOWS\system32\sessmgr.exe 1516
C:\WINDOWS\System32\locator.exe 1592
C:\WINDOWS\System32\svchost.exe 1696
C:\WINDOWS\System32\wdfmgr.exe 1908
C:\WINDOWS\System32\Fast.exe 196
C:\WINDOWS\system32\wuauclt.exe 380
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe 1020
C:\WINDOWS\System32\alg.exe 1312
C:\WINDOWS\System32\svchost.exe 2136
C:\WINDOWS\system32\userinit.exe 2420
C:\WINDOWS\Explorer.EXE 2444
C:\WINDOWS\system32\wbem\wmiprvse.exe 2588
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{573e718e-45c8-11dd-ba8a-000c7636d1ee}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{cfdca160-962c-11d8-b1a0-000b0d219efc}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[21/08/2006 21:59|--a------|0] C:\AUTOEXEC.BAT
[04/06/2004 10:44|--a------|246] C:\BcBtRmv.log
[13/11/2009 18:31|-rahs----|227] C:\boot.ini
[30/08/2002 13:00|-rahs----|4952] C:\Bootfont.bin
[13/11/2009 20:55|--a------|1875] C:\cleannavi.txt
[21/08/2006 21:59|--a------|0] C:\CONFIG.SYS
[31/08/2007 21:43|--a------|130] C:\debug.txt
[08/02/2005 12:41|--a------|17] C:\Default.PLS
[11/04/2007 11:51|--a------|1078] C:\deltaStartup.log
[28/03/2009 17:36|--a------|3139] C:\FindyKill.txt
[04/06/2004 10:51|--a------|557] C:\hpfr5550.xml
[04/06/2004 10:51|--a------|984] C:\hph7150.log
[06/07/2003 11:51|-rahs----|0] C:\IO.SYS
[11/10/2004 19:43|--ah-----|840719] C:\KAVITABC.DAT
[06/07/2003 11:51|-rahs----|0] C:\MSDOS.SYS
[29/01/2007 19:40|-rahs----|47564] C:\NTDETECT.COM
[28/03/2009 18:46|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/01/2007 19:18|--a------|3473408] C:\Perf.ETL
[13/11/2009 19:24|--a------|5312] C:\rapport.txt
[14/09/2008 20:53|--a------|304160] C:\SPC220NC.DAT
[14/11/2009 19:35|--a------|4213] C:\UsbFix.txt
[19/05/2007 21:48|--a------|26] C:\usm.txt
[13/11/2009 19:40|--a------|1232] C:\VundoFix.txt
[01/09/2006 18:51|--a------|1492] C:\WINDOWSvundofix.reg
[24/08/2006 20:42|--a------|14171893] D:\a-squared anti-malware personal edition v.2.0.zip
[31/08/2006 19:29|--a------|0] D:\ddccy.dll
[05/03/2004 11:30|--a------|17] D:\Default.PLS
[20/10/2007 16:42|--a------|0] D:\evoodoo.log
[29/08/2006 22:26|--a------|15820837] D:\Freebox les chaines sur Ecran pc
[11/10/2004 19:44|--ah-----|198903] D:\KAVITABD.DAT
30/09/2002 23:00|--a------|217088] D:\RegDelete.exe
[06/07/2003 14:39|--a------|22] E:\SWCONF.DAT
[07/08/2003 13:12|--a------|49] E:\PASS.RPT
[?|?|?] E:\pagefile.sys
[11/10/2004 20:44|---h-----|1687] E:\KAVITABE.DAT
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\Alcohol Soft\Serial.exe"
31/05/2003 22:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"C:\Program Files\Alcohol Soft\Alcohol 120\Serial.exe"
31/05/2003 23:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"D:\Telchargement\trojan remover\Keygen\TR_REM-K.EXE"
07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\trjsetup.exe"
10/05/2002 23:46 |Size 2025133 |Crc32 b6d10b2f |Md5 2787aa86540798f121ca0533e528e223
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Keygen\TR_REM-K.EXE"
07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trdb6085.exe"
17/02/2004 01:40 |Size 1156039 |Crc32 51754658 |Md5 5cef455630fc84dd044bb65346424532
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trj616.exe"
17/02/2004 01:39 |Size 3245468 |Crc32 71ccd72e |Md5 35ef08db0484adb26805fcd25f490328
################## | ! Fin du rapport # UsbFix V6.052 ! |
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
bon par contre malhreuesement je n'ai plus du tout acces a internet. j'ai du recuperer le portable d'un ami.
je te remercie pour ton aide
############################## | UsbFix V6.052 |
User : Wein Nicolas (Administrateurs) # NICO
Update on 13/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:32:04 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.80GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : NOD32 Antivirus System 2.51 2.51 [ Enabled | Updated ]
FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 55,67 Go (2,78 Go free) [windows] # NTFS
D:\ -> Disque fixe local # 51,23 Go (3,36 Go free) [programme] # NTFS
E:\ -> Disque fixe local # 4,88 Go (2,18 Go free) [SAUVEGARDE] # FAT32
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque amovible
O:\ -> Disque amovible
P:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 476
C:\WINDOWS\system32\csrss.exe 544
C:\WINDOWS\SYSTEM32\winlogon.exe 572
C:\WINDOWS\system32\services.exe 616
C:\WINDOWS\system32\lsass.exe 628
C:\WINDOWS\system32\svchost.exe 792
C:\WINDOWS\system32\svchost.exe 840
C:\WINDOWS\System32\svchost.exe 872
C:\WINDOWS\System32\svchost.exe 956
C:\WINDOWS\System32\svchost.exe 1024
C:\WINDOWS\SYSTEM32\logonui.exe 1096
C:\WINDOWS\system32\spoolsv.exe 1172
C:\WINDOWS\System32\svchost.exe 1304
C:\Program Files\Eset\nod32krn.exe 1404
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1416
C:\WINDOWS\system32\sessmgr.exe 1516
C:\WINDOWS\System32\locator.exe 1592
C:\WINDOWS\System32\svchost.exe 1696
C:\WINDOWS\System32\wdfmgr.exe 1908
C:\WINDOWS\System32\Fast.exe 196
C:\WINDOWS\system32\wuauclt.exe 380
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe 1020
C:\WINDOWS\System32\alg.exe 1312
C:\WINDOWS\System32\svchost.exe 2136
C:\WINDOWS\system32\userinit.exe 2420
C:\WINDOWS\Explorer.EXE 2444
C:\WINDOWS\system32\wbem\wmiprvse.exe 2588
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{573e718e-45c8-11dd-ba8a-000c7636d1ee}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{cfdca160-962c-11d8-b1a0-000b0d219efc}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[21/08/2006 21:59|--a------|0] C:\AUTOEXEC.BAT
[04/06/2004 10:44|--a------|246] C:\BcBtRmv.log
[13/11/2009 18:31|-rahs----|227] C:\boot.ini
[30/08/2002 13:00|-rahs----|4952] C:\Bootfont.bin
[13/11/2009 20:55|--a------|1875] C:\cleannavi.txt
[21/08/2006 21:59|--a------|0] C:\CONFIG.SYS
[31/08/2007 21:43|--a------|130] C:\debug.txt
[08/02/2005 12:41|--a------|17] C:\Default.PLS
[11/04/2007 11:51|--a------|1078] C:\deltaStartup.log
[28/03/2009 17:36|--a------|3139] C:\FindyKill.txt
[04/06/2004 10:51|--a------|557] C:\hpfr5550.xml
[04/06/2004 10:51|--a------|984] C:\hph7150.log
[06/07/2003 11:51|-rahs----|0] C:\IO.SYS
[11/10/2004 19:43|--ah-----|840719] C:\KAVITABC.DAT
[06/07/2003 11:51|-rahs----|0] C:\MSDOS.SYS
[29/01/2007 19:40|-rahs----|47564] C:\NTDETECT.COM
[28/03/2009 18:46|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/01/2007 19:18|--a------|3473408] C:\Perf.ETL
[13/11/2009 19:24|--a------|5312] C:\rapport.txt
[14/09/2008 20:53|--a------|304160] C:\SPC220NC.DAT
[14/11/2009 19:35|--a------|4213] C:\UsbFix.txt
[19/05/2007 21:48|--a------|26] C:\usm.txt
[13/11/2009 19:40|--a------|1232] C:\VundoFix.txt
[01/09/2006 18:51|--a------|1492] C:\WINDOWSvundofix.reg
[24/08/2006 20:42|--a------|14171893] D:\a-squared anti-malware personal edition v.2.0.zip
[31/08/2006 19:29|--a------|0] D:\ddccy.dll
[05/03/2004 11:30|--a------|17] D:\Default.PLS
[20/10/2007 16:42|--a------|0] D:\evoodoo.log
[29/08/2006 22:26|--a------|15820837] D:\Freebox les chaines sur Ecran pc
[11/10/2004 19:44|--ah-----|198903] D:\KAVITABD.DAT
30/09/2002 23:00|--a------|217088] D:\RegDelete.exe
[06/07/2003 14:39|--a------|22] E:\SWCONF.DAT
[07/08/2003 13:12|--a------|49] E:\PASS.RPT
[?|?|?] E:\pagefile.sys
[11/10/2004 20:44|---h-----|1687] E:\KAVITABE.DAT
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\Alcohol Soft\Serial.exe"
31/05/2003 22:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"C:\Program Files\Alcohol Soft\Alcohol 120\Serial.exe"
31/05/2003 23:50 |Size 100150 |Crc32 d7c81e98 |Md5 7c5664e0594585f1cc7c8da096faec8d
"D:\Telchargement\trojan remover\Keygen\TR_REM-K.EXE"
07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\trjsetup.exe"
10/05/2002 23:46 |Size 2025133 |Crc32 b6d10b2f |Md5 2787aa86540798f121ca0533e528e223
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Keygen\TR_REM-K.EXE"
07/03/2002 10:35 |Size 5632 |Crc32 064058a7 |Md5 40a86b3f555d570c472851aae68f70e4
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trdb6085.exe"
17/02/2004 01:40 |Size 1156039 |Crc32 51754658 |Md5 5cef455630fc84dd044bb65346424532
"D:\Telchargement\trojan remover\Trojan Remover v6.4.3 + keygen + updates\Updates\trj616.exe"
17/02/2004 01:39 |Size 3245468 |Crc32 71ccd72e |Md5 35ef08db0484adb26805fcd25f490328
################## | ! Fin du rapport # UsbFix V6.052 ! |
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4607 (20091114) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
bon par contre malhreuesement je n'ai plus du tout acces a internet. j'ai du recuperer le portable d'un ami.
je te remercie pour ton aide
voici
Logfile of random's system information tool 1.06 (written by random/random)
Run by Wein Nicolas at 2009-11-15 19:01:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (6%) free of 57 GB
Total RAM: 511 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:30, on 15/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wein Nicolas\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Wein Nicolas\Bureau\Wein Nicolas.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Wein Nicolas\Bureau\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aphraellerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - Winlogon Notify: awtsq - awtsq.dll (file missing)
O20 - Winlogon Notify: ddccb - ddccb.dll (file missing)
O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: vtsqr - vtsqr.dll (file missing)
O23 - Service: eMule MorphXT as a service (eMule) - https://sourceforge.net/projects/emulemorph/ - D:\Program Files\eMule\emule.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8630 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\XoftSpy.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-08-11 7630848]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-08-29 921600]
""= []
"nwiz"=nwiz.exe /install []
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"Monitor"=C:\WINDOWS\Philips\SPC220NC\Monitor.exe [2006-11-03 319488]
"Malwarebytes Anti-Malware (reboot)"=C:\Documents and Settings\Wein Nicolas\Bureau\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=D:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe /wait []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
C:\WINDOWS\Dit.exe [2002-08-28 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyMod]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-19 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-12-18 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jxo3023e]
w002d632.dll,n 0033023b0000000a002d632 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
D:\Program Files\Logitech\Video\ManifestEngine.exe boot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacLicense]
C:\Program Files\Conversions Plus\MacLic.exe [2001-09-16 163904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\WINDOWS\Philips\SPC220NC\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-02-01 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
C:\Program Files\The Cleaner\tca.exe [2004-04-09 631808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor]
C:\Program Files\The Cleaner\tcm.exe [2004-03-13 388096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-08-21 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2006-09-05 248832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpgConfVer]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\SYSTEM32\WDBtnMgr.exe [2006-04-01 331776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpy]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-09-23 295606]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
D:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2006-10-22 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MacName.lnk]
C:\PROGRA~1\CONVER~1\MacName.exe [2001-09-16 53317]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
C:\PROGRA~1\Philips\PHILIP~1\TRAYMI~1.EXE [2007-03-09 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2002-03-29 106561]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MacFormatService"=2
"NVSvc"=2
"GhostStartService"=2
"RetroWDSvc"=2
"RetroLauncher"=2
"ose"=3
"odserv"=3
"vsmon"=2
"EasyBoxApache"=3
"Adobe Version Cue CS3"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsq]
awtsq.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccb]
ddccb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcc]
gebcc.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhg]
pmkhg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqr]
vtsqr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=D:\DVD\DVD Region-Free\DVDShell.dll [2003-08-26 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoWindowsUpdate"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoUserNameInStartMenu"=0
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======File associations======
.scr - open -
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-11-14 19:35:24 ----RASHD---- C:\autorun.inf
2009-11-14 19:32:01 ----A---- C:\UsbFix.txt
2009-11-14 11:32:50 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\WinRAR
2009-11-14 11:13:45 ----D---- C:\UsbFix
2009-11-13 23:19:00 ----D---- C:\rsit
2009-11-13 21:22:19 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\Malwarebytes
2009-11-13 21:22:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-13 20:50:33 ----A---- C:\cleannavi.txt
2009-11-13 20:50:01 ----D---- C:\Program Files\Navilog1
2009-11-13 19:21:23 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-13 19:21:00 ----A---- C:\rapport.txt
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-11-12 21:22:27 ----A---- C:\WINDOWS\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2009-11-15 19:01:30 ----D---- C:\WINDOWS\Prefetch
2009-11-15 18:30:57 ----D---- C:\WINDOWS\Temp
2009-11-15 17:26:53 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-15 17:14:41 ----D---- C:\Program Files\Mozilla Firefox
2009-11-15 16:56:43 ----D---- C:\WINDOWS\Internet Logs
2009-11-14 19:34:27 ----SHD---- C:\RECYCLER
2009-11-14 19:31:52 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt
2009-11-14 19:25:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-14 10:53:15 ----D---- C:\WINDOWS\system32
2009-11-13 23:50:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-13 23:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-13 23:06:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-13 21:33:28 ----A---- C:\WINDOWS\system.ini
2009-11-13 21:22:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-13 20:50:01 ----AD---- C:\Program Files
2009-11-13 20:48:44 ----D---- C:\Program Files\Alwil Software
2009-11-13 19:40:53 ----A---- C:\VundoFix.txt
2009-11-13 19:04:22 ----HD---- C:\WINDOWS\inf
2009-11-13 18:31:54 ----RASH---- C:\boot.ini
2009-11-13 18:31:54 ----A---- C:\WINDOWS\win.ini
2009-11-13 09:39:59 ----D---- C:\WINDOWS\network diagnostic
2009-11-13 00:06:18 ----D---- C:\WINDOWS
2009-11-07 09:50:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-07 01:50:40 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\CamfrogWEB
2009-11-06 19:35:41 ----D---- C:\WINDOWS\Help
2009-11-06 19:35:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 AMON;AMON; \??\C:\WINDOWS\System32\drivers\amon.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-02-25 271360]
R2 BT848;Conexant's BtPCI WDM Video Capture; C:\WINDOWS\System32\DRIVERS\BT848.sys [2004-12-25 371349]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-02-25 18048]
R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2005-04-01 123614]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2005-04-01 21906]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2005-04-01 25442]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2005-04-01 13696]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 axvbusx;axvbusx; C:\WINDOWS\System32\DRIVERS\axvbusx.sys [2003-01-31 8384]
R3 axvscsi;axvscsi; C:\WINDOWS\System32\DRIVERS\axvscsi.sys [2003-01-31 100256]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-03-25 741583]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-20 9856]
R3 SPC220NC;Philips SPC220NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\System32\DRIVERS\rob_a.sys [2003-02-10 17664]
S2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys []
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 Fadpu16E;Fadpu16E; C:\WINDOWS\system32\drivers\Fadpu16E.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\System32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 pctvvbi;PCTVVBI; C:\WINDOWS\System32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TESTCAP;Studio PCTV (Audio); C:\WINDOWS\System32\DRIVERS\PCTVAud.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\WEINNI~1\LOCALS~1\Temp\mc222.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 InteractiveLogon;InteractiveLogon; C:\WINDOWS\System32\Fast.exe [2001-10-19 49216]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-08-29 507904]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 eMule;eMule MorphXT as a service; D:\Program Files\eMule\emule.exe [2009-03-23 6905856]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-22 654848]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 EasyBoxApache;EasyBoxApache; D:\Program Files\EasyBox\Apache\Apache.exe [2005-12-01 20537]
S4 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
S4 MacFormatService;MacFormatService; C:\Program Files\Conversions Plus\FORMATM.EXE [2001-09-16 266304]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-11 155715]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
S4 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2004-01-26 46592]
S4 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
-----------------EOF-----------------
__________ Information NOD32 4610 (20091115) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4610 (20091115) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
Logfile of random's system information tool 1.06 (written by random/random)
Run by Wein Nicolas at 2009-11-15 19:01:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (6%) free of 57 GB
Total RAM: 511 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:30, on 15/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wein Nicolas\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Wein Nicolas\Bureau\Wein Nicolas.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Wein Nicolas\Bureau\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aphraellerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - Winlogon Notify: awtsq - awtsq.dll (file missing)
O20 - Winlogon Notify: ddccb - ddccb.dll (file missing)
O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)
O20 - Winlogon Notify: pmkhg - pmkhg.dll (file missing)
O20 - Winlogon Notify: vtsqr - vtsqr.dll (file missing)
O23 - Service: eMule MorphXT as a service (eMule) - https://sourceforge.net/projects/emulemorph/ - D:\Program Files\eMule\emule.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8630 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\XoftSpy.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-08-11 7630848]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-08-29 921600]
""= []
"nwiz"=nwiz.exe /install []
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"Monitor"=C:\WINDOWS\Philips\SPC220NC\Monitor.exe [2006-11-03 319488]
"Malwarebytes Anti-Malware (reboot)"=C:\Documents and Settings\Wein Nicolas\Bureau\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=D:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe /wait []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
C:\WINDOWS\Dit.exe [2002-08-28 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyMod]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-19 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-12-18 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jxo3023e]
w002d632.dll,n 0033023b0000000a002d632 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
D:\Program Files\Logitech\Video\ManifestEngine.exe boot []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacLicense]
C:\Program Files\Conversions Plus\MacLic.exe [2001-09-16 163904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\WINDOWS\Philips\SPC220NC\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVRemote]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-02-01 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
\Program Files\WDC\SetIcon.exe [2004-04-28 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
C:\Program Files\The Cleaner\tca.exe [2004-04-09 631808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor]
C:\Program Files\The Cleaner\tcm.exe [2004-03-13 388096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-08-21 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2006-09-05 248832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpgConfVer]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\SYSTEM32\WDBtnMgr.exe [2006-04-01 331776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpy]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-09-23 295606]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
D:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2006-10-22 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MacName.lnk]
C:\PROGRA~1\CONVER~1\MacName.exe [2001-09-16 53317]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
C:\PROGRA~1\Philips\PHILIP~1\TRAYMI~1.EXE [2007-03-09 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2002-03-29 106561]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MacFormatService"=2
"NVSvc"=2
"GhostStartService"=2
"RetroWDSvc"=2
"RetroLauncher"=2
"ose"=3
"odserv"=3
"vsmon"=2
"EasyBoxApache"=3
"Adobe Version Cue CS3"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsq]
awtsq.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccb]
ddccb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcc]
gebcc.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhg]
pmkhg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqr]
vtsqr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=D:\DVD\DVD Region-Free\DVDShell.dll [2003-08-26 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoWindowsUpdate"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoUserNameInStartMenu"=0
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======File associations======
.scr - open -
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-11-14 19:35:24 ----RASHD---- C:\autorun.inf
2009-11-14 19:32:01 ----A---- C:\UsbFix.txt
2009-11-14 11:32:50 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\WinRAR
2009-11-14 11:13:45 ----D---- C:\UsbFix
2009-11-13 23:19:00 ----D---- C:\rsit
2009-11-13 21:22:19 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\Malwarebytes
2009-11-13 21:22:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-13 20:50:33 ----A---- C:\cleannavi.txt
2009-11-13 20:50:01 ----D---- C:\Program Files\Navilog1
2009-11-13 19:21:23 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-13 19:21:00 ----A---- C:\rapport.txt
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-13 19:20:44 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-11-13 19:20:43 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-11-12 21:22:27 ----A---- C:\WINDOWS\ntbtlog.txt
======List of files/folders modified in the last 1 months======
2009-11-15 19:01:30 ----D---- C:\WINDOWS\Prefetch
2009-11-15 18:30:57 ----D---- C:\WINDOWS\Temp
2009-11-15 17:26:53 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-15 17:14:41 ----D---- C:\Program Files\Mozilla Firefox
2009-11-15 16:56:43 ----D---- C:\WINDOWS\Internet Logs
2009-11-14 19:34:27 ----SHD---- C:\RECYCLER
2009-11-14 19:31:52 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt
2009-11-14 19:25:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-14 10:53:15 ----D---- C:\WINDOWS\system32
2009-11-13 23:50:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-13 23:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-13 23:06:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-13 21:33:28 ----A---- C:\WINDOWS\system.ini
2009-11-13 21:22:12 ----D---- C:\WINDOWS\system32\drivers
2009-11-13 20:50:01 ----AD---- C:\Program Files
2009-11-13 20:48:44 ----D---- C:\Program Files\Alwil Software
2009-11-13 19:40:53 ----A---- C:\VundoFix.txt
2009-11-13 19:04:22 ----HD---- C:\WINDOWS\inf
2009-11-13 18:31:54 ----RASH---- C:\boot.ini
2009-11-13 18:31:54 ----A---- C:\WINDOWS\win.ini
2009-11-13 09:39:59 ----D---- C:\WINDOWS\network diagnostic
2009-11-13 00:06:18 ----D---- C:\WINDOWS
2009-11-07 09:50:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-07 01:50:40 ----D---- C:\Documents and Settings\Wein Nicolas\Application Data\CamfrogWEB
2009-11-06 19:35:41 ----D---- C:\WINDOWS\Help
2009-11-06 19:35:36 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 AMON;AMON; \??\C:\WINDOWS\System32\drivers\amon.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-02-25 271360]
R2 BT848;Conexant's BtPCI WDM Video Capture; C:\WINDOWS\System32\DRIVERS\BT848.sys [2004-12-25 371349]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-02-25 18048]
R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2005-04-01 123614]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\System32\DRIVERS\nvtunep.sys [2005-04-01 21906]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys [2005-04-01 25442]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2005-04-01 13696]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 axvbusx;axvbusx; C:\WINDOWS\System32\DRIVERS\axvbusx.sys [2003-01-31 8384]
R3 axvscsi;axvscsi; C:\WINDOWS\System32\DRIVERS\axvscsi.sys [2003-01-31 100256]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-03-25 741583]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-20 9856]
R3 SPC220NC;Philips SPC220NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 507136]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\WINDOWS\System32\DRIVERS\rob_a.sys [2003-02-10 17664]
S2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\WINDOWS\system32\drivers\rob_v.sys [2003-04-11 125568]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BtAudio;Bluetooth Audio; C:\WINDOWS\System32\DRIVERS\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys []
S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 Fadpu16E;Fadpu16E; C:\WINDOWS\system32\drivers\Fadpu16E.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\System32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 pctvvbi;PCTVVBI; C:\WINDOWS\System32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TESTCAP;Studio PCTV (Audio); C:\WINDOWS\System32\DRIVERS\PCTVAud.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\WEINNI~1\LOCALS~1\Temp\mc222.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 InteractiveLogon;InteractiveLogon; C:\WINDOWS\System32\Fast.exe [2001-10-19 49216]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-08-29 507904]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 eMule;eMule MorphXT as a service; D:\Program Files\eMule\emule.exe [2009-03-23 6905856]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-22 654848]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 EasyBoxApache;EasyBoxApache; D:\Program Files\EasyBox\Apache\Apache.exe [2005-12-01 20537]
S4 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
S4 MacFormatService;MacFormatService; C:\Program Files\Conversions Plus\FORMATM.EXE [2001-09-16 266304]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-11 155715]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 RetroLauncher;Retrospect Launcher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [2003-11-12 49152]
S4 RetroWDSvc;Retrospect WD Service; C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe [2004-01-26 46592]
S4 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
-----------------EOF-----------------
__________ Information NOD32 4610 (20091115) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
__________ Information NOD32 4610 (20091115) __________
Ce message a ete verifie par NOD32 Antivirus System.
https://www.eset.com/int/
heu non je n'ai toujours pas internet sur mon fix. par contre en wifi ça marche sur un portable. je dirai meme plus c pire qu'avant car je pouvais avoir internet pendant 4 min et maintenant je demarre mon ordi et rien... HELP
Hello ,
Helper-Mask,
Je doute que ceci soit très légitime:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jxo3023e]
w002d632.dll,n 0033023b0000000a002d632 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsq]
awtsq.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccb]
ddccb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcc]
gebcc.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhg]
pmkhg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqr]
vtsqr.dll []
A vérifier:
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
++
Helper-Mask,
Je doute que ceci soit très légitime:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jxo3023e]
w002d632.dll,n 0033023b0000000a002d632 []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsq]
awtsq.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccb]
ddccb.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcc]
gebcc.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhg]
pmkhg.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqr]
vtsqr.dll []
A vérifier:
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{74D24CE9-0AE8-1036-0514-030306030021}] "C:\Program Files\Fichiers communs\{74D24CE9-0AE8-1036-0514-030306030021}\Update.exe" mc-110-12-0000229 (User 'SYSTEM')
++
Je confirme, c'est encore bourré d'infections..
Je rajoute celui ci en prime :
Je rajoute celui ci en prime :
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
cela m'étonne pas trop merci pour vos commentaires mais que dois je faire??????
encore merci pour votre aide
encore merci pour votre aide
Salut C_XX :-)
Un Helper va intervenir car je crois qu'il va falloir mettre en place un script pour sa ;)
++
Un Helper va intervenir car je crois qu'il va falloir mettre en place un script pour sa ;)
++
