Sujet Précédent Sujet Suivant

Virus détécté sans cesse par Antivir Guard

b2oire -  
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour, ben voilà depuis quelque temps, antivir n'arrete pas d'afficher sans cesse un message disant qu'il ya un virus et quand je mets delete, il part pas donc j'ai fait un scan merci d'avance :-)

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-02-06 10:46:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 93 GB (63%) free of 148 GB
Total RAM: 447 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:58, on 6/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\DEFENS~1\gescw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\aecces.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\user\Bureau\RSIT.exe
C:\Documents and Settings\user\Bureau\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: {11ec3410-a6dd-0599-95d4-e810075f8583} - {3858f570-018e-4d59-9950-dd6a0143ce11} - (no file)
O2 - BHO: (no name) - {400B195E-3944-436C-8AE8-44F485330B2F}8AE8-44F485330B2F} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {B997E796-2BCF-4980-B856-72680EC7BAE2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\DEFENS~1\gescw.exe" -start
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Machine Works, Inc.] C:\WINDOWS\system32\aecces.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://tchatpassion.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.viewpoint.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS\
O20 - Winlogon Notify: awvtu - C:\WINDOWS\
O20 - Winlogon Notify: byxyxwv - byxyxwv.dll (file missing)
O20 - Winlogon Notify: ddabc - C:\WINDOWS\
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: ddcya - C:\WINDOWS\
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\
O20 - Winlogon Notify: gebyv - C:\WINDOWS\
O20 - Winlogon Notify: geebb - C:\WINDOWS\
O20 - Winlogon Notify: geedc - C:\WINDOWS\
O20 - Winlogon Notify: geedd - C:\WINDOWS\
O20 - Winlogon Notify: geede - C:\WINDOWS\
O20 - Winlogon Notify: jkhff - C:\WINDOWS\
O20 - Winlogon Notify: mljgd - C:\WINDOWS\
O20 - Winlogon Notify: mlljg - C:\WINDOWS\
O20 - Winlogon Notify: mllmj - C:\WINDOWS\
O20 - Winlogon Notify: pmnno - C:\WINDOWS\
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\
O20 - Winlogon Notify: ssqro - C:\WINDOWS\
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: vtsqn - C:\WINDOWS\
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\
O20 - Winlogon Notify: vtsts - C:\WINDOWS\
O20 - Winlogon Notify: vturq - C:\WINDOWS\
O20 - Winlogon Notify: vturr - C:\WINDOWS\
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9fe20255b95dc) (gupdate1c9fe20255b95dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
A voir également:

11 réponses

Réponse 1 / 11
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   86
 
Bonjour ,

Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe[/url] et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
0
Réponse 2 / 11
b2oire
 
Merci encore pour le conseil que j'ai appliquer voilà mon rapport :-)

ComboFix 10-02-05.04 - user 06/02/2010 19:56:13.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.32.1036.18.447.140 [GMT 1:00]
Lancé depuis: c:\documents and settings\user\Mes documents\Téléchargements\Important.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Mslogpa.dll
c:\windows\Mstecf.dat
c:\windows\system32\aecces.exe
c:\windows\system32\aokjgfmn.ini
c:\windows\system32\awtbecch.ini
c:\windows\system32\aycdd.bak1
c:\windows\system32\aycdd.bak2
c:\windows\system32\aycdd.ini
c:\windows\system32\bbeeg.bak1
c:\windows\system32\bbeeg.ini
c:\windows\system32\cbadd.bak1
c:\windows\system32\cbadd.ini
c:\windows\system32\cccdd.bak1
c:\windows\system32\cccdd.ini
c:\windows\system32\cdeeg.bak1
c:\windows\system32\cdeeg.ini
c:\windows\system32\cnlssteu.ini
c:\windows\system32\ddeeg.bak1
c:\windows\system32\ddeeg.ini
c:\windows\system32\dgjlm.bak1
c:\windows\system32\dgjlm.ini
c:\windows\system32\edeeg.bak1
c:\windows\system32\edeeg.ini
c:\windows\system32\ffhkj.bak1
c:\windows\system32\ffhkj.ini
c:\windows\system32\flashbod.dll
c:\windows\system32\ghmyfrmh.ini
c:\windows\system32\gjllm.bak1
c:\windows\system32\gjllm.ini
c:\windows\system32\gpgkhiqn.ini
c:\windows\system32\H8SRTewqxylhlhs.dat
c:\windows\system32\hkdxjvda.ini
c:\windows\system32\hmbtause.ini
c:\windows\system32\igqclmif.ini
c:\windows\system32\jimuoowm.ini
c:\windows\system32\jmllm.bak1
c:\windows\system32\jmllm.ini
c:\windows\system32\kcpobpyk.ini
c:\windows\system32\khxxngpg.ini
c:\windows\system32\ltaaumgu.ini
c:\windows\system32\mpqss.bak1
c:\windows\system32\mpqss.bak2
c:\windows\system32\mpqss.ini
c:\windows\system32\ndgqrava.ini
c:\windows\system32\nogfoygp.ini
c:\windows\system32\nqstv.bak1
c:\windows\system32\nqstv.ini
c:\windows\system32\nqtss.bak1
c:\windows\system32\nqtss.bak2
c:\windows\system32\nqtss.ini
c:\windows\system32\nqtss.tmp
c:\windows\system32\nvtjcdgm.ini
c:\windows\system32\onnmp.bak1
c:\windows\system32\onnmp.bak2
c:\windows\system32\onnmp.ini
c:\windows\system32\orgpnycn.ini
c:\windows\system32\orqss.bak1
c:\windows\system32\orqss.ini
c:\windows\system32\owbmjtwv.ini
c:\windows\system32\pxvsxihc.ini
c:\windows\system32\pysfmsyk.ini
c:\windows\system32\qhlobbxv.ini
c:\windows\system32\qhspvymq.ini
c:\windows\system32\qkckbflw.ini
c:\windows\system32\qqstv.bak1
c:\windows\system32\qqstv.ini
c:\windows\system32\qqtwa.bak1
c:\windows\system32\qqtwa.ini
c:\windows\system32\qrutv.bak1
c:\windows\system32\qrutv.ini
c:\windows\system32\rrqss.bak1
c:\windows\system32\rrqss.ini
c:\windows\system32\rrutv.bak1
c:\windows\system32\rrutv.ini
c:\windows\system32\rtpfrffu.ini
c:\windows\system32\snihfrrq.ini
c:\windows\system32\srcr.dat
c:\windows\system32\srqss.bak1
c:\windows\system32\srqss.ini
c:\windows\system32\srutv.bak1
c:\windows\system32\srutv.ini
c:\windows\system32\ststv.bak1
c:\windows\system32\ststv.ini
c:\windows\system32\svvwa.bak1
c:\windows\system32\svvwa.bak2
c:\windows\system32\svvwa.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\uhfaewnq.ini
c:\windows\system32\utvwa.bak1
c:\windows\system32\utvwa.bak2
c:\windows\system32\utvwa.ini
c:\windows\system32\vngjsspc.ini
c:\windows\system32\vucmtahr.ini
c:\windows\system32\vvqqnnbx.ini
c:\windows\system32\vybeg.bak1
c:\windows\system32\vybeg.ini
c:\windows\system32\vycdd.bak1
c:\windows\system32\vycdd.ini
c:\windows\system32\wtbuvqaa.ini
c:\windows\system32\xucttttg.ini
c:\windows\system32\ybnawexs.ini
c:\windows\system32\yfblvhmk.ini
c:\windows\system32\yukrvyxn.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-06 au 2010-02-06 ))))))))))))))))))))))))))))))))))))
.

2010-02-06 18:35 . 2006-11-05 23:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ATI
2010-02-05 12:20 . 2010-02-05 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-01-23 13:45 . 2010-02-06 18:47 -------- d-----w- c:\documents and settings\user\Application Data\HPAppData
2010-01-23 13:38 . 2010-01-23 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-01-23 13:28 . 2010-02-01 19:04 -------- d-----w- c:\documents and settings\user\Application Data\HP
2010-01-23 13:12 . 2010-01-23 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-23 13:10 . 2010-01-23 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-22 05:38 . 2010-01-22 05:38 -------- d-----w- c:\documents and settings\user\Application Data\Regensoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 09:25 . 2009-06-23 08:49 -------- d-----w- c:\program files\JkDefrag
2010-02-05 21:04 . 2008-10-12 14:14 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2010-01-28 06:27 . 2006-10-23 02:03 540874 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-28 06:27 . 2006-10-23 02:03 99392 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-27 16:10 . 2010-01-27 16:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-27 16:09 . 2010-01-27 16:09 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2010-01-23 13:38 . 2010-01-23 13:04 219217 ----a-w- c:\windows\hpoins40.dat
2010-01-23 13:30 . 2010-01-23 13:05 -------- d-----w- c:\program files\HP
2010-01-23 13:11 . 2010-01-23 13:11 -------- d-----w- c:\program files\Fichiers communs\HP
2010-01-23 13:10 . 2010-01-23 13:10 -------- d-----w- c:\program files\Fichiers communs\Hewlett-Packard
2010-01-17 06:30 . 2010-01-17 06:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-17 06:30 . 2006-11-06 00:10 -------- d-----w- c:\program files\Java
2010-01-17 06:29 . 2010-01-17 06:29 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-17 06:29 . 2010-01-17 06:29 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-16 20:43 . 2010-01-16 20:43 -------- d-----w- c:\program files\Regensoft
2010-01-16 20:43 . 2008-11-08 19:13 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-16 20:42 . 2010-01-16 20:42 -------- d-----w- c:\program files\Red Kawa
2010-01-03 13:31 . 2010-01-03 13:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2010-01-02 05:19 . 2010-01-02 05:19 -------- d-----w- c:\program files\MSBuild
2010-01-02 05:18 . 2010-01-02 05:18 -------- d-----w- c:\program files\Reference Assemblies
2010-01-02 05:05 . 2010-01-02 05:05 -------- d-----w- c:\program files\MSXML 6.0
2010-01-01 22:03 . 2010-01-01 21:56 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-01 21:56 . 2010-01-01 21:56 -------- d-----w- c:\documents and settings\user\Application Data\TuneUp Software
2010-01-01 21:56 . 2010-01-01 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-01 21:55 . 2010-01-01 21:55 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-01 21:44 . 2006-11-05 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 21:41 . 2009-03-20 17:55 -------- d-----w- c:\documents and settings\user\Application Data\Samsung
2010-01-01 21:22 . 2009-06-18 16:21 -------- d-----w- c:\program files\Trend Micro
2010-01-01 20:48 . 2010-01-01 20:48 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-01-01 20:48 . 2010-01-01 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 20:48 . 2010-01-01 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 20:37 . 2009-12-28 08:27 6853096 ----a-w- C:\SpyHunter-Compact-OS.exe
2009-12-30 13:55 . 2010-01-01 20:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2010-01-01 20:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 08:27 . 2009-12-28 08:27 -------- d-----w- c:\program files\Enigma Software Group
2009-12-27 15:35 . 2009-12-27 15:35 -------- d-----w- c:\program files\Panda Security
2009-12-27 13:17 . 2009-12-27 13:06 -------- d-----w- c:\documents and settings\user\Application Data\QuickScan
2009-12-27 10:49 . 2008-11-08 20:00 -------- d-----w- c:\program files\Movies2iPhone
2009-12-24 01:52 . 2009-12-27 13:06 684032 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2bg3j9o.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-24 01:52 . 2009-12-27 13:06 776704 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2bg3j9o.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-22 05:41 . 2006-10-23 02:03 666112 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:41 . 2006-11-13 23:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 20:03 . 2010-01-01 21:57 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 19:56 . 2010-01-01 22:02 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-21 16:42 . 2006-11-13 22:59 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-01 21:02 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-02 12:00 . 2006-11-13 23:11 73728 --sh--w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-05 68856]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2009-07-30 9156912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-17 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"gescw"="c:\progra~1\FICHIE~1\DEFENS~1\gescw.exe" [2007-08-15 131072]
"DefenseDuDisque"="c:\program files\DefenseDuDisque\SysRep.exe" [2007-10-09 5459968]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 16050688]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-05-13 1397760]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-05 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\APPS\\Powercinema\\PCMService.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [27/12/2009 16:45 28552]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:00 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7:24 10064]
S2 gupdate1c9fe20255b95dc;Service Google Update (gupdate1c9fe20255b95dc);c:\program files\Google\Update\GoogleUpdate.exe [6/07/2009 10:57 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/01/2010 21:48 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 09:57]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 09:57]

2010-02-06 c:\windows\Tasks\Recherche de problèmes automatique.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.speedbit.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: chat-land.org\www
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2bg3j9o.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2bg3j9o.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\w2bg3j9o.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3858f570-018e-4d59-9950-dd6a0143ce11} - (no file)
BHO-{400B195E-3944-436C-8AE8-44F485330B2F}8AE8-44F485330B2F} - (no file)
BHO-{B997E796-2BCF-4980-B856-72680EC7BAE2} - (no file)
Notify-awvtu - (no file)
Notify-byxyxwv - byxyxwv.dll
Notify-ddabc - (no file)
Notify-ddccc - (no file)
Notify-ddcya - (no file)
Notify-ddcyv - (no file)
Notify-gebyv - (no file)
Notify-geebb - (no file)
Notify-geedc - (no file)
Notify-geedd - (no file)
Notify-geede - (no file)
Notify-jkhff - (no file)
Notify-mljgd - (no file)
Notify-mlljg - (no file)
Notify-mllmj - (no file)
Notify-pmnno - (no file)
Notify-ssqpm - (no file)
Notify-ssqro - (no file)
Notify-ssqrr - (no file)
Notify-ssqrs - (no file)
Notify-sstqn - (no file)
Notify-vtsqn - (no file)
Notify-vtsqq - (no file)
Notify-vtsts - (no file)
Notify-vturq - (no file)
Notify-vturr - (no file)
Notify-vturs - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 20:08
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 20:19:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-06 19:19

Avant-CF: 97.966.960.640 octets libres
Après-CF: 97.945.243.648 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - C38A4C8DF40F1BFB4AE78D8722D51BB8
0
Réponse 3 / 11
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   86
 
Maintenant fais cela :

Télécharge Malwarebytes' Anti-Malware (MBAM) http://www.malwarebytes.org/mbam-download.php

Avant tous il faut brancher tous les supports amovibles que tu possède avant de faire ce scan ( disque dur externes , clé usb ... )

1. Double clique sur le fichier téléchargé
2. Dans l'onglet "Mise à jour", clique sur "Recherche de mise à jour": si ton parefeu te demande de d'autoriser MBAM accepte
3. Quand la mise à jour est terminé va dans l'onglet
4. Tu sélectionne "Exécuter un examen complet"
5. Puis tu clique sur "Rechercher"

L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

6. L'examen s'est terminé normalement. Il te reste a cliquer sur "Afficher les résultats" pour afficher tous les objets trouvés.

7. Maintenant tu clique sur "Ok" pour poursuivre.
8. Ferme tes navigateurs ( firefox , internet explorer , chrome , opéra...)
9. Si MBAM à détecter des malwares, clique sur "Afficher les résultats".
10. Sélectionne tout et clique sur "Supprimer la sélection",MBAM va supprimer tous les fichiers infectés.
11. Le Bloc-notes va s'ouvrir avec le rapport d'analyse
12. Fais un copier coller de ce rapport et poste-le dans ton prochain message.

Poste aussi un nouveau rapport RSIT

Il faudra impérativement mettre à jour :
Microsoft Windows XP Édition familiale Service Pack 2
Version MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Je vois que tu as des restes de Norton il va falloir aussi faire un peu de ménage on va voir cela après la désinfection.
0
Réponse 4 / 11
b2oire
 
J'ai fait l'analyse et aucun élément infecté, je voudrais savoir aussi s'il y a moyen que mon ordinateur aille plus vite. Voilà le rapport et merci d'avance

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3470
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/02/2010 12:31:28
mbam-log-2010-02-07 (12-31-28).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 240724
Temps écoulé: 2 hour(s), 37 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   86
 
Norton doit pas mal le ralentir enfin surtout s'il reste des traces voici un tuto pour le désinstaller manuellement :

https://www.commentcamarche.net/faq/3151-desinstaller-norton-symantec

Pourrais tu me poster aussi le nouveau rapport RSIT
0
Réponse 6 / 11
b2oire
 
Voilà le rapport... je voudrais dire encore merci pour l'aide c'est très sympa :-)

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-02-06 10:46:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 93 GB (63%) free of 148 GB
Total RAM: 447 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:58, on 6/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\DEFENS~1\gescw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\aecces.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\user\Bureau\RSIT.exe
C:\Documents and Settings\user\Bureau\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: {11ec3410-a6dd-0599-95d4-e810075f8583} - {3858f570-018e-4d59-9950-dd6a0143ce11} - (no file)
O2 - BHO: (no name) - {400B195E-3944-436C-8AE8-44F485330B2F}8AE8-44F485330B2F} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {B997E796-2BCF-4980-B856-72680EC7BAE2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\DEFENS~1\gescw.exe" -start
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Machine Works, Inc.] C:\WINDOWS\system32\aecces.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://tchatpassion.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.viewpoint.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: awtqq - C:\WINDOWS\
O20 - Winlogon Notify: awvtu - C:\WINDOWS\
O20 - Winlogon Notify: byxyxwv - byxyxwv.dll (file missing)
O20 - Winlogon Notify: ddabc - C:\WINDOWS\
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: ddcya - C:\WINDOWS\
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\
O20 - Winlogon Notify: gebyv - C:\WINDOWS\
O20 - Winlogon Notify: geebb - C:\WINDOWS\
O20 - Winlogon Notify: geedc - C:\WINDOWS\
O20 - Winlogon Notify: geedd - C:\WINDOWS\
O20 - Winlogon Notify: geede - C:\WINDOWS\
O20 - Winlogon Notify: jkhff - C:\WINDOWS\
O20 - Winlogon Notify: mljgd - C:\WINDOWS\
O20 - Winlogon Notify: mlljg - C:\WINDOWS\
O20 - Winlogon Notify: mllmj - C:\WINDOWS\
O20 - Winlogon Notify: pmnno - C:\WINDOWS\
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\
O20 - Winlogon Notify: ssqro - C:\WINDOWS\
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\
O20 - Winlogon Notify: sstqn - C:\WINDOWS\
O20 - Winlogon Notify: vtsqn - C:\WINDOWS\
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\
O20 - Winlogon Notify: vtsts - C:\WINDOWS\
O20 - Winlogon Notify: vturq - C:\WINDOWS\
O20 - Winlogon Notify: vturr - C:\WINDOWS\
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9fe20255b95dc) (gupdate1c9fe20255b95dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
End of file - 13879 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Recherche de problèmes automatique.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-10-05 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3858f570-018e-4d59-9950-dd6a0143ce11}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{400B195E-3944-436C-8AE8-44F485330B2F}8AE8-44F485330B2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1056498-D09A-41E4-864B-505EDD640D9E}]
SBCONVERT Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-29 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B997E796-2BCF-4980-B856-72680EC7BAE2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-17 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"gescw"=C:\PROGRA~1\FICHIE~1\DEFENS~1\gescw.exe [2007-08-15 131072]
"DefenseDuDisque"=C:\Program Files\DefenseDuDisque\SysRep.exe [2007-10-09 5459968]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-24 16050688]
"PCMService"=c:\APPS\Powercinema\PCMService.exe [2006-02-23 147456]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-05-13 1397760]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-05 198160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Machine Works, Inc."=C:\WINDOWS\system32\aecces.exe [2010-02-04 35328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-05 68856]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2009-07-30 9156912]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-19 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqq]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxyxwv]
byxyxwv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddabc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcya]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcyv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geebb]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geede]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkhff]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljgd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mllmj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpm]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqro]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqrs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sstqn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqq]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vturq]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vturr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vturs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\APPS\Powercinema\PCMService.exe"="C:\APPS\Powercinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-02-04 13:26:58 ----A---- C:\WINDOWS\Mslogpa.dll
2010-02-04 13:20:07 ----A---- C:\WINDOWS\system32\flashbod.dll
2010-02-04 13:20:07 ----A---- C:\WINDOWS\system32\aecces.exe
2010-02-02 11:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-01-27 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB909394$
2010-01-27 17:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB894476$
2010-01-27 17:10:10 ----D---- C:\Program Files\Microsoft ActiveSync
2010-01-27 17:09:30 ----D---- C:\Program Files\Windows Mobile Device Handbook
2010-01-23 14:45:08 ----D---- C:\Documents and Settings\user\Application Data\HPAppData
2010-01-23 14:38:19 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2010-01-23 14:28:52 ----D---- C:\Documents and Settings\user\Application Data\HP
2010-01-23 14:27:33 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2010-01-23 14:26:56 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2010-01-23 14:26:56 ----RA---- C:\WINDOWS\system32\hposwia_p02d.dll
2010-01-23 14:26:56 ----RA---- C:\WINDOWS\system32\hpost_p02d.dll
2010-01-23 14:26:56 ----RA---- C:\WINDOWS\system32\hposc_p02a.dll
2010-01-23 14:12:36 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2010-01-23 14:11:13 ----D---- C:\Program Files\Fichiers communs\HP
2010-01-23 14:10:43 ----D---- C:\Program Files\Fichiers communs\Hewlett-Packard
2010-01-23 14:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2010-01-23 14:08:39 ----A---- C:\WINDOWS\system32\hpf3l70v.dll
2010-01-23 14:08:15 ----HD---- C:\Config.Msi
2010-01-23 14:05:38 ----D---- C:\Program Files\HP
2010-01-22 06:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-22 06:38:18 ----D---- C:\Documents and Settings\user\Application Data\Regensoft
2010-01-17 07:30:29 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-17 07:30:29 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-17 07:30:29 ----A---- C:\WINDOWS\system32\java.exe
2010-01-17 07:30:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-16 21:43:18 ----D---- C:\Program Files\Regensoft
2010-01-16 21:42:47 ----D---- C:\Program Files\Red Kawa
2010-01-13 15:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 15:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-06 10:46:45 ----D---- C:\WINDOWS\Prefetch
2010-02-06 10:44:40 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 10:41:23 ----D---- C:\WINDOWS\system32
2010-02-06 10:25:58 ----D---- C:\Program Files\JkDefrag
2010-02-06 10:21:46 ----D---- C:\WINDOWS
2010-02-06 10:21:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-06 10:20:29 ----D---- C:\WINDOWS\Temp
2010-02-06 10:17:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 22:04:26 ----D---- C:\Documents and Settings\user\Application Data\LimeWire
2010-02-02 11:49:49 ----HD---- C:\WINDOWS\inf
2010-02-02 11:49:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 11:48:29 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-02 11:48:29 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-01 20:04:48 ----D---- C:\WINDOWS\system32\FxsTmp
2010-01-30 18:37:17 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2010-01-29 05:33:18 ----SHD---- C:\WINDOWS\Installer
2010-01-28 07:27:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 19:25:30 ----D---- C:\WINDOWS\Debug
2010-01-27 17:12:22 ----D---- C:\WINDOWS\system32\drivers
2010-01-27 17:10:12 ----D---- C:\WINDOWS\Help
2010-01-27 17:10:12 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-27 17:10:10 ----RD---- C:\Program Files
2010-01-27 17:10:10 ----D---- C:\WINDOWS\WinSxS
2010-01-23 14:28:45 ----A---- C:\WINDOWS\win.ini
2010-01-23 14:26:59 ----D---- C:\WINDOWS\twain_32
2010-01-23 14:12:50 ----RSD---- C:\WINDOWS\Fonts
2010-01-23 14:11:13 ----D---- C:\Program Files\Fichiers communs
2010-01-23 14:08:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-22 06:58:58 ----D---- C:\Program Files\Internet Explorer
2010-01-17 07:30:11 ----D---- C:\Program Files\Java
2010-01-16 21:43:08 ----D---- C:\Program Files\AviSynth 2.5
2010-01-13 17:21:49 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-28 75096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-05-13 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-05-13 28160]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-08 5632]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-19 1675776]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-24 4374016]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-17 83968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-05-13 99584]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 20648]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2006-03-02 40320]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-25 574808]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-19 401408]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2006-02-23 266338]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2006-02-23 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe [2006-02-23 1073152]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-17 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2006-03-02 268800]
S2 gupdate1c9fe20255b95dc;Service Google Update (gupdate1c9fe20255b95dc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-06 133104]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-01 435016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Configuration: Windows XP
Firefox 3.5.7
0
Réponse 7 / 11
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   86
 
Alors :

Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe[/url] et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
0
Réponse 8 / 11
b2oire
 
Merci mais c'était pour permettre à l'ordinateur d'aller plus vite et que ce que je devais faire
0
Réponse 9 / 11
Utilisateur anonyme
 
fais sa apres ton ordi devrais aller mieux
0
Réponse 10 / 11
b2oire
 
Merci jeanlegain j'ai déjà fait cette opération, voilà mon nouveau rapport et s'il y aurai des solutions sur la vitesse et voir s'il y a encore des virus ce serait gentil de votre part :-)

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-02-07 19:53:06
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 93 GB (63%) free of 148 GB
Total RAM: 447 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:17, on 7/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\DefenseDuDisque\SysRep.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\user\Bureau\RSIT.exe
C:\Documents and Settings\user\Bureau\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DefenseDuDisque] C:\Program Files\DefenseDuDisque\SysRep.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://tchatpassion.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.viewpoint.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1c9fe20255b95dc) (gupdate1c9fe20255b95dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
0
Réponse 11 / 11
truecode Messages postés 2092 Date d'inscription   Statut Membre Dernière intervention   86
 
Voilà pu de trace d'infection .

Je te conseil tout de même de faire cela :

Télécharge Malwarebytes' Anti-Malware (MBAM) http://www.malwarebytes.org/mbam-download.php

Avant tous il faut brancher tous les supports amovibles que tu possède avant de faire ce scan ( disque dur externes , clé usb ... )

1. Double clique sur le fichier téléchargé
2. Dans l'onglet "Mise à jour", clique sur "Recherche de mise à jour": si ton parefeu te demande de d'autoriser MBAM accepte
3. Quand la mise à jour est terminé va dans l'onglet
4. Tu sélectionne "Exécuter un examen complet"
5. Puis tu clique sur "Rechercher"

L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

6. L'examen s'est terminé normalement. Il te reste a cliquer sur "Afficher les résultats" pour afficher tous les objets trouvés.

7. Maintenant tu clique sur "Ok" pour poursuivre.
8. Ferme tes navigateurs ( firefox , internet explorer , chrome , opéra...)
9. Si MBAM à détecter des malwares, clique sur "Afficher les résultats".
10. Sélectionne tout et clique sur "Supprimer la sélection",MBAM va supprimer tous les fichiers infectés.
11. Le Bloc-notes va s'ouvrir avec le rapport d'analyse
12. Fais un copier coller de ce rapport et poste-le dans ton prochain message.

Ensuite il faut absolument faire les mises a jour de :

Microsoft Windows XP Édition familiale Service Pack 2
Version MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
0

Discussions similaires

Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
"AMD a détecté un dépassement de délai du pilote"
XDA -
XDA -

16 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses