(virus) infecté par virtumonde

miamiou Messages postés 7 Statut Membre -  
miamiou Messages postés 7 Statut Membre -
bonjour à tous

svp pourriez vous m'aider à virer l'adware virtumonde qui est actuellement sur mon pc
ci-joint rapport hijackthis
d'avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:48, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HDD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Aide mémoire.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: https://www.impots.gouv.fr/
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB0F156-EA98-472F-A8F3-09EEE6226E29}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12244 bytes
Configuration: Windows XP
Firefox 2.0.0.6

8 réponses

  1. eclypse16 Messages postés 162 Date d'inscription   Statut Membre
     
    salut

    Fais cette procedure : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

    Poste le rapport
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec vundo

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    virtumondebegone

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    puis Symantec Vundo Remove Tool

    https://www.broadcom.com/support/security-center

    et

    https://www.broadcom.com/support/security-center
    0
    1. miamiou Messages postés 7 Statut Membre
       
      bonjour

      téléchargements effectués et ci-joint rapport vundo


      VundoFix V6.5.7

      Checking Java version...

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.7
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Scan started at 18:14:55 09/08/2007

      Listing files found while scanning....

      C:\windows\system32\mllmj.exe

      Beginning removal...

      Attempting to delete C:\windows\system32\mllmj.exe
      C:\windows\system32\mllmj.exe Has been deleted!

      Performing Repairs to the registry.
      Done!
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > miamiou Messages postés 7 Statut Membre
         
        une partie des vundo (virtumonde a été viré : encore des pbs?
        si oui fait la suite
        et

        combofix (colle le rapport)

        http://mickael.barroux.free.fr/securite/combofix.php



        _________
        colle le rapport d'un scan en ligne
        avec un des suivants:


        bitdefender en ligne :
        http://www.bitdefender.fr/scan_fr/scan8/ie.html

        Panda en ligne :
        http://pandasoftware.fr


        scan en ligne firefox

        https://www.trendmicro.com/fr_fr/business.html



        si il en reste donne le nom et les emplacement et colle un rapport hijackthis
        0
      2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > jlpjlp Messages postés 52399 Statut Contributeur sécurité
         
        je laisse eclypse 16 finir ton pb

        bonne continuation

        à tous les deux
        0
      3. miamiou Messages postés 7 Statut Membre > jlpjlp Messages postés 52399 Statut Contributeur sécurité
         
        ComboFix 07-08-09.3 - "HP_Propri‚taire" 2007-08-09 20:35:41.1 - NTFSx86
        Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
        * Created a new restore point


        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


        C:\WINDOWS\hgdaxv.dll
        C:\WINDOWS\system32\awvvs.exe
        C:\WINDOWS\system32\nvs2.inf
        C:\WINDOWS\system32\ssqpn.exe
        C:\WINDOWS\system32\stera.log
        C:\WINDOWS\vxadgh.ini
        D:\Autorun.inf


        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


        -------\LEGACY_DOMAINSERVICE
        -------\LEGACY_VSPF
        -------\LEGACY_VSPF_HK
        -------\DomainService


        ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


        2007-08-09 20:34 51,200 --a------ C:\WINDOWS\nircmd.exe
        2007-08-09 19:25 <REP> d-------- C:\Navipromo
        2007-08-09 17:51 <REP> d-------- C:\BFU
        2007-08-09 12:24 <REP> d-------- C:\Program Files\Panda Security
        2007-08-08 14:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
        2007-08-08 14:03 <REP> d-------- C:\WINDOWS\ERUNT
        2007-08-08 12:04 <REP> d-------- C:\!KillBox
        2007-08-07 23:36 <REP> d-------- C:\HDD
        2007-08-07 18:06 853 --a------ C:\reboot.cmd
        2007-08-07 18:06 68,096 --a------ C:\diff.exe
        2007-08-07 18:06 103,424 --a------ C:\grep.exe
        2007-08-07 16:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
        2007-08-07 16:09 <REP> d-------- C:\VundoFix Backups
        2007-08-07 14:23 <REP> d-------- C:\WINDOWS\BDOSCAN8
        2007-08-06 23:05 <REP> d-------- C:\temp
        2007-08-06 18:08 <REP> d-------- C:\Program Files\Skyline
        2007-08-06 11:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
        2007-08-03 23:47 <REP> d-------- C:\Program Files\MiniCap
        2007-08-03 23:40 <REP> d-------- C:\Program Files\MaxCapture
        2007-08-03 23:34 <REP> d-------- C:\Program Files\Spy Shot
        2007-08-03 21:33 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
        2007-08-03 21:33 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
        2007-08-03 21:33 <REP> d-------- C:\WINDOWS\system32\AlertModule
        2007-08-01 23:16 <REP> d-------- C:\Program Files\Real Alternative
        2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Real
        2007-08-01 23:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
        2007-08-01 23:12 <REP> d-------- C:\Program Files\QuickTime Alternative
        2007-08-01 22:51 <REP> d-------- C:\Program Files\CamStudio
        2007-08-01 21:54 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Media Player Classic
        2007-08-01 18:21 <REP> d-------- C:\Program Files\Capturino 1.4
        2007-08-01 14:48 <REP> d-------- C:\Program Files\PrintKey 2000 Fr
        2007-08-01 12:23 <REP> d-------- C:\Program Files\WinAVI Video Capture
        2007-07-30 19:39 <REP> d-------- C:\Program Files\Team MediaPortal
        2007-07-28 10:02 <REP> d-------- C:\Program Files\Wallpaper
        2007-07-27 21:42 <REP> d-------- C:\MyBackup
        2007-07-27 21:34 <REP> d-------- C:\Program Files\Premium Booster
        2007-07-23 12:51 740,442 --a------ C:\WINDOWS\system32\divx.dll
        2007-07-23 12:51 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
        2007-07-23 12:51 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
        2007-07-23 12:51 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
        2007-07-23 12:51 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
        2007-07-23 12:51 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
        2007-07-23 12:51 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
        2007-07-22 21:35 5 --ahs---- C:\WINDOWS\system32\ebebcab_g.dll
        2007-07-22 21:34 <REP> d-------- C:\Program Files\RegSupreme
        2007-07-16 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ma-config.com
        2007-07-12 12:19 <REP> d-------- C:\Program Files\Aide m‚moire
        2007-07-10 00:02 1,013,406 ---hs---- C:\WINDOWS\uwaddd.ini2


        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

        2007-08-09 20:41 --------- d-------- C:\Program Files\Wanadoo
        2007-08-09 15:04 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Skype
        2007-08-09 12:25 11910 --a------ C:\WINDOWS\mozver.dat
        2007-08-06 19:14 179 --a------ C:\handle.dat
        2007-08-06 18:24 --------- d-------- C:\Program Files\Google
        2007-08-06 14:50 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2
        2007-08-05 23:19 --------- d-------- C:\Program Files\CartaGoGo
        2007-08-03 14:06 --------- d-------- C:\Program Files\Mozilla Thunderbird
        2007-08-01 22:21 --------- d-------- C:\Program Files\Apple Software Update
        2007-07-31 23:55 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ESTsoft
        2007-07-30 14:01 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Wallpaper
        2007-07-29 17:46 --------- d-------- C:\Program Files\Paint.NET
        2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
        2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
        2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
        2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
        2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
        2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
        2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
        2007-07-23 12:51 --------- d-------- C:\Program Files\K-Lite Codec Pack
        2007-07-22 23:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
        2007-07-19 19:19 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
        2007-07-19 19:07 --------- d-------- C:\Program Files\Opera
        2007-07-12 11:56 78192 --a------ C:\WINDOWS\system32\perfc00C.dat
        2007-07-12 11:56 55596 --a------ C:\WINDOWS\system32\perfc040.dat
        2007-07-12 11:56 474410 --a------ C:\WINDOWS\system32\perfh00C.dat
        2007-07-12 11:56 419608 --a------ C:\WINDOWS\system32\perfh040.dat
        2007-07-07 00:19 4952 -rahs---- C:\bootfont.bin
        2007-07-07 00:02 24576 -r-hs---- C:\bootwiz.sys
        2007-07-05 23:52 1079808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
        2007-07-01 23:33 --------- d-------- C:\Program Files\Movie Maker
        2007-07-01 23:28 219648 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
        2007-07-01 23:28 219648 --a------ C:\WINDOWS\system32\uxtheme.dll
        2007-07-01 23:28 133359 --a------ C:\WINDOWS\BricoPackUninst.cmd
        2007-07-01 23:28 121 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
        2007-07-01 23:18 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\ViStart
        2007-06-30 23:52 --------- d-------- C:\Program Files\FeedReader30
        2007-06-30 23:31 --------- d-------- C:\Program Files\Picasa2
        2007-06-22 22:57 --------- d-------- C:\Program Files\Zylom Games
        2007-06-20 19:31 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Spamihilator
        2007-06-19 21:42 --------- d-------- C:\Program Files\Gcompris
        2007-06-18 23:06 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\eXPert PDF Editor
        2007-06-17 23:33 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\RTPlayer
        2007-06-15 23:12 --------- d-------- C:\Program Files\Windows Defender
        2007-06-15 22:35 --------- d-------- C:\Program Files\Fichiers communs\Agnitum Shared
        2007-06-15 21:34 --------- d-------- C:\Program Files\Agnitum
        2007-06-13 21:34 --------- d-------- C:\Program Files\Visagesoft
        2007-05-28 22:51 8443 --------- C:\WINDOWS\system32\vtsqnnk.dll
        2007-05-27 18:59 0 --ahs---- C:\CONFIG.SYS
        2007-05-27 18:59 0 --ahs---- C:\AUTOEXEC.BAT
        2007-05-27 18:57 23756 --a------ C:\WINDOWS\system32\emptyregdb.dat
        2007-05-16 17:13 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
        2007-05-16 17:13 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
        2007-05-16 17:13 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
        2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
        2007-05-16 17:13 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
        2007-05-16 17:13 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
        2007-05-11 16:39 4082 --a--c--- C:\DOCUME~1\HP_PRO~1\APPLIC~1\wklnhst.dat
        2007-01-17 20:10 22845992 --a------ C:\Program Files\AdbeRdr80_fr_FR.exe
        2007-01-17 19:18 7218088 --a------ C:\Program Files\psa30se_fr_fr.exe
        2006-12-12 01:21 1567504 --a------ C:\Program Files\WinRAR.rar
        2005-09-23 13:46 97 --a------ C:\Program Files\VERSION
        2005-05-12 07:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll
        --------- C:\Program Files\WebAnimé
        --------- C:\Program Files\Aide mémoire
        2005-12-19 09:30:31 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys


        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


        *Note* empty entries & legit default entries are not shown

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 18:03]
        "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
        "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
        "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
        "FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2006-04-27 17:14]
        "CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 16:32]
        "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
        "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
        "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
        "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
        "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
        "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 15:08]
        "Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-07-29 01:09]

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
        "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

        C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
        Aide m‚moire.lnk - C:\Program Files\Aide m‚moire\TrayIcon.exe [2007-07-12 12:19:05 ]
        RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 ]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
        "DisableRegistryTools"=0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "ClearRecentDocsOnExit"=00000000
        "NoChangeStartMenu"=0 (0x0)
        "NoLogOff"=0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "appinit_dlls"=c:\windows\system32\vtsqnnk.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        "Notification Packages"= scecli scecli scecli

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Launchy.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Lancer le Gestionnaire Internet.lnk]
        path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Lancer le Gestionnaire Internet.lnk
        backup=C:\WINDOWS\pss\Lancer le Gestionnaire Internet.lnkStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
        ALCXMNTR.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
        c:\documents and settings\hp_propriétaire\mes documents\marc\bureaudepoche\monbureau\programmes\xmule_launcher\emule\emule.exe -AutoStart

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
        c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
        c:\windows\system\hpsysdrv.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
        "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
        C:\Program Files\Logitech\Video\ISStart.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
        C:\Program Files\Logitech\Video\LogiTray.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
        C:\WINDOWS\system32\LVCOMSX.EXE

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
        RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB]
        C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
        C:\Program Files\Fichiers communs\Micro Application\Partition Suite\oss_reinstall.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
        C:\Program Files\Picasa2\PicasaMediaDetector.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
        "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
        rundll32.exe "C:\WINDOWS\hgdaxv.dll",realset

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
        "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPic]
        C:\Program Files\SmartPic\SmartPic.exe /minime

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
        "C:\Program Files\Unlocker\UnlockerAssistant.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
        C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
        WDBtnMgr.exe

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
        "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
        "AlcxMonitor"=ALCXMNTR.EXE
        "nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
        "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
        "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe

        R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
        R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
        R2 SNMP;Service SNMP;C:\WINDOWS\System32\snmp.exe
        R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
        R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
        R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
        R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
        R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys
        R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
        R3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
        R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
        S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
        S3 MPE;Filtre BDA MPE;C:\WINDOWS\system32\DRIVERS\MPE.sys
        S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
        S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
        S3 SNMPTRAP;Service d'interruption SNMP;C:\WINDOWS\System32\snmptrap.exe
        S3 StillCam;Pilote d'appareil photo numérique série;C:\WINDOWS\system32\DRIVERS\serscan.sys
        S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys


        Contents of the 'Scheduled Tasks' folder
        2007-08-04 11:00:00 C:\WINDOWS\Tasks\analyse antivirus avast.job
        2007-08-06 11:00:00 C:\WINDOWS\Tasks\defrag.job - C:\WINDOWS\system32\defrag.exe
        2007-08-03 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
        2007-08-09 18:29:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
        2007-07-17 07:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

        **************************************************************************

        catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2007-08-09 20:41:07
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
        "FriendlyName"="Windows Media Files"
        "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
        "Version"=dword:000a0000
        "Sub-Version"=dword:00000eda
        "ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
        "ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
        "Installed"="1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Document Viewer]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat"
        "DisplayName"="HP Document Viewer 5.3"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe,0"
        "DisplayVersion"="5.3"
        "Publisher"="HP"
        "URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat"
        "DisplayName"="HP Imaging Device Functions 5.3"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe,0"
        "DisplayVersion"="5.3"
        "Publisher"="HP"
        "URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat"
        "DisplayName"="HP Image Zone 5.3"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
        "DisplayVersion"="5.3"
        "Publisher"="HP"
        "URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat"
        "DisplayName"="HP Solution Center & Imaging Support Tools 5.3"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe,0"
        "DisplayVersion"="5.3"
        "Publisher"="HP"
        "URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}]
        "LogFile"="C:\Program Files\InstallShield Installation Information\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\Setup.ilg"
        "StatusText"="L'installation easy Internet sign-up pr\xe9pare InstallShield Wizard, lequel vous guidera pour l'installation du logiciel. Veuillez patienter."
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}]
        "LogFile"="C:\Program Files\InstallShield Installation Information\{AB61A692-5543-4C48-979B-8CEA1C52FE9C}\Setup.ilg"
        "StatusText"=""
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
        "LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}]
        "LogFile"="C:\Program Files\InstallShield Installation Information\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}\Setup.ilg"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
        "DisplayName"="NVIDIA Drivers"
        "UninstallString"="C:\WINDOWS\system32\nvudisp.exe UninstallGUI"
        "UninstDataVerified"=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers\SubComponents]
        "nvdisp.nvu"="NVIDIA Display Driver"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pywin32-py2.2]
        "DisplayName"="Python 2.2 pywin32 extensions (build 203)"
        "UninstallString"=""C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log""
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
        "QuietDisplayName"="Shockwave Flash"
        "QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5"
        "RequiresIESysFile"="4.70.0.1155"
        "DisplayName"="Adobe Flash Player 9 ActiveX"
        "UninstallString"="C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q"
        "Publisher"="Adobe Systems"
        "DisplayVersion"="9"
        "VersionMajor"="9"
        "VersionMinor"="0"
        "HelpLink"="https://helpx.adobe.com/flash-player.html"
        "URLUpdateInfo"="https://www.adobe.com/products/flashplayer.html"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
        "DisplayName"="Windows Media Format Runtime"
        "UninstallString"=""C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll"
        "DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
        "ParentKeyName"="OperatingSystem"
        "ParentDisplayName"="Windows Updates"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player]
        "DisplayName"="Lecteur Windows Media\x00a010"
        "UninstallString"=""C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall"
        "DisplayIcon"="C:\Program Files\Windows Media Player\wmplayer.exe"
        "ParentKeyName"="OperatingSystem"
        "ParentDisplayName"="Windows Updates"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}]
        "UninstallString"=""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
        "LogFile"="C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.ilg"
        "UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL"
        "InstallLocation"=str(2):"C:\Program Files\InterVideo\Home Theater"
        "Publisher"=str(2):"InterVideo Inc."
        "VersionMajor"=dword:00000006
        "VersionMinor"=dword:00000000
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat"
        "DisplayName"="HP Photosmart 330,380,420,470,7800,8000,8200 Series"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe,0"
        "DisplayVersion"="8.1"
        "Publisher"="HP"
        "URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3912A629-0020-0005-3757-2FBA74D4DF0A}]
        "DisplayName"="InterVideo WinDVD Player"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43B402B3-0027-0002-3757-3015BD2DE2CD}]
        "DisplayName"="Home Theater"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}]
        "UninstallString"=""C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat"
        "DisplayName"="HP PSC & OfficeJet 5.3.B"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe,0"
        "Publisher"="HP"
        "URLUpdateInfo"="https://support.hp.com/us-en?openCLC=true"
        "HelpLink"="https://support.hp.com/us-en?openCLC=true"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}]
        "UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL"
        "LogFile"="C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.ilg"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}]
        "UninstallString"=""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
        "DisplayName"="InterVideo WinDVD Player"
        "LogFile"="C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.ilg"
        "UninstallPath"=str(2):""C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL"
        "InstallLocation"=str(2):"C:\Program Files\InterVideo\WinDVD"
        "Publisher"=str(2):"InterVideo Inc."
        "VersionMajor"=dword:00000005
        "VersionMinor"=dword:00000000
        "NoRemove"=dword:00000000
        "NoRepair"=dword:00000001
        "NoModify"=dword:00000001
        "HelpLink"="https://www.windvdpro.com/fr/"
        "URLUpdateInfo"="https://www.windvdpro.com/fr/"
        "Contact"="support@intervideo.com"
        "Comments"=""
        "DisplayVersion"="5.0-B11.896"
        "DisplayIcon"=""C:\Program Files\InterVideo\WinDVD\WinDVD.exe""
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}]
        "UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL"
        "LogFile"="C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.ilg"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}]
        "UninstallString"="C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat"
        "DisplayName"="HP Appareils photos Photosmart 5.0"
        "DisplayIcon"="C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe,0"
        "DisplayVersion"="5.0"
        "Publisher"="HP"
        "URLUpdateInfo"="https://www8.hp.com/fr/fr/home.html"
        "HelpLink"="https://www8.hp.com/fr/fr/home.html"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7514465-E5F3-48E9-A952-327DAEF33DE6}]
        "UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL"
        "DisplayName"="InterVideo Home Theater"
        "LogFile"="C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.ilg"
        "DisplayIcon"="C:\Program Files\InterVideo\Home Theater\IHT.exe"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
        "DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
        "DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
        "FilterParameter"="UseExtendedWmdm"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
        "DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
        "DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
        "WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
        "ProgID"="MsScp.SCPTRANS.1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
        "ProgID"="WMDMCESP.WMDMCESP"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
        "PnPAware"=dword:00000001
        "ProgID"="WPDSp.WPDServiceProvider"
        [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\OpenWithProgids]
        "iTunes.itms"=hex(0):
        [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\OpenWithProgids]
        "IVFfile"=hex(0):
        [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids]
        "QuickTime.mov"=hex(0):
        "RealPlayer.qt.6"=hex(0):
        "VLC.mov"=hex(0):

        scanning hidden files ...

        C:\WINDOWS\system32\ddccy.exe

        scan completed successfully
        hidden files: 1

        **************************************************************************

        Completion time: 2007-08-09 20:44:24 - machine was rebooted
        C:\ComboFix-quarantined-files.txt ... 2007-08-09 20:43

        --- E O F ---
        scan en ligne fait avec panda et je n'ai pas su recuperer le log,un adware virtumonde nettoyé et mis en quarantaine
        0
  3. eclypse16 Messages postés 162 Date d'inscription   Statut Membre
     
    fais la procedure que je tai demandé en 1°) et poste le rapport
    0
  4. miamiou Messages postés 7 Statut Membre
     
    etape 1: je n'arrive pas à enregitrer le lien:http://metallica.geekstogo.com/EGDACCESS:comment dois je faire?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. eclypse16 Messages postés 162 Date d'inscription   Statut Membre
     
    bouton droit enregistrer la cible du lien sous en utilisant firefox
    0
    1. miamiou Messages postés 7 Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:27:57, on 09/08/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\imapi.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
      C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
      C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Aide mémoire\TrayIcon.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\svchost.exe
      C:\HDD\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
      O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
      O4 - Startup: Aide mémoire.lnk = ?
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
      O15 - Trusted Zone: https://www.impots.gouv.fr/
      O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
      O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
      O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - http://www.pixdiscount.fr/clients/ImageUploader3.cab
      O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
      O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
      O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  7. eclypse16 Messages postés 162 Date d'inscription   Statut Membre
     
    Salut,

    1°) Ouvre hijackthis et coche
    O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
    O20 - AppInit_DLLs: c:\windows\system32\vtsqnnk.dll
    


    Télécharge Blacklight (de F-Secure) a l’une des 2 adresses
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse
    0
  8. miamiou Messages postés 7 Statut Membre
     
    salut

    A priori avast ne signale plus adware virtumonde

    08/10/07 11:22:43 [Info]: BlackLight Engine 1.0.64 initialized
    08/10/07 11:22:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    08/10/07 11:22:43 [Note]: 7019 4
    08/10/07 11:22:43 [Note]: 7005 0
    08/10/07 11:23:58 [Note]: 7006 0
    08/10/07 11:23:58 [Note]: 7011 2020
    08/10/07 11:23:58 [Note]: 7026 0
    08/10/07 11:23:58 [Note]: 7026 0
    08/10/07 11:24:01 [Note]: FSRAW library version 1.7.1022
    08/10/07 11:33:24 [Note]: 7007 0
    0
  9. miamiou Messages postés 7 Statut Membre
     
    bonjour,

    dois-je considérer mon problème comme résolu ou est-ce qu'il y a autre chose à faire?
    merci pour votre réponse
    0