Help plz ordinateur bloqué
Noobdog
Messages postés
113
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Mon ordinateur est infecté de virus et de logiciels espions que je n'arrive pas à enlever. Sur conseil d'un internaute sur ce forum j'ai téléchargé nod32. Après son installation mnn ordinateur a planté. Depuis chaque fois que je l'allume il se bloque totalement au bout de 30 secondes et je ne peut rien y faire. J'ai déjà éteint et rallumé mon ordi 4-5 fois. Toujours rien à faire. Je poste ce message depuis un autre ordinateur bien entendu. Je deséspère pour mon ordinateur.
Je vous en supplie aidez moi, merci
Mon ordinateur est infecté de virus et de logiciels espions que je n'arrive pas à enlever. Sur conseil d'un internaute sur ce forum j'ai téléchargé nod32. Après son installation mnn ordinateur a planté. Depuis chaque fois que je l'allume il se bloque totalement au bout de 30 secondes et je ne peut rien y faire. J'ai déjà éteint et rallumé mon ordi 4-5 fois. Toujours rien à faire. Je poste ce message depuis un autre ordinateur bien entendu. Je deséspère pour mon ordinateur.
Je vous en supplie aidez moi, merci
A voir également:
- Help plz ordinateur bloqué
- Ordinateur - Guide
- Pad ordinateur bloqué - Guide
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- Code puk bloqué - Guide
167 réponses
Ok pas de problème.
Juste une petite question au passage : mon Pc est récupérable ou c'est vraiment en mauvaise voie là ?
Juste une petite question au passage : mon Pc est récupérable ou c'est vraiment en mauvaise voie là ?
salut ne t'inquiete pas sui tout ce que te diras g!rly ! les infections sont de plus en plus pointus il nous faut nous documenter souvent ! mais n'ai pas d'inquietudes ton probleme va se resoudre ! mes amitiés a vous !!
C'est très sympa à toi de me répondre carrosier et merci de me rassurer, je suis persuader que mes problèmes sont entre de bonnes mains. Merci et mes amitiés et bonne continuation.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
puis
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de :
C:\WINDOWS\system32\awvvv.dll
- Type de recherche : sélectionne l'option 6 puis valide
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient
et repost un nouveau hijack this stp
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
puis
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de :
C:\WINDOWS\system32\awvvv.dll
- Type de recherche : sélectionne l'option 6 puis valide
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient
et repost un nouveau hijack this stp
19.11.2007 ---- 19:15:43.31
----------------------------------
§§§§§§ [C:\WINDOWS\system32\awvvv.dll ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:25, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cédric\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00941BFA-3919-4ADA-9205-C134C9FC66F0} - (no file)
O2 - BHO: (no name) - {3F8A34B6-4FC8-4307-99E5-476FA08F95D2} - (no file)
O2 - BHO: (no name) - {50223A48-684C-4F73-80C2-DF876F0CC5A7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F2557A-F960-4C07-8496-F61A533C9C41} - (no file)
O2 - BHO: (no name) - {55DCAD06-EC05-4CE1-BE55-F3264D7B0059} - (no file)
O2 - BHO: (no name) - {560D59BE-4AB8-4832-822F-A9080E90D97B} - (no file)
O2 - BHO: (no name) - {6B647BCC-C285-4B01-8A66-338B8567E4BB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {72e92f21-5097-4a40-8c03-482d9a75902d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C7C93E5-2F03-4A67-9410-F3E0D8300BA7} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96CCF007-06BB-4D85-BAB7-6F68EF23BC3A} - (no file)
O2 - BHO: (no name) - {98718E46-8F6F-42E8-ACC4-84EF53F4A379} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD792BBB-0A91-42F2-9A28-0E994BCB62D8} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E} - (no file)
O2 - BHO: (no name) - {c8236026-286b-4c1b-ba2d-fa2274b50b00} - (no file)
O2 - BHO: (no name) - {CAD8ED26-4005-460F-9987-5C2DF08278DB} - (no file)
O2 - BHO: {b7a71a9e-a553-6bea-3a64-959ddc67f7dd} - {dd7f76cd-d959-46a3-aeb6-355ae9a17a7b} - C:\WINDOWS\system32\gicrnydl.dll (file missing)
O2 - BHO: (no name) - {EC40AA46-5786-4F06-A6B8-20D6CECC7683} - (no file)
O2 - BHO: (no name) - {ECA808EE-CEE1-454B-97FC-CE5518ACDDA9} - (no file)
O2 - BHO: (no name) - {FEBCB43F-7610-451D-9F04-1EE7405D825A} - (no file)
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [8cfeb6c4] rundll32.exe "C:\WINDOWS\system32\hbwbwuhd.dll",b
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2429] command /c del "C:\WINDOWS\mirar_distro_876260.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: pmnkhgh - C:\WINDOWS\
O20 - Winlogon Notify: qhhpsxvf - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
----------------------------------
§§§§§§ [C:\WINDOWS\system32\awvvv.dll ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:25, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cédric\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00941BFA-3919-4ADA-9205-C134C9FC66F0} - (no file)
O2 - BHO: (no name) - {3F8A34B6-4FC8-4307-99E5-476FA08F95D2} - (no file)
O2 - BHO: (no name) - {50223A48-684C-4F73-80C2-DF876F0CC5A7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F2557A-F960-4C07-8496-F61A533C9C41} - (no file)
O2 - BHO: (no name) - {55DCAD06-EC05-4CE1-BE55-F3264D7B0059} - (no file)
O2 - BHO: (no name) - {560D59BE-4AB8-4832-822F-A9080E90D97B} - (no file)
O2 - BHO: (no name) - {6B647BCC-C285-4B01-8A66-338B8567E4BB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {72e92f21-5097-4a40-8c03-482d9a75902d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C7C93E5-2F03-4A67-9410-F3E0D8300BA7} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96CCF007-06BB-4D85-BAB7-6F68EF23BC3A} - (no file)
O2 - BHO: (no name) - {98718E46-8F6F-42E8-ACC4-84EF53F4A379} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD792BBB-0A91-42F2-9A28-0E994BCB62D8} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E} - (no file)
O2 - BHO: (no name) - {c8236026-286b-4c1b-ba2d-fa2274b50b00} - (no file)
O2 - BHO: (no name) - {CAD8ED26-4005-460F-9987-5C2DF08278DB} - (no file)
O2 - BHO: {b7a71a9e-a553-6bea-3a64-959ddc67f7dd} - {dd7f76cd-d959-46a3-aeb6-355ae9a17a7b} - C:\WINDOWS\system32\gicrnydl.dll (file missing)
O2 - BHO: (no name) - {EC40AA46-5786-4F06-A6B8-20D6CECC7683} - (no file)
O2 - BHO: (no name) - {ECA808EE-CEE1-454B-97FC-CE5518ACDDA9} - (no file)
O2 - BHO: (no name) - {FEBCB43F-7610-451D-9F04-1EE7405D825A} - (no file)
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [8cfeb6c4] rundll32.exe "C:\WINDOWS\system32\hbwbwuhd.dll",b
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2429] command /c del "C:\WINDOWS\mirar_distro_876260.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: pmnkhgh - C:\WINDOWS\
O20 - Winlogon Notify: qhhpsxvf - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
re,
y sont tous revenu ;-(
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
prends cette version la car celle que tu as n´est plus utilisable
@+
y sont tous revenu ;-(
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
prends cette version la car celle que tu as n´est plus utilisable
@+
ComboFix 07-11-08.3 - Cédric 2007-11-19 20:12:29.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.612 [GMT 1:00]
Running from: C:\Documents and Settings\Cédric\Bureau\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:08 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-17 01:22 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 16:43 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-16 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-16 16:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 16:43 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-16 16:43 2,102 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-16 16:36 85,056 --a------ C:\WINDOWS\system32\igipchma.dll
2007-11-16 15:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-16 14:29 36,352 --a------ C:\WINDOWS\system32\nnnnonm.dll
2007-11-15 22:34 <REP> d-------- C:\Documents and Settings\Cédric\Application Data\Grisoft
2007-11-15 22:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-15 22:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-15 22:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-15 22:24 36,352 --a------ C:\WINDOWS\system32\pmnkhgh.dll
2007-11-15 22:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 19:03 <REP> d-------- C:\VundoFix Backups
2007-11-15 15:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-15 12:29 79,936 --a------ C:\WINDOWS\system32\wgjbcafv.dll
2007-11-15 12:26 85,056 --a------ C:\WINDOWS\system32\mjggorgr.dll
2007-11-15 12:19 7,827 --a------ C:\Documents and Settings\Cédric\x.dat
2007-11-15 12:19 7,827 --a------ C:\Documents and Settings\Cédric\x.dat
2007-11-15 12:19 120 --a------ C:\n.bat
2007-11-15 12:19 0 --a------ C:\x.dat
2007-11-15 12:18 <REP> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-15 12:18 <REP> d-------- C:\Temp\abW9
2007-11-15 12:18 486,096 --a------ C:\Documents and Settings\Cédric\z.dat
2007-11-15 12:18 486,096 --a------ C:\Documents and Settings\Cédric\z.dat
2007-11-15 12:18 36,352 --a------ C:\WINDOWS\system32\mljjhii.dll
2007-11-15 12:18 0 --a------ C:\z.dat
2007-11-14 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 12:16 37,376 --a------ C:\WINDOWS\system32\mljjkhh.dll
2007-11-13 08:43 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-13 08:39 36,352 --a------ C:\WINDOWS\system32\ddcbyvs.dll
2007-11-13 08:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-08 19:19 255,504 --a------ C:\Program Files\AzureusUpdater.exe
2007-11-07 12:42 <REP> d-------- C:\Program Files\DivX
2007-11-01 18:57 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-01 18:56 <REP> d-------- C:\Program Files\readmes
2007-11-01 18:56 <REP> d-------- C:\Program Files\licenses
2007-10-30 21:37 <REP> dr------- C:\Program Files\Program Files 1
2007-10-24 11:25 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-10-24 11:25 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-10-24 11:25 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-10-24 11:25 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-10-24 11:25 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-10-24 11:25 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-10-24 11:25 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-10-24 11:25 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-10-23 14:09 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-23 14:08 <REP> d-------- C:\Program Files\Microsoft Works
2007-10-23 14:07 <REP> d-------- C:\Program Files\MSBuild
2007-10-23 14:06 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-23 14:04 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-23 14:03 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-23 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-23 14:01 <REP> dr-h----- C:\MSOCache
2007-10-21 18:26 <REP> d-------- C:\Program Files\Microsoft.Press.Microsoft.Office.Word.2007.Step.by.Step.Jan.2007
2007-10-21 18:17 <REP> d-------- C:\Documents and Settings\Cédric\Application Data\U3
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-19 00:42 <REP> d-------- C:\Program Files\Lavalys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 16:33 --------- d-----w C:\Program Files\LimeWire
2007-11-19 14:32 298 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-18 11:13 --------- d-----w C:\Program Files\Incomplete
2007-11-13 11:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-13 11:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-12 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 17:26 --------- d-----w C:\Documents and Settings\Cédric\Application Data\uTorrent
2007-11-11 17:25 --------- d-----w C:\Documents and Settings\Cédric\Application Data\Azureus
2007-11-08 21:58 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 18:19 77,824 ----a-w C:\Program Files\aereg.dll
2007-11-08 18:19 548 ----a-w C:\Program Files\Azureus.exe.manifest
2007-11-04 16:00 --------- d-----w C:\Documents and Settings\Cédric\Application Data\OpenOffice.org2
2007-11-01 17:57 --------- d-----w C:\Program Files\Java
2007-10-31 06:54 1,950,619 ----a-w C:\Program Files\swt.jar
2007-10-31 06:51 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-30 21:36 --------- d-----w C:\Program Files\Ahead
2007-10-30 19:59 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-10-30 19:55 9,572,440 ----a-w C:\Program Files\Azureus2.jar
2007-10-26 13:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-06 10:54 --------- d-----w C:\Program Files\iTunes
2007-10-06 10:54 --------- d-----w C:\Program Files\iPod
2007-10-06 10:53 --------- d-----w C:\Program Files\QuickTime
2007-10-06 10:52 --------- d-----w C:\Program Files\Apple Software Update
2007-10-06 10:51 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-06 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-01 11:15 839,692 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-09-29 12:16 --------- d-----w C:\Documents and Settings\Cédric\Application Data\Bioshock
2007-09-25 13:36 --------- d-----w C:\Documents and Settings\Invité\Application Data\vlc
2007-09-17 20:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-06 16:56 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-06 16:56 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-06 16:56 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-25 11:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-06-30 11:09 39,882 ----a-w C:\Documents and Settings\PowerISO\uninstall.exe
2007-06-28 21:09 74,329 ----a-w C:\Documents and Settings\eMule\Uninstall.exe
2007-05-13 14:57 5,308,416 ----a-w C:\Documents and Settings\eMule\emule.exe
2007-04-09 12:23 200,704 ----a-w C:\Documents and Settings\PowerISO\PWRISOVM.EXE
2007-04-09 12:22 204,800 ----a-w C:\Documents and Settings\PowerISO\PWRISOSH.DLL
2007-04-09 12:17 925,696 ----a-w C:\Documents and Settings\PowerISO\PowerISO.exe
2007-02-07 06:31 73,728 ----a-w C:\Program Files\swt-gdip-win32-3318.dll
2007-02-07 06:31 40,960 ----a-w C:\Program Files\swt-wgl-win32-3318.dll
2007-02-07 06:31 32,768 ----a-w C:\Program Files\swt-awt-win32-3318.dll
2007-02-07 06:31 290,816 ----a-w C:\Program Files\swt-win32-3318.dll
2006-12-14 15:13 1 ----a-w C:\Documents and Settings\Cédric\SI.bin
2006-12-14 15:13 1 ----a-w C:\Documents and Settings\Cédric\SI.bin
2006-11-06 08:29 5,120 ----a-w C:\Documents and Settings\PowerISO\piso.exe
2006-09-21 18:54 55,391 ----a-w C:\Program Files\Uninstall.exe
2006-08-21 08:34 72,992 ----a-w C:\Program Files\ChangeLog.txt
2006-06-30 03:45 73,728 ----a-w C:\Program Files\swt-gdip-win32-3232.dll
2006-06-30 03:45 40,960 ----a-w C:\Program Files\swt-wgl-win32-3232.dll
2006-06-30 03:45 323,584 ----a-w C:\Program Files\swt-win32-3232.dll
2006-06-30 03:45 32,768 ----a-w C:\Program Files\swt-awt-win32-3232.dll
2006-05-11 02:05 155,648 ----a-w C:\Program Files\Azureus.exe
2006-03-22 21:12 270,336 ----a-w C:\Documents and Settings\eMule\LinkCreator.exe
2005-07-21 08:03 17,719 ----a-w C:\Program Files\License.txt
2005-07-21 08:03 1,756 ----a-w C:\Program Files\swt-about.html
2003-09-01 09:00 844,448 ----a-w C:\Documents and Settings\Redist\spchapi.exe
2003-09-01 09:00 400,536 ----a-w C:\Documents and Settings\Redist\MSagent.exe
2003-09-01 09:00 2,354,376 ----a-w C:\Documents and Settings\Redist\lhttsfrf.exe
2003-09-01 09:00 2,296,520 ----a-w C:\Documents and Settings\Redist\lhttsged.exe
2003-09-01 09:00 1,873,176 ----a-w C:\Documents and Settings\Redist\Merlin.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
2001-09-16 17:44 33,085 ----a-w C:\Documents and Settings\Cédric\maj.bat
2001-09-16 17:44 33,085 ----a-w C:\Documents and Settings\Cédric\maj.bat
2000-03-22 08:27 188,416 ----a-w C:\Documents and Settings\Cédric\dict.exe
2000-03-22 08:27 188,416 ----a-w C:\Documents and Settings\Cédric\dict.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_22.24.43.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 14:10:05 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-16 14:10:05 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-16 14:10:05 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-16 14:10:07 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-11-16 14:10:08 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-16 14:10:05 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2007-10-29 17:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 12:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2007-11-15 20:57:54 60,416 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-19 17:44:08 60,416 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-15 20:57:54 73,234 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-19 17:44:08 73,234 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-15 20:57:54 396,770 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-19 17:44:08 396,770 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-15 20:57:54 463,078 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-19 17:44:08 463,078 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2007-11-18 14:49:14 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5f4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00941BFA-3919-4ADA-9205-C134C9FC66F0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F8A34B6-4FC8-4307-99E5-476FA08F95D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50223A48-684C-4F73-80C2-DF876F0CC5A7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2557A-F960-4C07-8496-F61A533C9C41}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55DCAD06-EC05-4CE1-BE55-F3264D7B0059}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{560D59BE-4AB8-4832-822F-A9080E90D97B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B647BCC-C285-4B01-8A66-338B8567E4BB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72e92f21-5097-4a40-8c03-482d9a75902d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7C93E5-2F03-4A67-9410-F3E0D8300BA7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96CCF007-06BB-4D85-BAB7-6F68EF23BC3A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98718E46-8F6F-42E8-ACC4-84EF53F4A379}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD792BBB-0A91-42F2-9A28-0E994BCB62D8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8236026-286b-4c1b-ba2d-fa2274b50b00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD8ED26-4005-460F-9987-5C2DF08278DB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
C:\WINDOWS\system32\gicrnydl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC40AA46-5786-4F06-A6B8-20D6CECC7683}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA808EE-CEE1-454B-97FC-CE5518ACDDA9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEBCB43F-7610-451D-9F04-1EE7405D825A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 19:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 06:36 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"8cfeb6c4"="C:\WINDOWS\system32\hbwbwuhd.dll" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 20:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Steam"="D:\Jeux\Steam.exe" [2007-11-15 12:17]
"SpybotSD TeaTimer"="D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhgh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhhpsxvf]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 10:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 20:15:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 20:17:31
C:\ComboFix2.txt ... 2007-11-16 21:00
C:\ComboFix3.txt ... 2007-11-15 22:25
.
--- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.612 [GMT 1:00]
Running from: C:\Documents and Settings\Cédric\Bureau\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 13:08 <REP> d-------- C:\Program Files\Sunbelt Software
2007-11-17 01:22 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 16:43 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-16 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-16 16:43 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 16:43 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-16 16:43 2,102 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-16 16:36 85,056 --a------ C:\WINDOWS\system32\igipchma.dll
2007-11-16 15:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-16 14:29 36,352 --a------ C:\WINDOWS\system32\nnnnonm.dll
2007-11-15 22:34 <REP> d-------- C:\Documents and Settings\Cédric\Application Data\Grisoft
2007-11-15 22:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-15 22:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-15 22:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-15 22:24 36,352 --a------ C:\WINDOWS\system32\pmnkhgh.dll
2007-11-15 22:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 19:03 <REP> d-------- C:\VundoFix Backups
2007-11-15 15:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-15 12:29 79,936 --a------ C:\WINDOWS\system32\wgjbcafv.dll
2007-11-15 12:26 85,056 --a------ C:\WINDOWS\system32\mjggorgr.dll
2007-11-15 12:19 7,827 --a------ C:\Documents and Settings\Cédric\x.dat
2007-11-15 12:19 7,827 --a------ C:\Documents and Settings\Cédric\x.dat
2007-11-15 12:19 120 --a------ C:\n.bat
2007-11-15 12:19 0 --a------ C:\x.dat
2007-11-15 12:18 <REP> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-15 12:18 <REP> d-------- C:\Temp\abW9
2007-11-15 12:18 486,096 --a------ C:\Documents and Settings\Cédric\z.dat
2007-11-15 12:18 486,096 --a------ C:\Documents and Settings\Cédric\z.dat
2007-11-15 12:18 36,352 --a------ C:\WINDOWS\system32\mljjhii.dll
2007-11-15 12:18 0 --a------ C:\z.dat
2007-11-14 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 12:16 37,376 --a------ C:\WINDOWS\system32\mljjkhh.dll
2007-11-13 08:43 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-13 08:39 36,352 --a------ C:\WINDOWS\system32\ddcbyvs.dll
2007-11-13 08:37 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-08 19:19 255,504 --a------ C:\Program Files\AzureusUpdater.exe
2007-11-07 12:42 <REP> d-------- C:\Program Files\DivX
2007-11-01 18:57 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-01 18:56 <REP> d-------- C:\Program Files\readmes
2007-11-01 18:56 <REP> d-------- C:\Program Files\licenses
2007-10-30 21:37 <REP> dr------- C:\Program Files\Program Files 1
2007-10-24 11:25 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-10-24 11:25 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-10-24 11:25 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-10-24 11:25 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-10-24 11:25 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-10-24 11:25 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-10-24 11:25 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-10-24 11:25 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-10-23 14:09 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-23 14:08 <REP> d-------- C:\Program Files\Microsoft Works
2007-10-23 14:07 <REP> d-------- C:\Program Files\MSBuild
2007-10-23 14:06 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-23 14:04 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-23 14:03 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-10-23 14:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-23 14:01 <REP> dr-h----- C:\MSOCache
2007-10-21 18:26 <REP> d-------- C:\Program Files\Microsoft.Press.Microsoft.Office.Word.2007.Step.by.Step.Jan.2007
2007-10-21 18:17 <REP> d-------- C:\Documents and Settings\Cédric\Application Data\U3
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-19 00:42 <REP> d-------- C:\Program Files\Lavalys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 16:33 --------- d-----w C:\Program Files\LimeWire
2007-11-19 14:32 298 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-18 11:13 --------- d-----w C:\Program Files\Incomplete
2007-11-13 11:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-13 11:10 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-12 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 17:26 --------- d-----w C:\Documents and Settings\Cédric\Application Data\uTorrent
2007-11-11 17:25 --------- d-----w C:\Documents and Settings\Cédric\Application Data\Azureus
2007-11-08 21:58 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 18:19 77,824 ----a-w C:\Program Files\aereg.dll
2007-11-08 18:19 548 ----a-w C:\Program Files\Azureus.exe.manifest
2007-11-04 16:00 --------- d-----w C:\Documents and Settings\Cédric\Application Data\OpenOffice.org2
2007-11-01 17:57 --------- d-----w C:\Program Files\Java
2007-10-31 06:54 1,950,619 ----a-w C:\Program Files\swt.jar
2007-10-31 06:51 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-30 21:36 --------- d-----w C:\Program Files\Ahead
2007-10-30 19:59 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-10-30 19:55 9,572,440 ----a-w C:\Program Files\Azureus2.jar
2007-10-26 13:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-10-06 10:54 --------- d-----w C:\Program Files\iTunes
2007-10-06 10:54 --------- d-----w C:\Program Files\iPod
2007-10-06 10:53 --------- d-----w C:\Program Files\QuickTime
2007-10-06 10:52 --------- d-----w C:\Program Files\Apple Software Update
2007-10-06 10:51 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-06 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-01 11:15 839,692 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-09-29 12:16 --------- d-----w C:\Documents and Settings\Cédric\Application Data\Bioshock
2007-09-25 13:36 --------- d-----w C:\Documents and Settings\Invité\Application Data\vlc
2007-09-17 20:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-06 16:56 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-06 16:56 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-06 16:56 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-25 11:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-06-30 11:09 39,882 ----a-w C:\Documents and Settings\PowerISO\uninstall.exe
2007-06-28 21:09 74,329 ----a-w C:\Documents and Settings\eMule\Uninstall.exe
2007-05-13 14:57 5,308,416 ----a-w C:\Documents and Settings\eMule\emule.exe
2007-04-09 12:23 200,704 ----a-w C:\Documents and Settings\PowerISO\PWRISOVM.EXE
2007-04-09 12:22 204,800 ----a-w C:\Documents and Settings\PowerISO\PWRISOSH.DLL
2007-04-09 12:17 925,696 ----a-w C:\Documents and Settings\PowerISO\PowerISO.exe
2007-02-07 06:31 73,728 ----a-w C:\Program Files\swt-gdip-win32-3318.dll
2007-02-07 06:31 40,960 ----a-w C:\Program Files\swt-wgl-win32-3318.dll
2007-02-07 06:31 32,768 ----a-w C:\Program Files\swt-awt-win32-3318.dll
2007-02-07 06:31 290,816 ----a-w C:\Program Files\swt-win32-3318.dll
2006-12-14 15:13 1 ----a-w C:\Documents and Settings\Cédric\SI.bin
2006-12-14 15:13 1 ----a-w C:\Documents and Settings\Cédric\SI.bin
2006-11-06 08:29 5,120 ----a-w C:\Documents and Settings\PowerISO\piso.exe
2006-09-21 18:54 55,391 ----a-w C:\Program Files\Uninstall.exe
2006-08-21 08:34 72,992 ----a-w C:\Program Files\ChangeLog.txt
2006-06-30 03:45 73,728 ----a-w C:\Program Files\swt-gdip-win32-3232.dll
2006-06-30 03:45 40,960 ----a-w C:\Program Files\swt-wgl-win32-3232.dll
2006-06-30 03:45 323,584 ----a-w C:\Program Files\swt-win32-3232.dll
2006-06-30 03:45 32,768 ----a-w C:\Program Files\swt-awt-win32-3232.dll
2006-05-11 02:05 155,648 ----a-w C:\Program Files\Azureus.exe
2006-03-22 21:12 270,336 ----a-w C:\Documents and Settings\eMule\LinkCreator.exe
2005-07-21 08:03 17,719 ----a-w C:\Program Files\License.txt
2005-07-21 08:03 1,756 ----a-w C:\Program Files\swt-about.html
2003-09-01 09:00 844,448 ----a-w C:\Documents and Settings\Redist\spchapi.exe
2003-09-01 09:00 400,536 ----a-w C:\Documents and Settings\Redist\MSagent.exe
2003-09-01 09:00 2,354,376 ----a-w C:\Documents and Settings\Redist\lhttsfrf.exe
2003-09-01 09:00 2,296,520 ----a-w C:\Documents and Settings\Redist\lhttsged.exe
2003-09-01 09:00 1,873,176 ----a-w C:\Documents and Settings\Redist\Merlin.exe
2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe
2001-09-16 17:44 33,085 ----a-w C:\Documents and Settings\Cédric\maj.bat
2001-09-16 17:44 33,085 ----a-w C:\Documents and Settings\Cédric\maj.bat
2000-03-22 08:27 188,416 ----a-w C:\Documents and Settings\Cédric\dict.exe
2000-03-22 08:27 188,416 ----a-w C:\Documents and Settings\Cédric\dict.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_22.24.43.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 14:10:05 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-11-16 14:10:05 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-11-16 14:10:05 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-11-16 14:10:07 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-11-16 14:10:08 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-11-16 14:10:05 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2007-10-29 17:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2007-11-17 12:08:28 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2006-08-23 12:06:08 1,388,544 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2007-11-15 20:57:54 60,416 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-19 17:44:08 60,416 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-15 20:57:54 73,234 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-19 17:44:08 73,234 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-15 20:57:54 396,770 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-19 17:44:08 396,770 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-15 20:57:54 463,078 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-19 17:44:08 463,078 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
+ 2007-11-18 14:49:14 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5f4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00941BFA-3919-4ADA-9205-C134C9FC66F0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F8A34B6-4FC8-4307-99E5-476FA08F95D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50223A48-684C-4F73-80C2-DF876F0CC5A7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2557A-F960-4C07-8496-F61A533C9C41}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55DCAD06-EC05-4CE1-BE55-F3264D7B0059}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{560D59BE-4AB8-4832-822F-A9080E90D97B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B647BCC-C285-4B01-8A66-338B8567E4BB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72e92f21-5097-4a40-8c03-482d9a75902d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7C93E5-2F03-4A67-9410-F3E0D8300BA7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96CCF007-06BB-4D85-BAB7-6F68EF23BC3A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98718E46-8F6F-42E8-ACC4-84EF53F4A379}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD792BBB-0A91-42F2-9A28-0E994BCB62D8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8236026-286b-4c1b-ba2d-fa2274b50b00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD8ED26-4005-460F-9987-5C2DF08278DB}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
C:\WINDOWS\system32\gicrnydl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC40AA46-5786-4F06-A6B8-20D6CECC7683}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA808EE-CEE1-454B-97FC-CE5518ACDDA9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEBCB43F-7610-451D-9F04-1EE7405D825A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 19:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 06:36 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"8cfeb6c4"="C:\WINDOWS\system32\hbwbwuhd.dll" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 20:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"Steam"="D:\Jeux\Steam.exe" [2007-11-15 12:17]
"SpybotSD TeaTimer"="D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhgh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhhpsxvf]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cédric^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Cédric\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Documents and Settings\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-06 10:52:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 20:15:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 20:17:31
C:\ComboFix2.txt ... 2007-11-16 21:00
C:\ComboFix3.txt ... 2007-11-15 22:25
.
--- E O F ---
on va le refaire :
- Télécharge The Avenger
- Dézip le contenu de l'archive sur ton bureau
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
n´y touche pas pour le moment
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00941BFA-3919-4ADA-9205-C134C9FC66F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F8A34B6-4FC8-4307-99E5-476FA08F95D2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50223A48-684C-4F73-80C2-DF876F0CC5A7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2557A-F960-4C07-8496-F61A533C9C41}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55DCAD06-EC05-4CE1-BE55-F3264D7B0059}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{560D59BE-4AB8-4832-822F-A9080E90D97B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B647BCC-C285-4B01-8A66-338B8567E4BB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72e92f21-5097-4a40-8c03-482d9a75902d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7C93E5-2F03-4A67-9410-F3E0D8300BA7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96CCF007-06BB-4D85-BAB7-6F68EF23BC3A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98718E46-8F6F-42E8-ACC4-84EF53F4A379}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD792BBB-0A91-42F2-9A28-0E994BCB62D8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8236026-286b-4c1b-ba2d-fa2274b50b00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD8ED26-4005-460F-9987-5C2DF08278DB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC40AA46-5786-4F06-A6B8-20D6CECC7683}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA808EE-CEE1-454B-97FC-CE5518ACDDA9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEBCB43F-7610-451D-9F04-1EE7405D825A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cfeb6c4"=-
"Host Process"=-
"NBInstall"=-
"runner1"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2429"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhhpsxvf]
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Sélectionne cette liste si dessous :
Files to Delete:
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\igipchma.dll
C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\pmnkhgh.dll
C:\VundoFix Backups
C:\WINDOWS\system32\wgjbcafv.dll
C:\WINDOWS\system32\mjggorgr.dll
C:\n.bat
C:\x.dat
C:\Documents and Settings\Cédric\x.dat
C:\WINDOWS\system32\rMa18yy
C:\Temp\abW9
C:\Documents and Settings\Cédric\z.dat
C:\WINDOWS\system32\mljjhii.dll
C:\z.dat
C:\WINDOWS\system32\mljjkhh.dll
C:\WINDOWS\system32\ddcbyvs.dll
C:\WINDOWS\system32\hbwbwuhd.dll
C:\WINDOWS\Fonts\svchost.exe
C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\hbwbwuhd.dll
C:\WINDOWS\mirar_distro_876260.exe
--> Clic droit copier
- Ouvre le Bloc-Note et clic sur le menu Edition/Coller afin de coller le contenu qui est dans le cadre ci-dessus
- Enregistre le fichier sur ton bureau sous le nom remove.txt
- double-clic sur avenger.exe
- Clique sur "Ok"
- Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
- Sélectionne le fichier remove.txt qui est sur ton bureau
- Clique sur le feu vert pour lancer le script
- Clique sur "Oui"
- Accepte de redémarrer ton pc.
Quand le PC a redémarre ouvre le fichier C:\avenger.txt et copie/colle le contenu ici.
- Télécharge The Avenger
- Dézip le contenu de l'archive sur ton bureau
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
n´y touche pas pour le moment
Fix.reg
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres) :
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00941BFA-3919-4ADA-9205-C134C9FC66F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F8A34B6-4FC8-4307-99E5-476FA08F95D2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50223A48-684C-4F73-80C2-DF876F0CC5A7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2557A-F960-4C07-8496-F61A533C9C41}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55DCAD06-EC05-4CE1-BE55-F3264D7B0059}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{560D59BE-4AB8-4832-822F-A9080E90D97B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B647BCC-C285-4B01-8A66-338B8567E4BB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72e92f21-5097-4a40-8c03-482d9a75902d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C7C93E5-2F03-4A67-9410-F3E0D8300BA7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96CCF007-06BB-4D85-BAB7-6F68EF23BC3A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98718E46-8F6F-42E8-ACC4-84EF53F4A379}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD792BBB-0A91-42F2-9A28-0E994BCB62D8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8236026-286b-4c1b-ba2d-fa2274b50b00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAD8ED26-4005-460F-9987-5C2DF08278DB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd7f76cd-d959-46a3-aeb6-355ae9a17a7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC40AA46-5786-4F06-A6B8-20D6CECC7683}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA808EE-CEE1-454B-97FC-CE5518ACDDA9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEBCB43F-7610-451D-9F04-1EE7405D825A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cfeb6c4"=-
"Host Process"=-
"NBInstall"=-
"runner1"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2429"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhhpsxvf]
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Sélectionne cette liste si dessous :
Files to Delete:
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\igipchma.dll
C:\WINDOWS\system32\nnnnonm.dll
C:\WINDOWS\system32\pmnkhgh.dll
C:\VundoFix Backups
C:\WINDOWS\system32\wgjbcafv.dll
C:\WINDOWS\system32\mjggorgr.dll
C:\n.bat
C:\x.dat
C:\Documents and Settings\Cédric\x.dat
C:\WINDOWS\system32\rMa18yy
C:\Temp\abW9
C:\Documents and Settings\Cédric\z.dat
C:\WINDOWS\system32\mljjhii.dll
C:\z.dat
C:\WINDOWS\system32\mljjkhh.dll
C:\WINDOWS\system32\ddcbyvs.dll
C:\WINDOWS\system32\hbwbwuhd.dll
C:\WINDOWS\Fonts\svchost.exe
C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\hbwbwuhd.dll
C:\WINDOWS\mirar_distro_876260.exe
--> Clic droit copier
- Ouvre le Bloc-Note et clic sur le menu Edition/Coller afin de coller le contenu qui est dans le cadre ci-dessus
- Enregistre le fichier sur ton bureau sous le nom remove.txt
- double-clic sur avenger.exe
- Clique sur "Ok"
- Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
- Sélectionne le fichier remove.txt qui est sur ton bureau
- Clique sur le feu vert pour lancer le script
- Clique sur "Oui"
- Accepte de redémarrer ton pc.
Quand le PC a redémarre ouvre le fichier C:\avenger.txt et copie/colle le contenu ici.
J'ai fait la manip et quand j'ai reboot mon pc ça m'a mis un message d'erreur :
Windos-pas de disque (le titre du message encadré bleu)
Exception processing message [.....]
Ensuite soit je peux annuler, recommencer ou continuer. Que faire ? J'attend la réponse merci
Windos-pas de disque (le titre du message encadré bleu)
Exception processing message [.....]
Ensuite soit je peux annuler, recommencer ou continuer. Que faire ? J'attend la réponse merci
Au fait voila le rapport de l'autre manip :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qdqivodj
*******************
Script file located at: \??\C:\WINDOWS\rcasjeth.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\igipchma.dll deleted successfully.
File C:\WINDOWS\system32\nnnnonm.dll deleted successfully.
File C:\WINDOWS\system32\pmnkhgh.dll deleted successfully.
Error: C:\VundoFix Backups is a folder, not a file!
Deletion of file C:\VundoFix Backups failed!
Could not process line:
C:\VundoFix Backups
Status: 0xc00000ba
File C:\WINDOWS\system32\wgjbcafv.dll deleted successfully.
File C:\WINDOWS\system32\mjggorgr.dll deleted successfully.
File C:\n.bat deleted successfully.
File C:\x.dat deleted successfully.
File C:\Documents and Settings\Cédric\x.dat deleted successfully.
Error: C:\WINDOWS\system32\rMa18yy is a folder, not a file!
Deletion of file C:\WINDOWS\system32\rMa18yy failed!
Could not process line:
C:\WINDOWS\system32\rMa18yy
Status: 0xc00000ba
Error: C:\Temp\abW9 is a folder, not a file!
Deletion of file C:\Temp\abW9 failed!
Could not process line:
C:\Temp\abW9
Status: 0xc00000ba
File C:\Documents and Settings\Cédric\z.dat deleted successfully.
File C:\WINDOWS\system32\mljjhii.dll deleted successfully.
File C:\z.dat deleted successfully.
File C:\WINDOWS\system32\mljjkhh.dll deleted successfully.
File C:\WINDOWS\system32\ddcbyvs.dll deleted successfully.
File C:\WINDOWS\system32\hbwbwuhd.dll not found!
Deletion of file C:\WINDOWS\system32\hbwbwuhd.dll failed!
Could not process line:
C:\WINDOWS\system32\hbwbwuhd.dll
Status: 0xc0000034
File C:\WINDOWS\Fonts\svchost.exe not found!
Deletion of file C:\WINDOWS\Fonts\svchost.exe failed!
Could not process line:
C:\WINDOWS\Fonts\svchost.exe
Status: 0xc0000034
File C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe not found!
Deletion of file C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe failed!
Could not process line:
C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
Status: 0xc0000034
File C:\WINDOWS\mrofinu1188.exe not found!
Deletion of file C:\WINDOWS\mrofinu1188.exe failed!
Could not process line:
C:\WINDOWS\mrofinu1188.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hbwbwuhd.dll not found!
Deletion of file C:\WINDOWS\system32\hbwbwuhd.dll failed!
Could not process line:
C:\WINDOWS\system32\hbwbwuhd.dll
Status: 0xc0000034
File C:\WINDOWS\mirar_distro_876260.exe not found!
Deletion of file C:\WINDOWS\mirar_distro_876260.exe failed!
Could not process line:
C:\WINDOWS\mirar_distro_876260.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qdqivodj
*******************
Script file located at: \??\C:\WINDOWS\rcasjeth.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\igipchma.dll deleted successfully.
File C:\WINDOWS\system32\nnnnonm.dll deleted successfully.
File C:\WINDOWS\system32\pmnkhgh.dll deleted successfully.
Error: C:\VundoFix Backups is a folder, not a file!
Deletion of file C:\VundoFix Backups failed!
Could not process line:
C:\VundoFix Backups
Status: 0xc00000ba
File C:\WINDOWS\system32\wgjbcafv.dll deleted successfully.
File C:\WINDOWS\system32\mjggorgr.dll deleted successfully.
File C:\n.bat deleted successfully.
File C:\x.dat deleted successfully.
File C:\Documents and Settings\Cédric\x.dat deleted successfully.
Error: C:\WINDOWS\system32\rMa18yy is a folder, not a file!
Deletion of file C:\WINDOWS\system32\rMa18yy failed!
Could not process line:
C:\WINDOWS\system32\rMa18yy
Status: 0xc00000ba
Error: C:\Temp\abW9 is a folder, not a file!
Deletion of file C:\Temp\abW9 failed!
Could not process line:
C:\Temp\abW9
Status: 0xc00000ba
File C:\Documents and Settings\Cédric\z.dat deleted successfully.
File C:\WINDOWS\system32\mljjhii.dll deleted successfully.
File C:\z.dat deleted successfully.
File C:\WINDOWS\system32\mljjkhh.dll deleted successfully.
File C:\WINDOWS\system32\ddcbyvs.dll deleted successfully.
File C:\WINDOWS\system32\hbwbwuhd.dll not found!
Deletion of file C:\WINDOWS\system32\hbwbwuhd.dll failed!
Could not process line:
C:\WINDOWS\system32\hbwbwuhd.dll
Status: 0xc0000034
File C:\WINDOWS\Fonts\svchost.exe not found!
Deletion of file C:\WINDOWS\Fonts\svchost.exe failed!
Could not process line:
C:\WINDOWS\Fonts\svchost.exe
Status: 0xc0000034
File C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe not found!
Deletion of file C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe failed!
Could not process line:
C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
Status: 0xc0000034
File C:\WINDOWS\mrofinu1188.exe not found!
Deletion of file C:\WINDOWS\mrofinu1188.exe failed!
Could not process line:
C:\WINDOWS\mrofinu1188.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hbwbwuhd.dll not found!
Deletion of file C:\WINDOWS\system32\hbwbwuhd.dll failed!
Could not process line:
C:\WINDOWS\system32\hbwbwuhd.dll
Status: 0xc0000034
File C:\WINDOWS\mirar_distro_876260.exe not found!
Deletion of file C:\WINDOWS\mirar_distro_876260.exe failed!
Could not process line:
C:\WINDOWS\mirar_distro_876260.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
j´ai trouvé ceci :
1 er lien
http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Windows-XP/message-windows-resolu-sujet_339289_1.htm
qui amene a ce lien :
http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Windows-XP/dossiers-bizarres-sujet_334912_1.htm
qui amene sur le lien de microsoft :
http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=24b7d141-6cdf-4fc4-a91b-6f18fe6921d4
dis moi quoi
1 er lien
http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Windows-XP/message-windows-resolu-sujet_339289_1.htm
qui amene a ce lien :
http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Windows-XP/dossiers-bizarres-sujet_334912_1.htm
qui amene sur le lien de microsoft :
http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=24b7d141-6cdf-4fc4-a91b-6f18fe6921d4
dis moi quoi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:09, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cédric\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00941BFA-3919-4ADA-9205-C134C9FC66F0} - (no file)
O2 - BHO: (no name) - {3F8A34B6-4FC8-4307-99E5-476FA08F95D2} - (no file)
O2 - BHO: (no name) - {50223A48-684C-4F73-80C2-DF876F0CC5A7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F2557A-F960-4C07-8496-F61A533C9C41} - (no file)
O2 - BHO: (no name) - {55DCAD06-EC05-4CE1-BE55-F3264D7B0059} - (no file)
O2 - BHO: (no name) - {560D59BE-4AB8-4832-822F-A9080E90D97B} - (no file)
O2 - BHO: (no name) - {6B647BCC-C285-4B01-8A66-338B8567E4BB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {72e92f21-5097-4a40-8c03-482d9a75902d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C7C93E5-2F03-4A67-9410-F3E0D8300BA7} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96CCF007-06BB-4D85-BAB7-6F68EF23BC3A} - (no file)
O2 - BHO: (no name) - {98718E46-8F6F-42E8-ACC4-84EF53F4A379} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD792BBB-0A91-42F2-9A28-0E994BCB62D8} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E} - (no file)
O2 - BHO: (no name) - {c8236026-286b-4c1b-ba2d-fa2274b50b00} - (no file)
O2 - BHO: (no name) - {CAD8ED26-4005-460F-9987-5C2DF08278DB} - (no file)
O2 - BHO: {b7a71a9e-a553-6bea-3a64-959ddc67f7dd} - {dd7f76cd-d959-46a3-aeb6-355ae9a17a7b} - C:\WINDOWS\system32\gicrnydl.dll (file missing)
O2 - BHO: (no name) - {EC40AA46-5786-4F06-A6B8-20D6CECC7683} - (no file)
O2 - BHO: (no name) - {ECA808EE-CEE1-454B-97FC-CE5518ACDDA9} - (no file)
O2 - BHO: (no name) - {FEBCB43F-7610-451D-9F04-1EE7405D825A} - (no file)
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [8cfeb6c4] rundll32.exe "C:\WINDOWS\system32\hbwbwuhd.dll",b
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2429] command /c del "C:\WINDOWS\mirar_distro_876260.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: pmnkhgh - C:\WINDOWS\
O20 - Winlogon Notify: qhhpsxvf - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Scan saved at 23:18:09, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cédric\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00941BFA-3919-4ADA-9205-C134C9FC66F0} - (no file)
O2 - BHO: (no name) - {3F8A34B6-4FC8-4307-99E5-476FA08F95D2} - (no file)
O2 - BHO: (no name) - {50223A48-684C-4F73-80C2-DF876F0CC5A7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54F2557A-F960-4C07-8496-F61A533C9C41} - (no file)
O2 - BHO: (no name) - {55DCAD06-EC05-4CE1-BE55-F3264D7B0059} - (no file)
O2 - BHO: (no name) - {560D59BE-4AB8-4832-822F-A9080E90D97B} - (no file)
O2 - BHO: (no name) - {6B647BCC-C285-4B01-8A66-338B8567E4BB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {72e92f21-5097-4a40-8c03-482d9a75902d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8C7C93E5-2F03-4A67-9410-F3E0D8300BA7} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96CCF007-06BB-4D85-BAB7-6F68EF23BC3A} - (no file)
O2 - BHO: (no name) - {98718E46-8F6F-42E8-ACC4-84EF53F4A379} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD792BBB-0A91-42F2-9A28-0E994BCB62D8} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {BD279D1A-5AC3-44BD-BF05-3094A9E6AF5E} - (no file)
O2 - BHO: (no name) - {c8236026-286b-4c1b-ba2d-fa2274b50b00} - (no file)
O2 - BHO: (no name) - {CAD8ED26-4005-460F-9987-5C2DF08278DB} - (no file)
O2 - BHO: {b7a71a9e-a553-6bea-3a64-959ddc67f7dd} - {dd7f76cd-d959-46a3-aeb6-355ae9a17a7b} - C:\WINDOWS\system32\gicrnydl.dll (file missing)
O2 - BHO: (no name) - {EC40AA46-5786-4F06-A6B8-20D6CECC7683} - (no file)
O2 - BHO: (no name) - {ECA808EE-CEE1-454B-97FC-CE5518ACDDA9} - (no file)
O2 - BHO: (no name) - {FEBCB43F-7610-451D-9F04-1EE7405D825A} - (no file)
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [8cfeb6c4] rundll32.exe "C:\WINDOWS\system32\hbwbwuhd.dll",b
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\MBDownloader_876923.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Jeux\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2429] command /c del "C:\WINDOWS\mirar_distro_876260.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: pmnkhgh - C:\WINDOWS\
O20 - Winlogon Notify: qhhpsxvf - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Téléchargez ceci (de gchris) : http://komun.chez-alice.fr/Repertoire/Utilitaires.Desinfection.html
Dézippez-le sur votre bureau (clic droit -> extraire tout).
Vérifiez que vous êtes bien connecté à internet.
Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.
Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet, Autorisez, c'est nécessaire à ad-fix pour vérifier la version.
Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt)
Dézippez-le sur votre bureau (clic droit -> extraire tout).
Vérifiez que vous êtes bien connecté à internet.
Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.
Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet, Autorisez, c'est nécessaire à ad-fix pour vérifier la version.
Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt)
edit
puis fais ca aussi :
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
puis fais ca aussi :
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt