Mon pc a surement un virus
nadine3324
Messages postés
221
Statut
Membre
-
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Regis59 Messages postés 21143 Date d'inscription Statut Contributeur sécurité Dernière intervention -
bonsoir a tous
j'aurai besoin d'aide car mon pc a surement un virus ou du moins un problème.
je vous explique
tous les problèmes sont intermittents, ils n'arrivent pas toujours
les pages internet se bloquent, si je fais ctr/alt/supp cela me repond que le programme ne repond pas
lorsque je clique sur outlook, parfois, il ne s'ouvre pas et si plus tard je souhaite couper mon pc, ben il me repond que outlook ne repond pas, et je dois le fermer autant de fois que j'ai cliquer sur l'icone. (je ne sais pas si je suis clair :-) )
j'ai fait un cleaner mais ça a durer tres longtemps, c'est la premiere fois que ça dure autant
j'ai voulu faire un spyboot, mais j'ai pas reussi a aller au bout dscan (trop long), j'ai abandonné.
j'ai fait un scan et une defragmentation vendredi dernier, mais ça n'a rien arrangé
Parfois on ne peux pas couper le pc, et si on le coupe en appuyant sur le bouton (je sais c pas cool) ben il redemarre tout seul
bref, c'est pas trés réjouissant
je vous mets ci dessous un hijack this
j'espère que ça pourra vous aider, car moi j'y connais rien
Logfile of HijackThis v1.99.1
Scan saved at 20:50:18, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S73.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
merci beaucoup d'avance pour votre aide
je compte sur vous, vous etes super au top en general
A++
j'aurai besoin d'aide car mon pc a surement un virus ou du moins un problème.
je vous explique
tous les problèmes sont intermittents, ils n'arrivent pas toujours
les pages internet se bloquent, si je fais ctr/alt/supp cela me repond que le programme ne repond pas
lorsque je clique sur outlook, parfois, il ne s'ouvre pas et si plus tard je souhaite couper mon pc, ben il me repond que outlook ne repond pas, et je dois le fermer autant de fois que j'ai cliquer sur l'icone. (je ne sais pas si je suis clair :-) )
j'ai fait un cleaner mais ça a durer tres longtemps, c'est la premiere fois que ça dure autant
j'ai voulu faire un spyboot, mais j'ai pas reussi a aller au bout dscan (trop long), j'ai abandonné.
j'ai fait un scan et une defragmentation vendredi dernier, mais ça n'a rien arrangé
Parfois on ne peux pas couper le pc, et si on le coupe en appuyant sur le bouton (je sais c pas cool) ben il redemarre tout seul
bref, c'est pas trés réjouissant
je vous mets ci dessous un hijack this
j'espère que ça pourra vous aider, car moi j'y connais rien
Logfile of HijackThis v1.99.1
Scan saved at 20:50:18, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S73.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
merci beaucoup d'avance pour votre aide
je compte sur vous, vous etes super au top en general
A++
A voir également:
- Mon pc a surement un virus
- Réinitialiser un pc - Guide
- Mon pc est lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Plus de son sur mon pc - Guide
- Double ecran pc - Guide
13 réponses
tu doi instaler imediatement spybot search and destroy : https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
rep moi vite pour savoir si tu y et ariver bye et ....bonne chance ! ( si tu compren pa le logiciel recontacte moi sur cette page )
rep moi vite pour savoir si tu y et ariver bye et ....bonne chance ! ( si tu compren pa le logiciel recontacte moi sur cette page )
bonjour
apparament tu as un sacré problème
je serais toi si tu n'arrive a rien faire car il est trop long
c'est peut etre une solution radicale mais assez éfficasse
passe part le formatage surtout sauvarde bien toutes tes donner que tu veux garder car après le formatage tu n'aurras plus rien
contrôle également que tu à bien tout les cd d'instalation avant de le formater
pour pouvoir les réinstaler
bon courrage
apparament tu as un sacré problème
je serais toi si tu n'arrive a rien faire car il est trop long
c'est peut etre une solution radicale mais assez éfficasse
passe part le formatage surtout sauvarde bien toutes tes donner que tu veux garder car après le formatage tu n'aurras plus rien
contrôle également que tu à bien tout les cd d'instalation avant de le formater
pour pouvoir les réinstaler
bon courrage
salut
merci de ta rep rapide
je passe spyboot, je l'ai dejà sur mon pc, mais tout a l'heure je n'y suis pas arrivé
comme je l'ai dis dans mon message j'ai arreté de la passé
je réessaye et te recontacte
merci
merci de ta rep rapide
je passe spyboot, je l'ai dejà sur mon pc, mais tout a l'heure je n'y suis pas arrivé
comme je l'ai dis dans mon message j'ai arreté de la passé
je réessaye et te recontacte
merci
salut
tu dis que j'ai un sacré problème
mais peux tu m'en dire un peu plus sur le problème
merci de ton aide
tu dis que j'ai un sacré problème
mais peux tu m'en dire un peu plus sur le problème
merci de ton aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour
pour moir si le spybot l'antivirus ne t'aide pas c'est que tu as un virus plus important que l'on pourais croire
donc pour moi sa veudire formatage mais comme je ne suis pas une pro ça n'engage que moi je lé fait sur le mien et depuis ça fonctionne
donc je te le conseille
après c'est à toi de voir
pour moir si le spybot l'antivirus ne t'aide pas c'est que tu as un virus plus important que l'on pourais croire
donc pour moi sa veudire formatage mais comme je ne suis pas une pro ça n'engage que moi je lé fait sur le mien et depuis ça fonctionne
donc je te le conseille
après c'est à toi de voir
merci de ton aide
mais avec l'aide des petits génies de ce site j'ai déjà réussi a enlever des super virus
donc avant de formater, je fais confiance au pros de ce site
merci quand meme de ton aide
mais avec l'aide des petits génies de ce site j'ai déjà réussi a enlever des super virus
donc avant de formater, je fais confiance au pros de ce site
merci quand meme de ton aide
re
je viens de passer spybot
ça a été un peu long mais il a rien trouver
que dois je faire maintenant
peux tu me dire les problèmes que tu as trouvé sur mon pc
merci de ton aide
A++
je viens de passer spybot
ça a été un peu long mais il a rien trouver
que dois je faire maintenant
peux tu me dire les problèmes que tu as trouvé sur mon pc
merci de ton aide
A++
salut à tous
voici le rapport sdfix
SDFix: Version 1.118
Run by nous on 13/12/2007 at 13:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\nous\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\TFTP1132 - Deleted
C:\WINDOWS\system32\TFTP2308 - Deleted
C:\WINDOWS\system32\TFTP3020 - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 13:29:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\ben.gauffre@hotmail.fr\DFSR\Staging\CS{DD6E57D7-D97E-C717-4DED-18160ADE9D1B}\01\14-{DD6E57D7-D97E-C717-4DED-18160ADE9D1B}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\01\10-{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\32\11-{D623B0C2-B4C5-4CD2-9BCC-1C68D291A028}-v32-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5844 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\32\11-{D623B0C2-B4C5-4CD2-9BCC-1C68D291A028}-v32-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 648 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\01\13-{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\75\11-{09AEB091-3E94-47B1-8C31-CD1B85F71048}-v75-{517457BA-AFDD-4724-8073-488778015D26}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\78\16-{09AEB091-3E94-47B1-8C31-CD1B85F71048}-v78-{4C1F1C49-636F-423C-B9C3-42377A26CB18}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nidan3324@hotmail.fr\SharingMetadata\didierdu12@hotmail.fr\DFSR\Staging\CS{7CBD1A76-4DDE-7B04-46C6-602BEBBFBE0D}\01\10-{7CBD1A76-4DDE-7B04-46C6-602BEBBFBE0D}-v1-{29CF6D80-871A-47B4-9EB6-7FC8AECC1D36}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\nous\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 26 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 9 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
et voilà un nouveau hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:43:18, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
merci de ton aide
voici le rapport sdfix
SDFix: Version 1.118
Run by nous on 13/12/2007 at 13:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\nous\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\TFTP1132 - Deleted
C:\WINDOWS\system32\TFTP2308 - Deleted
C:\WINDOWS\system32\TFTP3020 - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 13:29:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\ben.gauffre@hotmail.fr\DFSR\Staging\CS{DD6E57D7-D97E-C717-4DED-18160ADE9D1B}\01\14-{DD6E57D7-D97E-C717-4DED-18160ADE9D1B}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\01\10-{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\32\11-{D623B0C2-B4C5-4CD2-9BCC-1C68D291A028}-v32-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5844 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\tuning.maths@hotmail.fr\DFSR\Staging\CS{F96D8D5F-510F-1F21-BA96-2FAFDCD5EF35}\32\11-{D623B0C2-B4C5-4CD2-9BCC-1C68D291A028}-v32-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 648 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\01\13-{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}-v1-{F71A0AFB-BB5B-4B06-AC78-65546EBC5ED4}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\75\11-{09AEB091-3E94-47B1-8C31-CD1B85F71048}-v75-{517457BA-AFDD-4724-8073-488778015D26}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nico_a_le_style@hotmail.com\SharingMetadata\virg_56@hotmail.fr\DFSR\Staging\CS{2FA02C89-D2A8-1E51-FC58-EB1B81C24E0D}\78\16-{09AEB091-3E94-47B1-8C31-CD1B85F71048}-v78-{4C1F1C49-636F-423C-B9C3-42377A26CB18}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\nous\Local Settings\Application Data\Microsoft\Messenger\nidan3324@hotmail.fr\SharingMetadata\didierdu12@hotmail.fr\DFSR\Staging\CS{7CBD1A76-4DDE-7B04-46C6-602BEBBFBE0D}\01\10-{7CBD1A76-4DDE-7B04-46C6-602BEBBFBE0D}-v1-{29CF6D80-871A-47B4-9EB6-7FC8AECC1D36}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\nous\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 26 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 9 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
et voilà un nouveau hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:43:18, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
merci de ton aide
voilà je viens de passer combo, le rapport est dessous
merci de me dire ce que tu en penses et ce que je dois faire
A++
ComboFix 07-12-12.3 - nous 2007-12-18 13:25:49.2 - NTFSx86
Running from: C:\Documents and Settings\nous\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 08:50 . 2007-12-11 23:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-15 13:17 . 2007-12-15 13:17 0 --a------ C:\WINDOWS\iplayer.INI
2007-12-15 13:15 . 2007-12-16 14:00 <REP> d-------- C:\Program Files\InterActual
2007-12-13 13:19 . 2007-12-13 13:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 23:34 . 2007-12-11 23:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-12-02 18:09 . 2007-12-02 18:32 <REP> d-------- C:\Program Files\Bayo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 12:38 --------- d-----w C:\Program Files\Wanadoo
2007-12-18 09:03 --------- d-----w C:\Program Files\eMule
2007-12-17 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-17 07:50 --------- d-----w C:\Program Files\DivX
2007-12-13 12:10 1,301 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-12 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 17:40 --------- d-----w C:\Program Files\CartoNavPlus
2007-12-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 15:43 --------- d-----w C:\Program Files\GamesBar
2007-11-02 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-30 11:52 --------- d-----w C:\Program Files\CartoNav
2007-10-30 11:43 49,723 ----a-w C:\Uninstal.exe
2007-10-26 17:30 --------- d-----w C:\Program Files\Picasa2
2007-10-24 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-24 08:36 --------- d-----w C:\Program Files\Panda Security
2007-03-01 11:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-24 13:16 10,392,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_24_15_14_59_full.dmp.zip
2004-08-20 17:09 62,865 -c--a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 -c--a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 -c--a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_23.38.44.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-11 20:15:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-13 12:19:48 6,545,408 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-13 12:19:48 233,472 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-11 20:15:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-13 12:19:37 6,545,408 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-13 12:19:37 233,472 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2006-10-02 19:04:39 635,486 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-12-11 22:33:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
- 2006-10-02 19:04:40 806,912 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
- 2006-10-02 19:04:40 806,912 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
- 2006-10-02 19:04:40 790,528 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-12-11 22:33:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
- 2006-08-10 23:03:58 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-12-11 22:33:14 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2006-07-11 22:54:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
- 2006-07-11 22:54:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
- 2006-07-11 22:54:34 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2007-12-11 22:33:08 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
- 2006-07-11 22:54:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2007-12-11 22:33:06 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
- 2006-07-11 22:54:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2007-12-11 22:33:06 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
- 2006-07-11 22:54:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2007-12-11 22:33:06 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2006-08-10 23:03:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
+ 2007-12-11 22:33:14 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2006-09-27 21:53:22 514,808 ------w C:\WINDOWS\system32\px.dll
+ 2007-12-11 22:34:50 551,672 ------w C:\WINDOWS\system32\px.dll
- 2006-07-27 17:28:33 56,832 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-12-11 22:34:50 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2006-07-27 17:28:33 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2007-12-11 22:34:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
- 2006-09-27 21:53:22 477,944 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-12-11 22:34:50 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2006-09-27 21:53:22 68,344 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-11 22:34:52 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2006-07-27 17:28:33 56,320 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-12-11 22:34:48 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2006-07-27 17:28:33 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2007-12-11 22:34:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
- 2006-09-27 21:53:22 183,032 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-12-11 22:34:52 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-12-11 22:34:50 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2006-09-27 21:53:23 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-12-11 22:34:50 379,640 ------w C:\WINDOWS\system32\pxwave.dll
- 2006-09-27 21:53:23 39,672 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-12-11 22:34:48 88,824 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-12-14 17:22:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-12 18:37]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus Photo R240 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"EPSON Stylus Photo R240 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-04 17:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 20:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-03 09:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
"Win32"="illltcj.exe" []
"Ms System Config"="Mscfg.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Ms System Config"="Mscfg.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
1998-07-07 15:20 22528 --a--c--- C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b696172-36b2-11db-85cd-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{412208b0-4873-11db-8675-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 13:37:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 13:40:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-12 23:40
C:\ComboFix3.txt ... 2006-09-22 14:28
C:\ComboFix4 ...
.
2007-11-10 21:34:44 --- E O F ---
merci de me dire ce que tu en penses et ce que je dois faire
A++
ComboFix 07-12-12.3 - nous 2007-12-18 13:25:49.2 - NTFSx86
Running from: C:\Documents and Settings\nous\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-17 08:50 . 2007-12-11 23:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-15 13:17 . 2007-12-15 13:17 0 --a------ C:\WINDOWS\iplayer.INI
2007-12-15 13:15 . 2007-12-16 14:00 <REP> d-------- C:\Program Files\InterActual
2007-12-13 13:19 . 2007-12-13 13:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 23:34 . 2007-12-11 23:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-12-02 18:09 . 2007-12-02 18:32 <REP> d-------- C:\Program Files\Bayo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 12:38 --------- d-----w C:\Program Files\Wanadoo
2007-12-18 09:03 --------- d-----w C:\Program Files\eMule
2007-12-17 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-17 07:50 --------- d-----w C:\Program Files\DivX
2007-12-13 12:10 1,301 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-12 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 17:40 --------- d-----w C:\Program Files\CartoNavPlus
2007-12-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 15:43 --------- d-----w C:\Program Files\GamesBar
2007-11-02 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-30 11:52 --------- d-----w C:\Program Files\CartoNav
2007-10-30 11:43 49,723 ----a-w C:\Uninstal.exe
2007-10-26 17:30 --------- d-----w C:\Program Files\Picasa2
2007-10-24 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-24 08:36 --------- d-----w C:\Program Files\Panda Security
2007-03-01 11:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-24 13:16 10,392,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_24_15_14_59_full.dmp.zip
2004-08-20 17:09 62,865 -c--a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 -c--a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 -c--a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_23.38.44.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-11 20:15:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-13 12:19:48 6,545,408 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-13 12:19:48 233,472 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-11 20:15:23 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-13 12:19:37 6,545,408 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-13 12:19:37 233,472 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2006-10-02 19:04:39 635,486 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-12-11 22:33:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
- 2006-10-02 19:04:40 806,912 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
- 2006-10-02 19:04:40 806,912 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-12-11 22:33:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
- 2006-10-02 19:04:40 790,528 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-12-11 22:33:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
- 2006-08-10 23:03:58 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-12-11 22:33:14 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2006-07-11 22:54:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
- 2006-07-11 22:54:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2007-12-11 22:33:06 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
- 2006-07-11 22:54:34 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2007-12-11 22:33:08 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
- 2006-07-11 22:54:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2007-12-11 22:33:06 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
- 2006-07-11 22:54:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2007-12-11 22:33:06 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
- 2006-07-11 22:54:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2007-12-11 22:33:06 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2006-08-10 23:03:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
+ 2007-12-11 22:33:14 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2006-09-27 21:53:22 514,808 ------w C:\WINDOWS\system32\px.dll
+ 2007-12-11 22:34:50 551,672 ------w C:\WINDOWS\system32\px.dll
- 2006-07-27 17:28:33 56,832 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-12-11 22:34:50 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2006-07-27 17:28:33 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2007-12-11 22:34:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
- 2006-09-27 21:53:22 477,944 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-12-11 22:34:50 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2006-09-27 21:53:22 68,344 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-11 22:34:52 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2006-07-27 17:28:33 56,320 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-12-11 22:34:48 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2006-07-27 17:28:33 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2007-12-11 22:34:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
- 2006-09-27 21:53:22 183,032 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-12-11 22:34:52 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-12-11 22:34:50 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2006-09-27 21:53:23 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-12-11 22:34:50 379,640 ------w C:\WINDOWS\system32\pxwave.dll
- 2006-09-27 21:53:23 39,672 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-12-11 22:34:48 88,824 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-12-14 17:22:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-12 18:37]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus Photo R240 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"EPSON Stylus Photo R240 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-04 17:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 20:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-03 09:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
"Win32"="illltcj.exe" []
"Ms System Config"="Mscfg.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Ms System Config"="Mscfg.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
1998-07-07 15:20 22528 --a--c--- C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b696172-36b2-11db-85cd-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{412208b0-4873-11db-8675-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 13:37:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 13:40:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-12 23:40
C:\ComboFix3.txt ... 2006-09-22 14:28
C:\ComboFix4 ...
.
2007-11-10 21:34:44 --- E O F ---
[*]Télécharge http://cluster1.easy-hebergement.net/
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
---------------------------------------------
[*]Ouvre BTFix.
[*]Clique sur Nettoyer.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
---------------------------------------------
[*]Ouvre BTFix.
[*]Clique sur Nettoyer.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
salut
bon j'espère que t bien réveillé et que ta bien dormi...lol
voici les 2 rapport
le combofix :
ComboFix 07-12-12.3 - nous 2007-12-18 23:13:42.3 - NTFSx86
Running from: C:\Documents and Settings\nous\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 18:49 . 2007-12-18 18:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 18:49 . 2007-12-18 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 08:50 . 2007-12-11 23:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-15 13:17 . 2007-12-15 13:17 0 --a------ C:\WINDOWS\iplayer.INI
2007-12-15 13:15 . 2007-12-18 14:35 <REP> d-------- C:\Program Files\InterActual
2007-12-13 13:19 . 2007-12-13 13:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 23:34 . 2007-12-11 23:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-12-02 18:09 . 2007-12-02 18:32 <REP> d-------- C:\Program Files\Bayo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 22:25 --------- d-----w C:\Program Files\Wanadoo
2007-12-18 21:32 1,468 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-18 20:26 --------- d-----w C:\Program Files\eMule
2007-12-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-17 07:50 --------- d-----w C:\Program Files\DivX
2007-12-12 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 17:40 --------- d-----w C:\Program Files\CartoNavPlus
2007-12-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-30 11:52 --------- d-----w C:\Program Files\CartoNav
2007-10-30 11:43 49,723 ----a-w C:\Uninstal.exe
2007-10-30 11:41 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-10-30 11:41 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-10-30 11:41 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-10-26 17:30 --------- d-----w C:\Program Files\Picasa2
2007-10-24 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-24 08:36 --------- d-----w C:\Program Files\Panda Security
2007-03-01 11:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-24 13:16 10,392,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_24_15_14_59_full.dmp.zip
2004-08-20 17:09 62,865 -c--a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 -c--a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 -c--a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((( snapshot_2007-12-18_13.39.22.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-17 12:22:04 285,472 ----a-w C:\WINDOWS\system32\itiimg3.dll
+ 2007-12-18 22:21:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-12 18:37]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus Photo R240 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"EPSON Stylus Photo R240 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-04 17:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 20:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-03 09:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
1998-07-07 15:20 22528 --a--c--- C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b696172-36b2-11db-85cd-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{412208b0-4873-11db-8675-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 23:23:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 23:27:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-18 13:40
C:\ComboFix3.txt ... 2007-12-12 23:40
C:\ComboFix4 ...
.
2007-11-10 21:34:44 --- E O F ---
et hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:15, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\nircmd.cfexe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
tu en penses koi ???
je me connectes sur msn mercredi midi et mercredi soir
A++ et encore merci beaucoup
bon j'espère que t bien réveillé et que ta bien dormi...lol
voici les 2 rapport
le combofix :
ComboFix 07-12-12.3 - nous 2007-12-18 23:13:42.3 - NTFSx86
Running from: C:\Documents and Settings\nous\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.
2007-12-18 18:49 . 2007-12-18 18:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 18:49 . 2007-12-18 18:49 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 08:50 . 2007-12-11 23:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-15 13:17 . 2007-12-15 13:17 0 --a------ C:\WINDOWS\iplayer.INI
2007-12-15 13:15 . 2007-12-18 14:35 <REP> d-------- C:\Program Files\InterActual
2007-12-13 13:19 . 2007-12-13 13:19 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 23:34 . 2007-12-11 23:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-12-02 18:09 . 2007-12-02 18:32 <REP> d-------- C:\Program Files\Bayo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 22:25 --------- d-----w C:\Program Files\Wanadoo
2007-12-18 21:32 1,468 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-18 20:26 --------- d-----w C:\Program Files\eMule
2007-12-18 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-17 07:50 --------- d-----w C:\Program Files\DivX
2007-12-12 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 17:40 --------- d-----w C:\Program Files\CartoNavPlus
2007-12-02 17:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 18:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-30 11:52 --------- d-----w C:\Program Files\CartoNav
2007-10-30 11:43 49,723 ----a-w C:\Uninstal.exe
2007-10-30 11:41 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-10-30 11:41 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-10-30 11:41 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-10-26 17:30 --------- d-----w C:\Program Files\Picasa2
2007-10-24 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-24 08:36 --------- d-----w C:\Program Files\Panda Security
2007-03-01 11:21 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-24 13:16 10,392,903 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_24_15_14_59_full.dmp.zip
2004-08-20 17:09 62,865 -c--a-w C:\WINDOWS\inf\IM\odysseyIM3.sys
2004-08-20 17:09 45,056 -c--a-w C:\WINDOWS\inf\IM\imdinst.exe
2004-08-20 17:09 12,739 -c--a-w C:\WINDOWS\inf\IM\odNetInstall.dll
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.
((((((((((((((((((((((((((((( snapshot_2007-12-18_13.39.22.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-17 12:22:04 285,472 ----a-w C:\WINDOWS\system32\itiimg3.dll
+ 2007-12-18 22:21:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-12 18:37]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus Photo R240 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"EPSON Stylus Photo R240 Series (Copie 2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 03:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-04 17:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 20:38]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-03 09:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nous^Menu Démarrer^Programmes^Démarrage^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
1998-07-07 15:20 22528 --a--c--- C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;C:\WINDOWS\system32\DRIVERS\GPlus.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b696172-36b2-11db-85cd-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{412208b0-4873-11db-8675-001346b09cf4}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 23:23:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 23:27:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-18 13:40
C:\ComboFix3.txt ... 2007-12-12 23:40
C:\ComboFix4 ...
.
2007-11-10 21:34:44 --- E O F ---
et hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 23:15, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\nircmd.cfexe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nous\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 2)" /O5 "LPT1:" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
tu en penses koi ???
je me connectes sur msn mercredi midi et mercredi soir
A++ et encore merci beaucoup
