Mets trois rapports

Résolu
loan12 Messages postés 26 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,suit a un virus et a plusieurs manipulations et afin de s'assurer de n'etre plus infecté je poste mets trois rapport merci de m'aidée
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:23:54 13/12/2007

+ Résultat de l'analyse:

:mozilla.7:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.34:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.35:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.36:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport

<html><head><title>BitDefender Online Scanner - Rapport virus en temps réel</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body leftmargin="20" topmargin="20" bgcolor="#ffffff" marginheight="0" marginwidth="0">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tbody><tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>BitDefender Online Scanner - Rapport virus en temps réel</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3">
<p><font face="Courier New"><span style="font-size: 11pt;">Généré à: Thu, Dec 13, 2007 - 21:29:39</span></font></p>
</td>
</tr>
<tr>
<td>
<hr align="left" color="black" noshade="noshade" size="1" width="100%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>Info d'analyse</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<table bordercolordark="white" bordercolorlight="black" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Fichiers scannés</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">163130</span></font></p>
</td>
</tr>
<tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Infectés Fichiers</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">1</span></font></p>
</td>
</tr>
</tbody></table>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b> </b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>Virus Détectés</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<table bordercolordark="white" bordercolorlight="black" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Trojan.Mailskinner.G</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">1</span></font></p>
</td>
</tr>
</tbody></table>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p> </p>
<hr align="left" color="black" noshade="noshade" size="1" width="100%">
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 8pt;">Ce
sommaire du processus d'analyse sera utilisé par les laboratoires
Antivirus BitDefender pour créer des statistiques agréguées sur
l'activité des virus dans le monde. </span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
</tbody></table>
<p> </p>

</body></html>Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:49, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CC073C12-B796-47C6-AAA9-6B6D2EC93449} - (no file)
O2 - BHO: {269821a8-08c3-c489-6fa4-81a427c41d8e} - {e8d14c72-4a18-4af6-984c-3c808a128962} - (no file)
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
O2 - BHO: (no name) - {F755C139-52D8-41B1-B05F-BBAE79C14F85} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8553 bytes
Configuration: Windows XP
Firefox 2.0.0.11

21 réponses

  • 1
  • 2
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    1) redémarre l'ordi.

    2) télécharge combofix (par sUBs)ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    2 double-clique sur combofix.exe et suis les instructions

    3 à la fin, il va produire un rapport C:\ComboFix.txt

    4 copie/colle ce rapport dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    3) Remets aussi un rapport Hijackthis.
    0
  2. loan12
     
    bonjComboFix 07-12-16.3 - bernardes luis 2007-12-16 10:57:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
    Running from: C:\Documents and Settings\bernardes luis\Bureau\ComboFix(2).exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-13 19:57 . 2007-12-13 21:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-08 11:59 . 2007-12-08 11:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-08 11:58 . 2007-12-08 12:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-12-08 11:50 . 2007-12-16 11:00 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-07 18:25 . 2007-12-07 18:31 2,983 --a------ C:\rapport smitfraudfix du 07.12.07
    2007-12-07 09:34 . 2007-12-07 09:35 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-12-06 23:44 . 2007-12-06 23:44 1,014,754 --a------ C:\WINDOWS\system32\Prison Break.scr
    2007-12-06 18:48 . 2007-12-06 18:55 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\RegistrySmart
    2007-12-05 16:22 . 2007-12-05 19:31 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
    2007-12-05 16:22 . 2007-12-05 16:22 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\TuneUp Software
    2007-12-05 16:22 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2007-12-05 16:20 . 2007-12-05 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-12-04 20:30 . 2007-12-04 20:30 <REP> d-------- C:\Program Files\Avira
    2007-12-04 18:01 . 2007-12-04 18:01 4,614 --a------ C:\rapport smitfraudfix du 04.12.07
    2007-12-04 17:57 . 2007-12-07 18:26 392 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-03 16:56 . 2007-12-15 19:33 <REP> d-------- C:\Documents and Settings\bernardes luis\Incomplete
    2007-12-03 16:55 . 2007-12-07 21:10 <REP> d-------- C:\Program Files\LimeWire
    2007-12-03 10:37 . 2007-12-03 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-03 10:36 . 2007-12-08 14:57 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-03 10:36 . 2007-12-03 10:36 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\SUPERAntiSpyware.com
    2007-12-03 10:34 . 2007-12-05 16:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-02 14:16 . 2007-12-02 14:17 793,664 ---hs---- C:\WINDOWS\system32\nolqddko.ini
    2007-12-01 15:01 . 2007-12-01 15:02 1,316,105 ---hs---- C:\WINDOWS\system32\ocrkpcwl.ini
    2007-11-30 20:46 . 2007-12-04 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-30 14:29 . 2007-12-01 15:01 1,316,045 ---hs---- C:\WINDOWS\system32\qwaevigc.ini
    2007-11-30 12:14 . 2007-11-30 13:11 1,407,619 ---hs---- C:\WINDOWS\system32\aqjxujsb.ini
    2007-11-29 12:00 . 2007-11-30 12:06 1,410,128 ---hs---- C:\WINDOWS\system32\ehvoxltr.ini
    2007-11-28 01:08 . 2007-11-29 11:49 789,897 ---hs---- C:\WINDOWS\system32\dhgjjncd.ini
    2007-11-26 19:56 . 2007-11-27 19:56 780,515 ---hs---- C:\WINDOWS\system32\pyoyxaam.ini
    2007-11-25 19:33 . 2007-03-29 13:58 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
    2007-11-25 19:33 . 2007-03-29 13:58 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
    2007-11-25 19:33 . 2007-03-29 13:58 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
    2007-11-25 19:33 . 2007-03-29 13:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
    2007-11-25 19:33 . 2007-03-29 13:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
    2007-11-25 19:33 . 2007-03-29 13:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
    2007-11-25 19:16 . 2007-11-25 19:16 <REP> d-------- C:\887a0aa41c04afd1bd
    2007-11-25 19:07 . 2007-12-02 15:10 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-25 17:57 . 2007-12-07 17:15 <REP> d-------- C:\Program Files\Lavasoft
    2007-11-25 17:57 . 2007-11-25 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-21 16:55 . 2007-11-22 22:07 1,441,388 ---hs---- C:\WINDOWS\system32\kqqyyslv.ini
    2007-11-20 17:10 . 2007-11-20 17:10 164 --a------ C:\install.dat
    2007-11-20 15:51 . 2007-11-21 15:51 1,290,650 ---hs---- C:\WINDOWS\system32\epfxwjus.ini
    2007-11-20 15:33 . 2007-11-20 15:33 <REP> d-------- C:\Program Files\Trend Micro
    2007-11-19 18:09 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
    2007-11-19 18:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
    2007-11-19 18:09 . 2007-11-19 18:09 3,120 --a------ C:\WINDOWS\system32\118290.54
    2007-11-19 18:09 . 2007-11-19 18:09 3,120 --a------ C:\WINDOWS\118294.78
    2007-11-19 18:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
    2007-11-19 13:01 . 2007-11-20 15:21 685,892 ---hs---- C:\WINDOWS\system32\pqwpwhqu.ini
    2007-11-18 12:55 . 2007-11-18 17:39 678,220 ---hs---- C:\WINDOWS\system32\wnhidmju.ini
    2007-11-17 12:56 . 2007-11-18 11:04 677,980 ---hs---- C:\WINDOWS\system32\mqnyvrpl.ini
    2007-11-16 12:10 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-16 12:05 . 2007-11-16 16:20 675,380 ---hs---- C:\WINDOWS\system32\pqcdeayb.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-15 19:22 120,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-15 19:22 10,139,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-14 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-13 20:48 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\LimeWire
    2007-12-08 10:59 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-12-08 10:59 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-12-03 15:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-30 17:44 80,118 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-11-30 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-27 13:17 --------- d-----w C:\Program Files\Yahoo!
    2007-11-26 13:55 --------- d-----w C:\Program Files\lg_fwupdate
    2007-11-26 08:32 --------- d-----w C:\Program Files\DivX
    2007-11-25 19:04 --------- d-----w C:\Program Files\Windows Live Safety Center
    2007-11-18 13:08 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\FrostWire
    2007-11-16 15:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-11-16 10:58 494 ----a-w C:\Documents and Settings\bernardes luis\z.dat
    2007-11-16 10:58 120 ----a-w C:\n.bat
    2007-11-16 10:58 0 ----a-w C:\Documents and Settings\bernardes luis\x.dat
    2007-11-14 17:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-06 11:19 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-10-31 12:49 --------- d-----w C:\Program Files\Dcads Games Collection
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-24 10:46 --------- d-----w C:\Program Files\Java
    2007-10-23 10:28 --------- d-----w C:\Program Files\AskTBar
    2007-10-22 18:41 --------- d-----w C:\Program Files\CyberLink DVD Solution
    2007-10-22 13:57 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\CyberLink
    2007-10-22 13:44 --------- d-----w C:\Program Files\Azureus
    2007-10-22 13:42 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\Azureus
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2007-10-17 12:26 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\InterTrust
    2007-10-17 12:23 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-17 12:23 --------- d-----w C:\Program Files\Ahead
    2007-10-16 12:58 --------- d-----w C:\Program Files\Google
    2007-10-12 15:00 448 ----a-w C:\drvpnp.dat
    2007-10-12 14:56 484 ----a-w C:\pnpID.dat
    2007-04-12 17:59 30,048 ----a-w C:\Documents and Settings\bernardes luis\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-02 16:27 433 ----a-w C:\Documents and Settings\bernardes luis\formhistory.dat
    2007-04-02 16:27 20,046 ----a-w C:\Documents and Settings\bernardes luis\history.dat
    2007-04-02 14:51 94,621 ----a-w C:\Documents and Settings\bernardes luis\xpti.dat
    2007-04-02 14:51 151,490 ----a-w C:\Documents and Settings\bernardes luis\compreg.dat
    2007-02-04 10:32 374 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb6334.dat
    2007-02-03 13:35 538 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb8467.dat
    2007-02-03 13:35 18,432 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb41.dat
    2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-06_22.51.13.51 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-10 23:22:14 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
    + 2007-10-10 23:22:14 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
    + 2007-10-10 23:22:14 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
    + 2007-10-10 23:22:14 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
    + 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
    + 2007-10-10 23:22:14 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
    + 2007-10-10 23:22:14 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
    + 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
    + 2007-10-10 23:22:14 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
    + 2007-10-10 23:22:15 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
    + 2007-10-10 23:22:16 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
    + 2007-10-10 23:22:16 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
    + 2007-10-10 23:22:16 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
    + 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
    + 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    + 2007-10-10 23:22:16 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
    + 2007-10-10 23:22:16 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
    + 2007-10-10 23:22:16 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
    + 2007-10-30 23:40:57 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    + 2007-10-10 23:22:18 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
    + 2007-10-10 23:22:18 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
    + 2007-10-10 23:22:18 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
    + 2007-10-10 23:22:18 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
    + 2007-10-10 23:22:18 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
    + 2007-10-10 23:22:19 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
    + 2007-10-10 23:22:19 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
    + 2007-10-10 23:22:19 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2007-12-13 18:58:58 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
    + 2007-12-13 18:58:58 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
    + 2007-12-13 18:58:59 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
    + 2007-12-13 18:59:08 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
    + 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
    + 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
    + 2007-12-13 18:59:10 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
    + 2007-12-13 18:59:00 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
    + 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    + 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
    + 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    + 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
    + 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
    + 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
    + 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
    + 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
    + 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
    + 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
    + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
    + 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
    + 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
    + 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
    + 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
    + 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
    + 2007-08-17 10:22:11 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
    + 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    + 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
    + 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
    + 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
    + 2007-08-20 09:59:30 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
    + 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
    + 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
    + 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
    + 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
    + 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
    + 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
    + 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
    + 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    - 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-08-20 09:59:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-10-10 23:49:42 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-08-20 09:59:29 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-10-10 23:49:42 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    + 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
    - 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    - 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    + 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    - 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    + 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
    - 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    + 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
    - 2007-08-17 10:22:11 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
    - 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-08-20 09:59:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-10-10 23:49:44 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    + 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
    - 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    + 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    - 2007-08-20 09:59:30 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2007-10-30 23:23:48 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-08-20 09:59:30 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-10-10 23:49:44 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-08-20 09:59:30 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-10-10 23:49:44 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-08-20 09:59:30 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-10 23:49:45 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    + 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    + 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    + 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-08-20 09:59:31 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-10-10 23:49:45 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2007-08-20 09:59:31 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-10 23:49:45 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-10-18 19:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    + 2007-10-25 08:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    + 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    + 2007-05-30 23:03:50 119,576 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    - 2007-08-20 09:59:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-08-20 09:59:29 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2007-08-20 09:59:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-08-17 10:22:11 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2007-10-10 11:00:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    - 2007-08-20 09:59:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    - 2007-08-20 09:59:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    - 2007-08-20 09:59:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    + 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-08-20 09:59:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    - 2007-08-20 09:59:29 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
    + 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-08-20 09:59:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2007-10-10 23:49:43 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    - 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    + 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-08-17 10:22:11 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-06-21 20:55:28 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
    + 2007-06-21 20:55:28 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
    - 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
    - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2007-10-10 23:49:45 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-08-20 09:59:31 102,400 ----a-w C:\WINDOWS\system32\occache.dll
    + 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\system32\occache.dll
    + 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
    - 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
    - 2006-11-29 16:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
    + 2007-12-04 00:00:42 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    - 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
    + 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
    + 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys
    + 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
    + 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
    + 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
    + 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
    + 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
    + 2007-06-21 20:55:30 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    + 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
    + 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
    - 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
    - 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
    + 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
    + 2007-12-08 11:03:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    + 2007-06-21 20:54:24 366,112 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
    + 2007-06-21 20:55:26 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
    + 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
    + 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
    + 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
    + 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
    + 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
    + 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
    + 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
    + 2007-05-30 23:03:16 258,048 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
    + 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
    + 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
    + 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
    + 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
    + 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
    + 2007-05-30 23:03:18 118,784 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    + 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
    + 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
    + 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
    + 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
    + 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
    + 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
    + 2007-06-21 20:54:26 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
    + 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
    + 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
    + 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
    + 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
    + 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
    + 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
    + 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
    + 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
    + 2007-06-11 11:43:50 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
    + 2007-06-11 11:43:52 788,200 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
    + 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
    + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
    + 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
    + 2007-06-11 11:43:56 1,496,808 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
    + 2007-06-11 11:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
    + 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
    + 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
    + 2007-06-21 20:56:18 3,229,176 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
    + 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
    + 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
    + 2007-12-08 11:25:49 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
    + 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
    + 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
    + 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
    + 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
    + 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
    + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
    + 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    + 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
    + 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
    + 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
    + 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
    + 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
    + 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
    + 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
    + 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
    + 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
    + 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
    + 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
    + 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
    + 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
    + 2007-06-21 20:54:40 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    + 2007-12-16 09:28:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_468.dat
    + 2007-06-21 20:54:48 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    + 2007-06-21 20:55:32 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC073C12-B796-47C6-AAA9-6B6D2EC93449}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8d14c72-4a18-4af6-984c-3c808a128962}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F755C139-52D8-41B1-B05F-BBAE79C14F85}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-05 15:57]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"= 1 (0x1)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsHistory"= 1 (0x1)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"= 1 (0x1)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsHistory"= 1 (0x1)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoSharedDocuments"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkhprtxy]
    bkhprtxy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "OPTENET_FILTER"=2 (0x2)

    R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8089cba0-27cf-11dc-b961-0018f68df7cb}]
    \Shell\AutoRun\command - G:\ReadMe.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-14 16:16:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-16 11:07:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-16 11:10:04
    C:\ComboFix2.txt ... 2007-12-06 22:52
    .
    2007-12-12 23:24:48 --- E O F ---
    our lyonnais92 merci pour ta solution voici le rapport( plus rapport hijackthis)Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:18:50, on 16/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: (no name) - {CC073C12-B796-47C6-AAA9-6B6D2EC93449} - (no file)
    O2 - BHO: {269821a8-08c3-c489-6fa4-81a427c41d8e} - {e8d14c72-4a18-4af6-984c-3c808a128962} - (no file)
    O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
    O2 - BHO: (no name) - {F755C139-52D8-41B1-B05F-BBAE79C14F85} - (no file)
    O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
    O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    --

    @+
    N'acceptez jamais une désinfection par mp.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. loan12
     
    bonjour,que signifie, ne pas acceptez de désinfection par mp
    0
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re

    ça signifie pas de réponse par conversation privée (mp = message personnel)

    Spybot bloque toujours ?

    Si oui, donne le nom complet du fichier.
    0
  7. loan12 Messages postés 26 Statut Membre
     
    bonjour,spybot ne bloque plus, merc de tes conseils
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\install.dat

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
  9. loan12 Messages postés 26 Statut Membre
     
    bonj
    SDFix: Version 1.119

    Run by bernardes luis on 21/12/2007 at 17:28

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\_NIM4711.TMP - Deleted
    C:\Documents and Settings\bernardes luis\x.dat - Deleted
    C:\Documents and Settings\bernardes luis\z.dat - Deleted
    C:\n.bat - Deleted

    x.dat and z.dat data copied to \SDFix\Data.txt

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-21 17:38:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sun 23 Sep 2007 72 ..SH. --- "C:\WINDOWS\SA69E4AD6.tmp"
    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Fri 17 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 14 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
    Fri 17 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Mon 4 Dec 2006 20 A..H. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Fri 17 Nov 2006 9,655 A.SH. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    Finished!
    our et merci pour tes conseille voici le rapport.txt et le log hijackthis..et merci pour ce petit programme.salut et a bientoLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09:59, on 21/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nskA.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
    O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
    O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    connais tu Protection PLUS ?

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\msxml3a.dll

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    0
  11. loan12 Messages postés 26 Statut Membre
     
    bonjo | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
    Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
    File msxml3a.dll received on 11.21.2007 04:31:20 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: ___.
    Estimated start time is between ___ and ___ .
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    AhnLab-V3 2007.11.21.0 2007.11.21 -
    AntiVir 7.6.0.34 2007.11.20 -
    Authentium 4.93.8 2007.11.21 -
    Avast 4.7.1074.0 2007.11.20 -
    AVG 7.5.0.503 2007.11.20 -
    BitDefender 7.2 2007.11.21 -
    CAT-QuickHeal 9.00 2007.11.20 -
    ClamAV 0.91.2 2007.11.21 -
    DrWeb 4.44.0.09170 2007.11.20 -
    eSafe 7.0.15.0 2007.11.14 -
    eTrust-Vet 31.3.5312 2007.11.20 -
    Ewido 4.0 2007.11.20 -
    FileAdvisor 1 2007.11.21 -
    Fortinet 3.14.0.0 2007.11.21 -
    F-Prot 4.4.2.54 2007.11.21 -
    F-Secure 6.70.13030.0 2007.11.21 -
    Ikarus T3.1.1.12 2007.11.21 -
    Kaspersky 7.0.0.125 2007.11.21 -
    McAfee 5167 2007.11.20 -
    Microsoft 1.3007 2007.11.21 -
    NOD32v2 2674 2007.11.21 -
    Norman 5.80.02 2007.11.20 -
    Panda 9.0.0.4 2007.11.21 -
    Prevx1 V2 2007.11.21 -
    Rising 20.19.11.00 2007.11.21 -
    Sophos 4.23.0 2007.11.21 -
    Sunbelt 2.2.907.0 2007.11.21 -
    Symantec 10 2007.11.21 -
    TheHacker 6.2.9.135 2007.11.20 -
    VBA32 3.12.2.5 2007.11.20 -
    VirusBuster 4.3.26:9 2007.11.20 -
    Webwasher-Gateway 6.0.1 2007.11.21 -
    Additional information
    File size: 24064 bytes
    MD5: 718d1c9346a991ee101f2dfa72a50d70
    SHA1: 7fea804959602826358911e286ce47a9f08cff48

    ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

    VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com ur,je ne trouve pas le fichier send file.vioci le rapport .et encore merci
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    connais tu Protection PLUS ?
    0
  13. loan12
     
    bonjour,non je ne connais pas ce programme
    0
  14. loan12 Messages postés 26 Statut Membre
     
    bonjour,ce programme ou logiciel et'il payant...(ps .j'apprécie becaucoup ce forum,avec sont esprit d'entraide. encor Merci )
    0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\nolqddko.ini
    C:\WINDOWS\system32\ocrkpcwl.ini
    C:\WINDOWS\system32\qwaevigc.ini
    C:\WINDOWS\system32\aqjxujsb.ini
    C:\WINDOWS\system32\ehvoxltr.ini
    C:\WINDOWS\system32\dhgjjncd.ini
    C:\WINDOWS\system32\pyoyxaam.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\kqqyyslv.ini
    C:\WINDOWS\system32\epfxwjus.ini
    C:\WINDOWS\system32\118290.54
    C:\WINDOWS\118294.78
    C:\WINDOWS\system32\pqwpwhqu.ini
    C:\WINDOWS\system32\wnhidmju.ini
    C:\WINDOWS\system32\mqnyvrpl.ini
    C:\WINDOWS\system32\msxml3a.dll
    C:\WINDOWS\system32\pqcdeayb.ini

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

    Clique sur le fichier CFscrïpt, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    en précisant où en sont tes soucis

    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
    0
  16. loan12 Messages postés 26 Statut Membre
     
    bonComboFix 07-12-16.3 - bernardes luis 2007-12-26 11:40:49.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.496 [GMT 1:00]
    Running from: C:\Documents and Settings\bernardes luis\Bureau\ComboFix(2).exe
    Command switches used :: C:\Documents and Settings\bernardes luis\Bureau\CFscript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-24 17:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-24 17:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-24 17:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-24 17:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-21 17:26 . 2007-12-21 17:26 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-19 18:52 . 2007-12-19 18:52 <REP> d-------- C:\Program Files\MSN Messenger
    2007-12-13 19:57 . 2007-12-13 21:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-08 11:59 . 2007-12-08 11:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-08 11:58 . 2007-12-08 12:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-12-08 11:50 . 2007-12-26 11:34 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-07 18:25 . 2007-12-07 18:31 2,983 --a------ C:\rapport smitfraudfix du 07.12.07
    2007-12-07 09:34 . 2007-12-07 09:35 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2007-12-06 23:44 . 2007-12-06 23:44 1,014,754 --a------ C:\WINDOWS\system32\Prison Break.scr
    2007-12-06 18:48 . 2007-12-06 18:55 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\RegistrySmart
    2007-12-05 16:22 . 2007-12-19 15:41 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
    2007-12-05 16:22 . 2007-12-05 16:22 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\TuneUp Software
    2007-12-05 16:20 . 2007-12-05 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-12-04 20:30 . 2007-12-04 20:30 <REP> d-------- C:\Program Files\Avira
    2007-12-04 18:01 . 2007-12-04 18:01 4,614 --a------ C:\rapport smitfraudfix du 04.12.07
    2007-12-04 17:57 . 2007-12-24 17:32 710 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-03 16:56 . 2007-12-25 19:52 <REP> d-------- C:\Documents and Settings\bernardes luis\Incomplete
    2007-12-03 16:55 . 2007-12-20 15:28 <REP> d-------- C:\Program Files\LimeWire
    2007-12-03 10:37 . 2007-12-03 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-12-03 10:36 . 2007-12-08 14:57 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2007-12-03 10:36 . 2007-12-03 10:36 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\SUPERAntiSpyware.com
    2007-12-03 10:34 . 2007-12-19 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-02 14:16 . 2007-12-02 14:17 793,664 ---hs---- C:\WINDOWS\system32\nolqddko.ini
    2007-12-01 15:01 . 2007-12-01 15:02 1,316,105 ---hs---- C:\WINDOWS\system32\ocrkpcwl.ini
    2007-11-30 20:46 . 2007-12-04 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-11-30 14:29 . 2007-12-01 15:01 1,316,045 ---hs---- C:\WINDOWS\system32\qwaevigc.ini
    2007-11-30 12:14 . 2007-11-30 13:11 1,407,619 ---hs---- C:\WINDOWS\system32\aqjxujsb.ini
    2007-11-29 12:00 . 2007-11-30 12:06 1,410,128 ---hs---- C:\WINDOWS\system32\ehvoxltr.ini
    2007-11-28 01:08 . 2007-11-29 11:49 789,897 ---hs---- C:\WINDOWS\system32\dhgjjncd.ini
    2007-11-26 19:56 . 2007-11-27 19:56 780,515 ---hs---- C:\WINDOWS\system32\pyoyxaam.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-25 18:53 132,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-25 18:53 11,155,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-25 17:42 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\LimeWire
    2007-12-25 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-25 10:34 --------- d-----w C:\Program Files\Google
    2007-12-21 15:35 65,474 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_15_16_04_small.dmp.zip
    2007-12-21 13:53 70,452 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_13_40_42_small.dmp.zip
    2007-12-21 13:53 68,407 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_11_59_02_small.dmp.zip
    2007-12-19 15:10 --------- d-----w C:\Program Files\Java
    2007-12-18 15:51 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-08 10:59 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-12-08 10:59 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-12-07 16:15 --------- d-----w C:\Program Files\Lavasoft
    2007-12-03 15:37 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-30 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-27 13:17 --------- d-----w C:\Program Files\Yahoo!
    2007-11-26 13:55 --------- d-----w C:\Program Files\lg_fwupdate
    2007-11-26 08:32 --------- d-----w C:\Program Files\DivX
    2007-11-25 19:04 --------- d-----w C:\Program Files\Windows Live Safety Center
    2007-11-25 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-20 16:10 164 ----a-w C:\install.dat
    2007-11-20 14:33 --------- d-----w C:\Program Files\Trend Micro
    2007-11-18 13:08 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\FrostWire
    2007-11-16 15:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-11-14 17:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-06 11:19 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-10-31 12:49 --------- d-----w C:\Program Files\Dcads Games Collection
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2007-10-12 15:00 448 ----a-w C:\drvpnp.dat
    2007-10-12 14:56 484 ----a-w C:\pnpID.dat
    2007-04-12 17:59 30,048 ----a-w C:\Documents and Settings\bernardes luis\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-02 16:27 433 ----a-w C:\Documents and Settings\bernardes luis\formhistory.dat
    2007-04-02 16:27 20,046 ----a-w C:\Documents and Settings\bernardes luis\history.dat
    2007-04-02 14:51 94,621 ----a-w C:\Documents and Settings\bernardes luis\xpti.dat
    2007-04-02 14:51 151,490 ----a-w C:\Documents and Settings\bernardes luis\compreg.dat
    2007-02-04 10:32 374 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb6334.dat
    2007-02-03 13:35 538 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb8467.dat
    2007-02-03 13:35 18,432 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb41.dat
    2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-25_14.17.25,09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-26 10:30:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_430.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-25 11:34]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-05 15:57]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"= 1 (0x1)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsHistory"= 1 (0x1)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"= 1 (0x1)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsHistory"= 1 (0x1)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "NoSharedDocuments"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkhprtxy]
    bkhprtxy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "OPTENET_FILTER"=2 (0x2)

    R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8089cba0-27cf-11dc-b961-0018f68df7cb}]
    \Shell\AutoRun\command - G:\ReadMe.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-21 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 11:43:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-26 11:45:52
    C:\ComboFix2.txt ... 2007-12-25 14:19
    C:\ComboFix3.txt ... 2007-12-24 15:21
    .
    2007-12-12 23:24:48 --- E O F ---
    jour a toi lyonnais92 merci pour cette solution,le pc fonctionne mieux mais j'ai un doute, voici les deux rapport,Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:35, on 26/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
    O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes
    O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    C'est quoi ton doute ?

    Redémarre l'ordi et remets un rapport Hijackthis
    0
  18. loan12 Messages postés 26 Statut Membre
     
    bonLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:09:24, on 28/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    si je te comprends bien, tout est rentré dans l'ordre. C'est parfait.

    J'ai l'impression que tu n'as pas d'antispyware.

    Je te suggère celui là :
    Télécharge Superantispyware (SAS) en cliquant sur ce lien :

    https://www.superantispyware.com/superantispywarefreevspro.html

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Preferences, clique sur le bouton "Preferences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    mais il y en a plein d'autres. Passe le 2 fois par mois.

    Je ne suis pas sur que tu ais un nettoyeur :

    je te propose

    =>[/b] Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
    -- Met le sur ton bureau

    => Lance ATF-Cleaner :
    * Sous l'onglet Main, choisis : Select All
    * Clique sur le bouton Empty Selected

    * Sous l'onglet Firefox (si présent) : Clique sur select all
    -- Au message "are you sure you want to delete your firefox saved password" clique sur NON
    -- Clique sur Empty selected

    * Sous l'onglet Opéra (si présent) : Clique sur select all
    -- Au message "are you sure you want to delete your firefox saved password" clique sur NON
    -- Clique sur Empty selected

    * Quitte ATF-Cleaner

    Tu l'utilises chaque jour (si tu as surfé). Il est simple et rapide.

    Bon surf et bonnes fêtes de fin d'année.
    0
  20. loan12 Messages postés 26 Statut Membre
     
    bonjour a toi lyonnais92 j'ai bien suivi toute les manipulations a par le nettoyage j'ai deja ccleaner et pour l'antispyware j'ai spybot et avg anti-spyLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:09:43, on 30/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: [http://]*.update.microsoft.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  • 1
  • 2