Probleme pubs et spyware, besoin d'experts!

Résolu
nomad-cube -  
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

avant toute chose, je souhaite à tout les membres de commentcamarche.net de très joyeuses fêtes de fin d'année :)

Les miennes riment avec problèmes informatiques...

J'ai lu plusieurs topics et j'ai besoin de personnes compétentes pour me guider dans les choix à faire.

Voici mon premier rapport Navilog1:

Search Navipromo version 3.3.8 commencé le 28/12/2007 à 13:45:55,75

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Jérémy\application data" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Jérémy\local settings\application data" *



*** Recherche fichiers ***


C:\WINDOWS\Downloaded Program Files\nethv32.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Jérémy\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\hjkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 28/12/2007 à 13:53:55,90 ***

Un grand merci à ceux qui m'aideront!
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
nomad-cube
 
Merci à toi!

Voici le rapport demandé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:22, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e0ce4ee4] rundll32.exe "C:\WINDOWS\system32\sbljpwwd.dll",b
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\cjlrhfcx.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12c33e5d76c5c9047019/netzip/RdxIE601_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0
Réponse 2 / 37
Nomad-cube
 
Encore un grand merci :D

Voici les scans demandés.

Celui de VundoFix:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 21:14:57 28/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\drgrmjbp.dll
C:\WINDOWS\system32\gkgcidfj.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\jfdicgkg.ini
C:\WINDOWS\system32\kddmseaj.dll
C:\WINDOWS\system32\mnkgcodt.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\tdocgknm.ini
C:\WINDOWS\system32\ugpwryxv.dll
C:\WINDOWS\system32\wvuuvsp.dll
C:\WINDOWS\system32\xjsgiyko.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\drgrmjbp.dll
C:\WINDOWS\system32\drgrmjbp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gkgcidfj.dll
C:\WINDOWS\system32\gkgcidfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jfdicgkg.ini
C:\WINDOWS\system32\jfdicgkg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kddmseaj.dll
C:\WINDOWS\system32\kddmseaj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnkgcodt.dll
C:\WINDOWS\system32\mnkgcodt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tdocgknm.ini
C:\WINDOWS\system32\tdocgknm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ugpwryxv.dll
C:\WINDOWS\system32\ugpwryxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xjsgiyko.dll
C:\WINDOWS\system32\xjsgiyko.dll Has been deleted!

Performing Repairs to the registry.
Done!



Ainsi qu'un nouveau d'Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:02, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SysApp - {4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D} - C:\Program Files\ApplePie\ie-improver.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {79BEC705-D8A5-4E32-B9F3-F9D39043CE98} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {350c3a0d-f1e9-8689-a524-5f1c12d4ec1c} - {c1ce4d21-c1f5-425a-9868-9e1fd0a3c053} - C:\WINDOWS\system32\drgrmjbp.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e0ce4ee4] rundll32.exe "C:\WINDOWS\system32\gkgcidfj.dll",b
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\qygercjg.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12c33e5d76c5c9047019/netzip/RdxIE601_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O20 - Winlogon Notify: wvuuvsp - wvuuvsp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0
Réponse 3 / 37
Nomad-cube
 
Pour ce qui est des pubs apparamment c'est réglé.

Par contre j'ai toujours un drôle de problème: impossible de me connecter sur différents sites avec login et pass. ( Site sur lesquels je suis inscris hein ^^ )

Merci d'avance!
0
Réponse 4 / 37
Nomad-cube
 
Hello, alors j'ai fais du mieux que j'ai pu. Voici les rapports.

Celui de ComboFix:

ComboFix 07-12-21.4 - Jérémy 2007-12-29 0:21:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
Running from: C:\Documents and Settings\Jérémy\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecI.fon

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 21:14 . 2007-12-28 21:14 <REP> d-------- C:\VundoFix Backups
2007-12-28 17:28 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\qygercjg.dll
2007-12-28 17:28 . 2007-12-28 22:19 3,368 --a------ C:\WINDOWS\system32\qygercjg.xml
2007-12-28 15:02 . 2007-12-28 15:02 <REP> d-------- C:\Program Files\Trend Micro
2007-12-28 13:36 . 2007-12-28 22:32 <REP> d-------- C:\Program Files\Navilog1
2007-12-27 20:20 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\cjlrhfcx.dll
2007-12-27 20:20 . 2007-12-28 14:52 3,368 --a------ C:\WINDOWS\system32\cjlrhfcx.xml
2007-12-27 16:13 . 2007-12-28 16:14 963,332 ---hs---- C:\WINDOWS\system32\dwwpjlbs.ini
2007-12-27 15:25 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\imeqlruu.dll
2007-12-27 15:25 . 2007-12-27 16:01 2,428 --a------ C:\WINDOWS\system32\imeqlruu.xml
2007-12-27 13:13 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\fpcvmguf.dll
2007-12-27 13:13 . 2007-12-26 10:58 2,428 --a------ C:\WINDOWS\system32\fpcvmguf.xml
2007-12-26 15:10 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\rlluzzdd.dll
2007-12-26 15:10 . 2007-12-26 10:58 2,428 --a------ C:\WINDOWS\system32\rlluzzdd.xml
2007-12-26 10:21 . 2007-12-27 15:43 1,011,036 ---hs---- C:\WINDOWS\system32\wrnxqhlv.ini
2007-12-26 00:13 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\xowgktvd.dll
2007-12-26 00:13 . 2007-12-26 10:58 2,428 --a------ C:\WINDOWS\system32\xowgktvd.xml
2007-12-25 00:20 . 2007-12-26 10:21 1,019,577 ---hs---- C:\WINDOWS\system32\ivxblydk.ini
2007-12-25 00:17 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\hkdrtdtm.dll
2007-12-25 00:17 . 2007-12-25 12:19 2,521 --a------ C:\WINDOWS\system32\hkdrtdtm.xml
2007-12-25 00:17 . 2007-12-29 00:28 22 --a------ C:\WINDOWS\pskt.ini
2007-12-24 00:14 . 2007-12-25 00:15 1,010,146 ---hs---- C:\WINDOWS\system32\kcehsfjt.ini
2007-12-23 13:38 . 2007-12-23 13:38 992,142 ---hs---- C:\WINDOWS\system32\okyigsjx.ini
2007-12-22 00:13 . 2007-12-23 13:38 1,769,483 ---hs---- C:\WINDOWS\system32\jlndbilj.ini
2007-12-21 00:11 . 2007-12-22 00:12 991,902 ---hs---- C:\WINDOWS\system32\aqcicxcw.ini
2007-12-19 22:04 . 2007-12-21 00:10 987,574 ---hs---- C:\WINDOWS\system32\xhhxmfho.ini
2007-12-17 22:02 . 2007-12-18 21:16 969,100 ---hs---- C:\WINDOWS\system32\vxyrwpgu.ini
2007-12-17 17:52 . 2007-12-17 18:52 175 --a------ C:\WINDOWS\syss.html
2007-12-17 17:52 . 2007-12-17 18:51 59 --a------ C:\WINDOWS\syst.html
2007-12-16 22:01 . 2007-12-17 22:02 969,788 ---hs---- C:\WINDOWS\system32\dokxktln.ini
2007-12-15 22:00 . 2007-12-16 22:00 968,830 ---hs---- C:\WINDOWS\system32\kemicumk.ini
2007-12-14 18:26 . 2007-12-15 21:59 971,220 ---hs---- C:\WINDOWS\system32\gakdutcv.ini
2007-12-13 18:28 . 2007-12-14 18:24 934,518 ---hs---- C:\WINDOWS\system32\butcvxho.ini
2007-12-12 18:23 . 2007-12-13 18:24 934,338 ---hs---- C:\WINDOWS\system32\tdtibyvg.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 23:07 --------- d-----w C:\Program Files\ApplePie
2007-12-28 14:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-25 17:08 --------- d-----w C:\Program Files\Steam
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 08:40 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 21:44 --------- d-----w C:\Program Files\Yahoo!
2007-11-18 19:22 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-18 15:47 --------- d-----w C:\Program Files\IDoser v4
2007-11-14 11:44 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\Setup.exe
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\layout.bin
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\Install.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 08:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-12 21:03]
"e0ce4ee4"="C:\WINDOWS\system32\gkgcidfj.dll" []
"0B55340967017A232855"="Rundll32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuvsp]
wvuuvsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-08-12 21:10 335872 --a------ C:\ATI-CPanel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2007-12-04 14:00 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-20 00:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 EPSON Stylus DX3800 Series /O6 USB001 /M Stylus DX3800

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-24 08:20 401491 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-09-15 14:58 1212466 --a------ C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2001-09-24 08:39 98304 --a------ C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-18 17:36 28672 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneClick]
2004-12-13 12:22 397312 --------- C:\Program Files\oneclick\oneclick.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\W2acecad.Wtxpload]
C:\WINDOWS\W2acecad\Wtxpload.exe acecad

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 09:59 204288 --------- C:\Program Files\Windows Media Player\WMPNSCFG.exe

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2003-04-18 12:45]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 ESISTEMA53;ESISTEMA53;C:\Program Files\RuanEngine\sistema32.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 fuckoff1;fuckoff1;C:\ReymiXEngine\reymixddk.sys []
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-24 08:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2006-05-09 16:50]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2001-09-24 08:42]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys [2002-10-22 03:15]
S3 W2acehid;ACECAD HID;C:\WINDOWS\system32\DRIVERS\w2acehid.sys [2000-07-14 12:41]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
S3 ZD1201U;Stick USB 802.11b OLITEC Driver;C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-08-06 16:25]
S4 Wtcls2k;WtCls2k;C:\WINDOWS\system32\DRIVERS\wtcls2k.sys [2000-08-02 18:03]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-28 23:24:08 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 00:28:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\qygercjg.dll
.
Completion time: 2007-12-29 0:31:36 - machine was rebooted
.
2007-12-13 12:18:15 --- E O F ---



Puis celui de hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:42:11, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e0ce4ee4] rundll32.exe "C:\WINDOWS\system32\gkgcidfj.dll",b
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\qygercjg.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12c33e5d76c5c9047019/netzip/RdxIE601_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O20 - Winlogon Notify: wvuuvsp - wvuuvsp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
Nomad-cube
 
Bonjour,

voici les rapports demandés.

Le Report.txt de SDFix:


SDFix: Version 1.120

Run by Jérémy on 29/12/2007 at 13:50

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\JRMY~1\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 13:59:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 53


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe"="C:\\Program Files\\LegacyGamers\\LegacyGamers GunZ Online\\LegacyGamers.exe:*:Enabled:Gunz"
"C:\\Documents and Settings\\Jérémy\\Mes documents\\EGZ\\theduel.exe"="C:\\Documents and Settings\\Jérémy\\Mes documents\\EGZ\\theduel.exe:*:Enabled:Gunz"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 23 Jan 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 21 Jun 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Thu 8 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 5 Sep 2004 34,816 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0003.tmp"
Fri 21 Dec 2007 340,480 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0004.tmp"
Tue 7 Sep 2004 35,328 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0005.tmp"
Tue 29 Aug 2006 297,984 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0006.tmp"
Thu 21 Dec 2006 306,176 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0007.tmp"
Sun 10 Jun 2007 325,632 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0008.tmp"
Fri 12 Jan 2007 307,712 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0254.tmp"
Thu 3 Nov 2005 173,056 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0700.tmp"
Thu 17 Nov 2005 221,184 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0832.tmp"
Fri 12 May 2006 282,624 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL0985.tmp"
Sat 28 Jan 2006 271,360 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1045.tmp"
Mon 3 Apr 2006 275,456 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1088.tmp"
Mon 13 Mar 2006 274,432 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1434.tmp"
Sat 29 Apr 2006 279,040 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1436.tmp"
Fri 4 Nov 2005 175,616 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1569.tmp"
Tue 25 Apr 2006 277,504 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1823.tmp"
Sun 21 Aug 2005 76,288 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL1939.tmp"
Sun 19 Sep 2004 38,400 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL2000.tmp"
Thu 4 May 2006 280,064 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL2042.tmp"
Mon 17 Jan 2005 54,784 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL2089.tmp"
Tue 21 Mar 2006 274,432 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL2408.tmp"
Fri 3 Mar 2006 274,432 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL2757.tmp"
Wed 28 Dec 2005 256,512 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL3006.tmp"
Thu 17 Nov 2005 220,672 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL3305.tmp"
Thu 18 May 2006 282,624 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL3559.tmp"
Sun 22 Jan 2006 265,216 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL3795.tmp"
Thu 8 Jun 2006 284,160 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\ModŠles\~WRL3981.tmp"
Thu 4 Jan 2007 306,176 ...H. --- "C:\Documents and Settings\J‚r‚my\Application Data\Microsoft\Word\~WRL0004.tmp"

Finished!







Et un nouveau de HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:45, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [e0ce4ee4] rundll32.exe "C:\WINDOWS\system32\gkgcidfj.dll",b
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\ovyrrcml.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12c33e5d76c5c9047019/netzip/RdxIE601_fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O20 - Winlogon Notify: wvuuvsp - wvuuvsp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0
Réponse 6 / 37
Nomad-cube
 
Bonjour, effectivement merci de ton aide Philae!

Tout d'abord le rapportSREnglLOG:

[CODE]

2007-12-29,15:09:42

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<e0ce4ee4><rundll32.exe "C:\WINDOWS\system32\gkgcidfj.dll",b> [N/A]
<0B55340967017A232855><Rundll32.exe "C:\WINDOWS\system32\ovyrrcml.dll",s> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><sockspy.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuuvsp]
<WinlogonNotify: wvuuvsp><wvuuvsp.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Adobe Photo Downloader><; "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
<ATIModeChange><; Ati2mdxx.exe> [ATI Technologies, Inc.]
<ATIPTA><; C:\ATI-CPanel\atiptaxx.exe> [ATI Technologies, Inc.]
<avast!><; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<EPSON Stylus DX3800 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<InCD><; C:\Program Files\Ahead\InCD\InCD.exe> [Ahead Software AG]
<LVCOMS><; C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<Microsoft Works Update Detection><; C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe> [Microsoft® Corporation]
<NeroCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<OneClick><; "C:\Program Files\oneclick\oneclick.exe"> [1-Click Media Networks]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Steam><; > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<StorageGuard><; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<updateMgr><; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<W2acecad.Wtxpload><; C:\WINDOWS\W2acecad\Wtxpload.exe acecad> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WMPNSCFG><; C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InCD File System Service / InCDsrv][Running/Auto Start]
<C:\Program Files\Ahead\InCD\InCDsrv.exe><AHEAD Software>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[Wintab32 / Wintab32][Running/Auto Start]
<C:\WINDOWS\System32\wintab32.exe><>

==================================
Drivers
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Stopped/Manual Start]
<System32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[basic2 / basic2][Stopped/Manual Start]
<System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Wireless-G PCI Adapter Driver / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\JRMY~1\LOCALS~1\Temp\catchme.sys><N/A>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd>
[Olitec Router (via USB) / CnxTrLan][Stopped/Manual Start]
<System32\DRIVERS\CnxTrLan.sys><Conexant>
[Dual-Mode DSC(2770) / DCamUSBSQTECH][Stopped/Manual Start]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\drvmcdb.sys><Sonic Solutions>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
<\??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ESISTEMA53 / ESISTEMA53][Stopped/Manual Start]
<\??\C:\Program Files\RuanEngine\sistema32.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
<System32\DRIVERS\HSF_FALL.sys><Conexant>
[Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start]
<system32\DRIVERS\fbxusb32.sys><FreeBox SA>
[Fsks / Fsks][Running/Auto Start]
<System32\DRIVERS\HSF_FSKS.sys><Conexant>
[fuckoff1 / fuckoff1][Stopped/Manual Start]
<\??\C:\ReymiXEngine\reymixddk.sys><N/A>
[Hamachi Network Interface / hamachi][Stopped/Manual Start]
<system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<System32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[hsf_msft / hsf_msft][Stopped/Manual Start]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[InCDPass / InCDPass][Running/System Start]
<System32\DRIVERS\InCDPass.sys><Ahead Software>
[K56 / K56][Running/Auto Start]
<System32\DRIVERS\HSF_K56K.sys><Conexant>
[LVBulk Service / LVBulk][Stopped/Manual Start]
<system32\DRIVERS\LVBulk.sys><Logitech Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<System32\DRIVERS\mdmxsdk.sys><Conexant>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Logitech ClickSmart 310(PID_0900_V) / PID_0900_V][Stopped/Manual Start]
<system32\DRIVERS\LV551AV.sys><Logitech Inc.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Rksample / Rksample][Stopped/Manual Start]
<System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
[Texas Instruments SilverLink (USB GraphLink) Cable / SilverLink][Stopped/Manual Start]
<System32\Drivers\SilvrLnk.sys><Texas Instruments Incorporated>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SoftFax / SoftFax][Running/Auto Start]
<System32\DRIVERS\HSF_FAXX.sys><Conexant>
[SAMSUNG Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start]
<system32\DRIVERS\ssm_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start]
<system32\DRIVERS\ssm_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start]
<system32\DRIVERS\ssm_mdm.sys><MCCI>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
<system32\drivers\stac97.sys><SigmaTel, Inc.>
[Tones / Tones][Running/Auto Start]
<System32\DRIVERS\HSF_TONE.sys><Conexant>
[V124 / V124][Running/Auto Start]
<System32\DRIVERS\HSF_V124.sys><Conexant>
[ACECAD HID / W2acehid][Stopped/Manual Start]
<System32\DRIVERS\w2acehid.sys><LCS/Telegraphics>
[winachsf / winachsf][Running/Manual Start]
<System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Wtcls2k / Wtcls2k][Stopped/Disabled]
<System32\DRIVERS\wtcls2k.sys><LCS/Telegraphics>
[XDva006 / XDva006][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva006.sys><N/A>
[XDva007 / XDva007][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva007.sys><N/A>
[XDva009 / XDva009][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva009.sys><N/A>
[XTrapD12 / XTrapD12][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XTrapD12.sys><N/A>
[Stick USB 802.11b OLITEC Driver / ZD1201U][Stopped/Manual Start]
<system32\DRIVERS\zd1201u.sys><ZyDAS Technology Corporation>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} <c:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\Program Files\Microsoft ActiveSync\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\Program Files\Microsoft ActiveSync\INetRepl.dll, Microsoft Corporation>
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM95\aim.exe, America Online, Inc.>
[]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} <c:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Checkers Class]
{00B71CFB-6864-4346-A978-C0A14556272C} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, Microsoft Corporation>
[InstallerObj Class]
{01347765-1965-426B-91A4-AA6BB342B9A3} <C:\WINDOWS\Downloaded Program Files\installer.dll, 1-Click Media>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[MessengerStatsClient Class]
{14B87622-7E19-4EA8-93B3-97215F77A6BC} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[NMJPStarter15 Class]
{20050325-D35A-4233-926E-2E801AE25949} <C:\WINDOWS\Downloaded Program Files\NMStarterJP5.dll, CJI Japan>
[Minesweeper Flags Class]
{2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[FileSharingCtrl Class]
{45E83043-1F6F-4D22-A5E7-0138EA171B49} <C:\WINDOWS\Downloaded Program Files\fsmsngr-fr.dll, >
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[UnoCtrl Class]
{5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[ijjiPlugin2 Class]
{5F5F9FB8-878E-4455-95E0-F64B2314288A} <C:\WINDOWS\system32\ijjiPlugin2.dll, TODO: <Company name>>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[CBreakshotControl Class]
{BD393C14-72AD-4790-A095-76522973D6B8} <C:\WINDOWS\Downloaded Program Files\Banksht2.dll, pixelStorm Inc.>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[HGPlugin9USA Class]
{CD995117-98E5-4169-9920-6C12D4C0B548} <C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[HGPlugin10USA Class]
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} <C:\WINDOWS\Downloaded Program Files\HGPlugin10USA.dll, NHN USA Corp.>
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[MetaStreamCtl Class]
{03F998B2-0E00-11D3-A498-00104B6EB52E} <C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} <c:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[SVG Document]
{377B5106-3B4E-4A2D-8520-8767590CAC86} <C:\WINDOWS\system32\Adobe\SVGVIE~1.0\NPSVG3.dll, Adobe Systems Inc.>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <c:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[EPUImageControl Class]
{4C39376E-FA9D-4349-BACC-D305C1750EF3} <C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll, eBay, Inc.>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Live Safety Center Base Module]
{5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[ijjiPlugin2 Class]
{5F5F9FB8-878E-4455-95E0-F64B2314288A} <C:\WINDOWS\system32\ijjiPlugin2.dll, TODO: <Company name>>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Safety Center Control Module]
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\Windows Live Toolbar\stmain.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[ijjiSetupCtrl1010 Class]
{C901354A-DFBC-4297-9BC2-22D499A916D5} <C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll, NHN USA>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[HGPlugin9USA Class]
{CD995117-98E5-4169-9920-6C12D4C0B548} <C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll, >
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[HGPlugin10USA Class]
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} <C:\WINDOWS\Downloaded Program Files\HGPlugin10USA.dll, NHN USA Corp.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Computer, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Yahoo! Toolbar avec bloqueur de fenêtres pop-up]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[&Traduire à partir de l'anglais]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
<https://onedrive.live.com/?id=favorites N/A>
[Pages liées]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Pages similaires]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Recherche &Google]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[Version de la page actuelle disponible dans le cache Google]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>

==================================
Running Processes
[PID: 612 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1064 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1420 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1476 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1564 / Jérémy][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software, Karlsbad, Germany, 4, 0, 6, 1]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\QuickZip\QzShlExt.dll] [N/A, ]
[C:\PROGRA~1\QuickZip\cabinet.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Adobe\Photoshop Elements 2\PSICON.DLL] [Adobe Systems, Incorporated, 2.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[c:\Program Files\Microsoft Money\System\mnyside.dll] [Microsoft Corporation, 11.00.0716]
[c:\Program Files\Microsoft Money\System\misstub.dll] [Microsoft Corporation, 11.00.0716]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] [SEIKO EPSON CORPORATION, 1, 1, 0, 0]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\E_FLMACE.DLL] [SEIKO EPSON CORPORATION, 5, 7, 0, 0]
[PID: 2024 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.0]
[PID: 436 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [AHEAD Software, 4, 0, 6, 1]
[C:\Program Files\Ahead\InCD\InCDunt.dll] [AHEAD Software, 4, 0, 6, 1]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 11]
[C:\Program Files\Ahead\InCD\incdshx.dll] [Ahead Software, Karlsbad, Germany, 4, 0, 6, 1]
[PID: 920 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / SYSTEM][C:\WINDOWS\System32\wintab32.exe] [, ]
[PID: 1696 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 496 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Samsung\Samsung PC Studio 3\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1280 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 852 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2688 / Jérémy][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.3]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 2808 / Jérémy][C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3249]
[PID: 2872 / Jérémy][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2292 / Jérémy][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2936 / Jérémy][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Windows Media Player\wmpnssci.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 3000 / Jérémy][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE] [Microsoft Corporation, 3.7.1.4034]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 3.7.1.4034]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 3.7.1.4034]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 3.7.1.4034]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2444 / Jérémy][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 23, 0, 276]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\MSN Messenger\dfsr.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ]
[C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00]
[PID: 3632 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\usnsvcps.dll] [Microsoft Corporation, 8.1.0178.00]
[PID: 3580 / Jérémy][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\wlscres.dll.mui] [Microsoft Corporation, 1.0.0001.1]
[C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\obarres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\obarres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Favorites\wlfext.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\RssFinderRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\pgres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\pgres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\SmaMenRes.dll.mui] [Microsoft Corporation., 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[c:\Program Files\Microsoft Money\System\mnyside.dll] [Microsoft Corporation, 11.00.0716]
[c:\Program Files\Microsoft Money\System\misstub.dll] [Microsoft Corporation, 11.00.0716]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\Program Files\Java\jre1.6.0_03\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 3, 0, 131, 0]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\wlsctb.dll] [Microsoft Corporation, 03.05.0000.0159]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Favorites\WLFExtRes.dll] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Favorites\TBIDCRL.dll] [Microsoft Corporation, 03.01.0000.0130]
[C:\Program Files\Windows Live Favorites\msidcrl40.dll] [Microsoft Corporation, 4.000.248.1]
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] [SEIKO EPSON CORPORATION, 1, 1, 0, 0]
[C:\WINDOWS\System32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102]
[PID: 1780 / Jérémy][C:\Documents and Settings\Jérémy\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ovyrrcml.dll] [N/A, ]
[C:\Documents and Settings\Jérémy\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1316, C:\WINDOWS\SYSTEM32\WINTAB32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2688, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2808, C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3000, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 1780, C:\DOCUMENTS AND SETTINGS\JÉRÉMY\BUREAU\SRENG2\SRENGPS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1780, C:\DOCUMENTS AND SETTINGS\JÉRÉMY\BUREAU\SRENG2\SRENGPS.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]





Par contre pour la marche à suivre de ton post 14, il n'y a pas de petite icone à coté de l'horloge. Juste celle de msn, de la connection wifi, de quicktime, et le truc pour pouvoir retirer le périphérique en sécurité.

Voilà voilà :(
0
Réponse 7 / 37
Nomad-cube
 
Au fait, pour les deux dossiers dont tu m'as donné le nom. Le premier je ne le connais pas. Le deuxième oui, mais il ne m'est d'aucune utilité.
0
Réponse 8 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
re

fait les manips que je t'ai donné plus haut, ensuite tu feras analyser ce fichier 

Par contre pour la marche à suivre de ton post 14, il n'y a pas de petite icone à coté de l'horloge.


alors laisse tomber pour ca

fait les manips que je t'ai donné plus haut, ensuite tu feras analyser ces fichiers

C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro
C:\ReymiXEngine\reymixddk.sys
C:\WINDOWS\system32\XDva006.sys
C:\Program Files\RuanEngine\sistema32.sys
C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys


sur VIRUS TOTAL
http://www.virustotal.com/en/indexf.html

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

poste le rapport ici ensuite

je regarde ton rapport SRENG
0
Réponse 9 / 37
Nomad-cube
 
Voici le rapport ComboFix résultant de ta manip post 14:

ComboFix 07-12-21.4 - Jérémy 2007-12-29 15:52:13.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.48 [GMT 1:00]
Running from: C:\Documents and Settings\Jérémy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jérémy\Bureau\CFScript.txt
* Created a new restore point

FILE
:\WINDOWS\syss.html
:\WINDOWS\system32\okyigsjx.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\syst.html
C:\WINDOWS\system32\aqcicxcw.ini
C:\WINDOWS\system32\butcvxho.ini
C:\WINDOWS\system32\cjlrhfcx.dll
C:\WINDOWS\system32\cjlrhfcx.xml
C:\WINDOWS\system32\dokxktln.ini
C:\WINDOWS\system32\dwwpjlbs.ini
C:\WINDOWS\system32\fpcvmguf.dll
C:\WINDOWS\system32\fpcvmguf.xml
C:\WINDOWS\system32\gakdutcv.ini
C:\WINDOWS\system32\hkdrtdtm.dll
C:\WINDOWS\system32\hkdrtdtm.xml
C:\WINDOWS\system32\imeqlruu.xml
C:\WINDOWS\system32\ivxblydk.ini
C:\WINDOWS\system32\jlndbilj.ini
C:\WINDOWS\system32\kcehsfjt.ini
C:\WINDOWS\system32\kemicumk.ini
C:\WINDOWS\system32\ovyrrcml.dll
C:\WINDOWS\system32\qygercjg.dll
C:\WINDOWS\system32\qygercjg.xml
C:\WINDOWS\system32\rlluzzdd.dll
C:\WINDOWS\system32\rlluzzdd.xml
C:\WINDOWS\system32\tdtibyvg.ini
C:\WINDOWS\system32\vxyrwpgu.ini
C:\WINDOWS\system32\wrnxqhlv.ini
C:\WINDOWS\system32\xhhxmfho.ini
C:\WINDOWS\system32\xowgktvd.dll
C:\WINDOWS\system32\xowgktvd.xml
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\syst.html
C:\WINDOWS\system32\aqcicxcw.ini
C:\WINDOWS\system32\butcvxho.ini
C:\WINDOWS\system32\cjlrhfcx.dll
C:\WINDOWS\system32\cjlrhfcx.xml
C:\WINDOWS\system32\dokxktln.ini
C:\WINDOWS\system32\dwwpjlbs.ini
C:\WINDOWS\system32\fpcvmguf.dll
C:\WINDOWS\system32\fpcvmguf.xml
C:\WINDOWS\system32\gakdutcv.ini
C:\WINDOWS\system32\hkdrtdtm.dll
C:\WINDOWS\system32\hkdrtdtm.xml
C:\WINDOWS\system32\imeqlruu.xml
C:\WINDOWS\system32\ivxblydk.ini
C:\WINDOWS\system32\jlndbilj.ini
C:\WINDOWS\system32\kcehsfjt.ini
C:\WINDOWS\system32\kemicumk.ini
C:\WINDOWS\system32\ovyrrcml.dll
C:\WINDOWS\system32\qygercjg.dll
C:\WINDOWS\system32\qygercjg.xml
C:\WINDOWS\system32\rlluzzdd.dll
C:\WINDOWS\system32\rlluzzdd.xml
C:\WINDOWS\system32\tdtibyvg.ini
C:\WINDOWS\system32\vxyrwpgu.ini
C:\WINDOWS\system32\wrnxqhlv.ini
C:\WINDOWS\system32\xhhxmfho.ini
C:\WINDOWS\system32\xowgktvd.dll
C:\WINDOWS\system32\xowgktvd.xml

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))))))))
.

2007-12-29 13:48 . 2007-12-29 13:49 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-29 13:45 . 2007-12-29 15:29 3,274 --a------ C:\WINDOWS\system32\ovyrrcml.xml
2007-12-29 11:59 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\zkqcpjmx.dll
2007-12-29 11:59 . 2007-12-29 13:36 3,275 --a------ C:\WINDOWS\system32\zkqcpjmx.xml
2007-12-29 02:51 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\ltbgwdeo.dll
2007-12-29 02:51 . 2007-12-29 02:48 3,368 --a------ C:\WINDOWS\system32\ltbgwdeo.xml
2007-12-28 21:14 . 2007-12-28 21:14 <REP> d-------- C:\VundoFix Backups
2007-12-28 15:02 . 2007-12-28 15:02 <REP> d-------- C:\Program Files\Trend Micro
2007-12-28 13:36 . 2007-12-28 22:32 <REP> d-------- C:\Program Files\Navilog1
2007-12-27 15:25 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\imeqlruu.dll
2007-12-23 13:38 . 2007-12-23 13:38 992,142 ---hs---- C:\WINDOWS\system32\okyigsjx.ini
2007-12-17 17:52 . 2007-12-17 18:52 175 --a------ C:\WINDOWS\syss.html
2007-11-30 20:42 . 2007-12-01 12:48 <REP> d-------- C:\Documents and Settings\Jérémy\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 23:07 --------- d-----w C:\Program Files\ApplePie
2007-12-28 14:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-25 17:08 --------- d-----w C:\Program Files\Steam
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 08:40 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 21:44 --------- d-----w C:\Program Files\Yahoo!
2007-11-18 19:22 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-18 15:47 --------- d-----w C:\Program Files\IDoser v4
2007-11-14 11:44 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\Setup.exe
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\layout.bin
2006-04-13 17:36 0 -c--a-w C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro\Install.exe
2005-12-19 08:53 200,704 -c--a-w C:\Documents and Settings\Jérémy\BAReport.exe
2005-12-19 08:53 200,704 -c--a-w C:\Documents and Settings\Jérémy\BAReport.exe
1999-06-30 13:06 151,552 -c--a-r C:\WINDOWS\inf\AGFA\Message.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-29_ 0.30.46.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\29-12-2007\ERDNT.EXE
+ 2007-12-29 14:39:56 11,214,848 ----a-w C:\WINDOWS\erdnt\29-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-29 14:39:56 147,456 ----a-w C:\WINDOWS\erdnt\29-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-29 06:04:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-29 12:49:19 11,210,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-29 12:49:19 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-29 06:04:43 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-29 12:49:01 11,210,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-29 12:49:02 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-29 12:58:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 08:20]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-08-12 21:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 05:00]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-15 14:58]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 08:39]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 17:36]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"OneClick"="C:\Program Files\oneclick\oneclick.exe" [2004-12-13 12:22]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"W2acecad.Wtxpload"="C:\WINDOWS\W2acecad\Wtxpload.exe" [2000-05-21 01:00]
"0B55340967017A232855"="Rundll32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" []

C:\Documents and Settings\J‚r‚my\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2003-04-18 12:45]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 ESISTEMA53;ESISTEMA53;C:\Program Files\RuanEngine\sistema32.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 fuckoff1;fuckoff1;C:\ReymiXEngine\reymixddk.sys []
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-24 08:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2006-05-09 16:50]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2001-09-24 08:42]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys [2002-10-22 03:15]
S3 W2acehid;ACECAD HID;C:\WINDOWS\system32\DRIVERS\w2acehid.sys [2000-07-14 12:41]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
S3 ZD1201U;Stick USB 802.11b OLITEC Driver;C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-08-06 16:25]
S4 Wtcls2k;WtCls2k;C:\WINDOWS\system32\DRIVERS\wtcls2k.sys [2000-08-02 18:03]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 14:24:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 15:58:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 15:59:15
.
2007-12-13 12:18:15 --- E O F ---






Et le HiJackThis juste derrière:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:48, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIModeChange] ; Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] ; C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] ; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] ; C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] ; C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OneClick] ; "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [StorageGuard] ; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [W2acecad.Wtxpload] ; C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\ovyrrcml.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] ; "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] ;
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0
Réponse 10 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
ffiche les fichiers et dossiers cachés ainsi que les extensions 

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer


il en reste mais j'aimerais bien connaître un peu plus sur ces drivers
0
Réponse 11 / 37
Nomad-cube
 
Ok je vais voir si je peux analyser ces fichiers avec virus total et je te mets ici les rapports. :)
0
Réponse 12 / 37
Nomad-cube
 
Même avec ta méthode post 20, les fichiers ci dessous restant invisibles en cherchant depuis la page principale de virus total. En les cherchant sur le pc directement aussi.

C:\Documents and Settings\AOInstall16.2.0_EP0_live_nointro
C:\ReymiXEngine\reymixddk.sys
C:\WINDOWS\system32\XDva006.sys
C:\Program Files\RuanEngine\sistema32.sys
C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys
0
Réponse 13 / 37
Nomad-cube
 
Bon par contre un grand merci à vous deux car mon pc a l'air d'aller mieux. Plus aucune pub ni ralentissement. Et j'arrive de nouveau à me connecter sur mes forums et sites habituels!

Je refais des rapports pour vérifier si tout est vraiment nickel?

Comment garder mon pc sain?
0
Réponse 14 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
tout n'est pas propre....

je reviens quand j'aurais trouvé ce que je cherche concernant tes drivers
0
Réponse 15 / 37
Nomad-cube
 
Ok je te remercie.

En attendant je remarque que l'icone à coté de l'horloge pour le résident avast! n'est pas revenue. Mon pc n'est plus protégé? :/ Pourtant j'ai choisi l'option "toujours afficher" dans les paramètres.
0
Réponse 16 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
si en cliquant sur la flèche de ta barre du bas tu ne le vois pas apparaitre, et que tu ne le vois pas visible, c'est qu'il n'est pas présent au démarrage.

poste un rapport hijackthis en attendant pour voir stp
0
Réponse 17 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
j'ai finalement eu les infos dont j'avais besoin.

par contre avant de continuer il faudrait que tu me dises si tu utilises ou a utiliser ce jeu

Knight Online

0
cgui33 Messages postés 1174 Date d'inscription   Statut Membre Dernière intervention   10
 
Salut Philae

Dans le dernier Hijack on retrouve
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\ovyrrcml.dll",s

C'est du Vundo non ?

Qui en plus a été supprimé (?) par Combofix
mais qui revient en force non ?
(rapport Combofix)
((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))))))))

2007-12-29 13:45 . 2007-12-29 15:29 3,274 --a------ C:\WINDOWS\system32\ovyrrcml.xml
2007-12-29 11:59 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\zkqcpjmx.dll
2007-12-29 11:59 . 2007-12-29 13:36 3,275 --a------ C:\WINDOWS\system32\zkqcpjmx.xml
2007-12-29 02:51 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\ltbgwdeo.dll
2007-12-29 02:51 . 2007-12-29 02:48 3,368 --a------ C:\WINDOWS\system32\ltbgwdeo.xml
2007-12-27 15:25 . 2007-12-25 00:17 98,368 --a------ C:\WINDOWS\system32\imeqlruu.dll
2007-12-23 13:38 . 2007-12-23 13:38 992,142 ---hs---- C:\WINDOWS\system32\okyigsjx.ini

Ces DLL ont elles un rapport avec ce que tu es en train d'essayer de supprimer en ce moment ?
Merci
A+
0
Réponse 18 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
j'attends qu'il revienne pour me donner la réponse à ma question, il reste encore pas mal de choses à faire ici

il faut que je reprenne les derniers rapports pour tout remettre en ordre, mais j'attends qu'il revienne..........on en a vu ne jamais revenir.

je te réponds en MP pour éviter de tout polluer ici
0
Réponse 19 / 37
Nomad-cube
 
Bonjour,

je suis toujours là ;)

Pour Knight Online je connais ce jeu, j'ai du l'installer mais je n'y joue pas.

Mon pc semble sain, j'ai réinstallé Avast et les icones sont réapparues en bas à coté de l'horloge.

Voici un rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:43, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wintab32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIModeChange] ; Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] ; C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] ; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMS] ; C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] ; C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OneClick] ; "C:\Program Files\oneclick\oneclick.exe"
O4 - HKLM\..\Run: [StorageGuard] ; "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [W2acecad.Wtxpload] ; C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [0B55340967017A232855] Rundll32.exe "C:\WINDOWS\system32\ovyrrcml.dll",s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] ; "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Steam] ;
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF546560-EA9C-4E73-A1DA-D65AF83FF641}: NameServer = 192.168.0.13
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\wintab32.exe
0
Réponse 20 / 37
philae83 Messages postés 12837 Date d'inscription   Statut Contributeur sécurité Dernière intervention   206
 
bonjour,
merci pour les précisions, néanmoins le pc n'est pas sain,

je vais m'occuper de la suite à donner dans la journée, il me faut le tps de reprendre les rapports

0

Discussions similaires

musique du générique des experts miami
gg44 -
Min -

21 réponses
La chanson du générique des experts miami
Anais -
coco -

3 réponses
Musique de fin Experts Miami Saison 9 épisode 1
Caro1976 -
Caro1976 -

4 réponses