PUB DE FILE SECURE QUI S'AFFICHE SANS ARRET!!
alex34200
Messages postés
27
Statut
Membre
-
nardino Messages postés 1634 Statut Membre -
nardino Messages postés 1634 Statut Membre -
Bonjour,
j'ai également le même problème que vous. J'aisuivi les instructions que vous avez donnés et j'obtiens les données suivantes:
Search Navipromo version 3.3.8 commencé le 03/01/2008 à 23:41:41,95
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode sans échec
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\WebMediaPlayer trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre Morales\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
QUE DOIS-JE FAIRE MAINTENANT?
MERCI DE VOUS PENCHEZ SUR MON PROBLEME!
J'ATTENDS VOS INSTRUCTIONS AVEC IMPATIENCE.....
j'ai également le même problème que vous. J'aisuivi les instructions que vous avez donnés et j'obtiens les données suivantes:
Search Navipromo version 3.3.8 commencé le 03/01/2008 à 23:41:41,95
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode sans échec
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\WebMediaPlayer trouvé !
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre Morales\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
QUE DOIS-JE FAIRE MAINTENANT?
MERCI DE VOUS PENCHEZ SUR MON PROBLEME!
J'ATTENDS VOS INSTRUCTIONS AVEC IMPATIENCE.....
A voir également:
- PUB DE FILE SECURE QUI S'AFFICHE SANS ARRET!!
- Youtube sans pub - Accueil - Streaming
- .Dat file - Guide
- Host file - Guide
- Comment supprimer les pubs qui apparaissent sans arrêt - Guide
- .Bin file - Guide
18 réponses
Bonsoir,
Relance navilog1
[*]Double clique sur le raccourci Navilog1.
[*]Au menu principal, choisis 2 et valide.
Le fix va t'informer qu'il va redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(Si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
[*]Patiente jusqu'au message :*** Nettoyage Termine le ..... ***
[*]Le blocnote va s'ouvrir. Sauvegarde le rapport de manière à le retrouver
[*]Referme le blocnote. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
Poste le nouveau rapport.
Relance navilog1
[*]Double clique sur le raccourci Navilog1.
[*]Au menu principal, choisis 2 et valide.
Le fix va t'informer qu'il va redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(Si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
[*]Patiente jusqu'au message :*** Nettoyage Termine le ..... ***
[*]Le blocnote va s'ouvrir. Sauvegarde le rapport de manière à le retrouver
[*]Referme le blocnote. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
Poste le nouveau rapport.
bonjour voici mon nouveau rapport,aprés avoir suivi votre instruction.
Clean Navipromo version 3.3.8 commencé le 04/01/2008 à 12:25:45,37
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Mode suppression automatique
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\WINDOWS\System32 *
* Suppression dans "C:\Documents and Settings\Alexandre Morales\local settings\application data" *
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
C:\Program Files\WebMediaPlayer ...suppression...
C:\Program Files\WebMediaPlayer supprimé !
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre Morales\application data" ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Alexandre Morales\local settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\WINDOWS\system32 *
* Dans "C:\Documents and Settings\Alexandre Morales\local settings\application data" *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
*** Nettoyage terminé le 04/01/2008 à 12:33:16,67 ***
P.S: Le probleme persiste toujour,aidez moi s'il vous plait!!!
Clean Navipromo version 3.3.8 commencé le 04/01/2008 à 12:25:45,37
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Mode suppression automatique
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\WINDOWS\System32 *
* Suppression dans "C:\Documents and Settings\Alexandre Morales\local settings\application data" *
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
C:\Program Files\WebMediaPlayer ...suppression...
C:\Program Files\WebMediaPlayer supprimé !
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre Morales\application data" ***
*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Alexandre Morales\local settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\WINDOWS\system32 *
* Dans "C:\Documents and Settings\Alexandre Morales\local settings\application data" *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
*** Nettoyage terminé le 04/01/2008 à 12:33:16,67 ***
P.S: Le probleme persiste toujour,aidez moi s'il vous plait!!!
Bonsoir,
As-tu redémarré entre temps ?
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
[*]Ferme toutes les fenêtres
[*]Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
[*]Appuie sur Y pour lancer le scan
[*]A la fin du scan (cela peut prendre du temps), un rapport sera créé.
[*]Poste ce rapport dans ton prochain message.
As-tu redémarré entre temps ?
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
[*]Ferme toutes les fenêtres
[*]Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
[*]Appuie sur Y pour lancer le scan
[*]A la fin du scan (cela peut prendre du temps), un rapport sera créé.
[*]Poste ce rapport dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir!! oui j'ai redemarer le pc!!! voila mon rapport en esperant que vous pourez trouver une solution a mon probleme
ComboFix 08-01-04.1 - Alexandre Morales 2008-01-04 21:25:30.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1442 [GMT 1:00]
Running from: C:\Documents and Settings\Alexandre Morales\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:04 . 2008-01-04 18:04 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Grisoft
2008-01-04 18:03 . 2008-01-04 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 18:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 17:32 . 2008-01-04 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-04 17:23 . 2008-01-04 17:25 <REP> d-------- C:\Program Files\Anti-Virus&Trojan
2008-01-04 16:24 . 2008-01-04 16:24 <REP> d-------- C:\Program Files\Enigma Software Group
2008-01-04 15:02 . 2008-01-04 15:02 17,637,503 --a------ C:\upload_moi_SOLEX.tar.gz
2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\c23664ad693bfa926493e6
2008-01-03 22:01 . 2008-01-03 22:28 <REP> d-------- C:\Program Files\Trojan Remover
2008-01-03 22:01 . 2008-01-03 22:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-03 22:01 . 2008-01-03 22:01 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Simply Super Software
2008-01-03 22:01 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-03 22:01 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-03 22:01 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-03 22:01 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-03 22:01 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-03 21:59 . 2008-01-03 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 21:59 . 2008-01-03 22:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 20:08 . 2008-01-03 20:14 238,080 --a------ C:\WINDOWS\toprates.dll
2007-12-13 21:47 . 2007-12-13 21:47 40 --a------ C:\WINDOWS\RUNAWAY.INI
2007-12-13 21:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-13 21:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-13 20:54 . 2007-12-13 20:54 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-13 13:11 . 2007-12-13 13:11 319 --a------ C:\WINDOWS\game.ini
2007-12-13 13:01 . 2007-12-13 13:01 <REP> d-------- C:\Program Files\Activision
2007-12-13 12:57 . 2007-12-13 12:57 <REP> d--hs---- C:\WINDOWS\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 20:30 --------- d-----w C:\Program Files\Wanadoo
2008-01-04 18:28 --------- d-----w C:\Program Files\VSO
2008-01-04 18:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 18:21 --------- d-----w C:\Program Files\eMule
2008-01-04 14:32 --------- d-----w C:\Program Files\MSN Messenger
2008-01-03 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 21:09 --------- d-----w C:\Program Files\Google
2007-12-30 17:40 --------- d-----w C:\Program Files\Eidos Interactive
2007-12-21 22:06 --------- d-----w C:\Program Files\EA GAMES
2007-12-13 23:23 --------- d-----w C:\Program Files\KONAMI
2007-12-13 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 07:12 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\BitTorrent
2007-12-07 16:51 --------- d-----w C:\Program Files\Dl_cats
2007-12-06 20:02 --------- d-----w C:\Program Files\Pochette Express 2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-01 02:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:06 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\U3
2007-11-10 17:00 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\dvdcss
2007-11-08 10:14 --------- d-----w C:\Program Files\Common Files
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-01 11:29 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-01 11:29 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-18 07:05 94,208 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\ezplay.sys
2007-09-18 07:05 47,360 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\pcouffin.sys
2007-08-30 19:16 48,632 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\GDIPFONTCACHEV1.DAT
2007-01-04 14:00 131,072 ----a-w C:\Documents and Settings\Alexandre Morales\vms.bin
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2007-03-18 18:08 168 --sh--r C:\WINDOWS\system32\D529860838.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-03-18 18:09 5,798 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_21.20.49.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-04 20:29:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_20c.dat
+ 2008-01-04 20:28:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{834B0DD4-3A68-4F58-B265-D9FDB3D8F88B}]
2008-01-03 20:14 238080 --a------ C:\WINDOWS\toprates.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [ ]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 14:57 102400]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 09:28 495616]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2008-01-03 17:11 737872 --a------ C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 14:49 20480 --------- C:\PROGRA~1\Wanadoo\Watch.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 02:01]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 02:02]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c59b1483-8f6d-11db-821b-0060b3e428cc}]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 20:30:25 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ComboFix 08-01-04.1 - Alexandre Morales 2008-01-04 21:25:30.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1442 [GMT 1:00]
Running from: C:\Documents and Settings\Alexandre Morales\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-04 21:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:04 . 2008-01-04 18:04 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Grisoft
2008-01-04 18:03 . 2008-01-04 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 18:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 17:32 . 2008-01-04 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-04 17:23 . 2008-01-04 17:25 <REP> d-------- C:\Program Files\Anti-Virus&Trojan
2008-01-04 16:24 . 2008-01-04 16:24 <REP> d-------- C:\Program Files\Enigma Software Group
2008-01-04 15:02 . 2008-01-04 15:02 17,637,503 --a------ C:\upload_moi_SOLEX.tar.gz
2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\c23664ad693bfa926493e6
2008-01-03 22:01 . 2008-01-03 22:28 <REP> d-------- C:\Program Files\Trojan Remover
2008-01-03 22:01 . 2008-01-03 22:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-03 22:01 . 2008-01-03 22:01 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Simply Super Software
2008-01-03 22:01 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-03 22:01 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-03 22:01 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-03 22:01 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-03 22:01 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-03 21:59 . 2008-01-03 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 21:59 . 2008-01-03 22:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 20:08 . 2008-01-03 20:14 238,080 --a------ C:\WINDOWS\toprates.dll
2007-12-13 21:47 . 2007-12-13 21:47 40 --a------ C:\WINDOWS\RUNAWAY.INI
2007-12-13 21:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-13 21:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-13 20:54 . 2007-12-13 20:54 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-13 13:11 . 2007-12-13 13:11 319 --a------ C:\WINDOWS\game.ini
2007-12-13 13:01 . 2007-12-13 13:01 <REP> d-------- C:\Program Files\Activision
2007-12-13 12:57 . 2007-12-13 12:57 <REP> d--hs---- C:\WINDOWS\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 20:30 --------- d-----w C:\Program Files\Wanadoo
2008-01-04 18:28 --------- d-----w C:\Program Files\VSO
2008-01-04 18:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 18:21 --------- d-----w C:\Program Files\eMule
2008-01-04 14:32 --------- d-----w C:\Program Files\MSN Messenger
2008-01-03 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 21:09 --------- d-----w C:\Program Files\Google
2007-12-30 17:40 --------- d-----w C:\Program Files\Eidos Interactive
2007-12-21 22:06 --------- d-----w C:\Program Files\EA GAMES
2007-12-13 23:23 --------- d-----w C:\Program Files\KONAMI
2007-12-13 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 07:12 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\BitTorrent
2007-12-07 16:51 --------- d-----w C:\Program Files\Dl_cats
2007-12-06 20:02 --------- d-----w C:\Program Files\Pochette Express 2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-01 02:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:06 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\U3
2007-11-10 17:00 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\dvdcss
2007-11-08 10:14 --------- d-----w C:\Program Files\Common Files
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-01 11:29 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-01 11:29 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-18 07:05 94,208 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\ezplay.sys
2007-09-18 07:05 47,360 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\pcouffin.sys
2007-08-30 19:16 48,632 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\GDIPFONTCACHEV1.DAT
2007-01-04 14:00 131,072 ----a-w C:\Documents and Settings\Alexandre Morales\vms.bin
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2007-03-18 18:08 168 --sh--r C:\WINDOWS\system32\D529860838.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-03-18 18:09 5,798 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_21.20.49.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-04 20:29:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_20c.dat
+ 2008-01-04 20:28:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{834B0DD4-3A68-4F58-B265-D9FDB3D8F88B}]
2008-01-03 20:14 238080 --a------ C:\WINDOWS\toprates.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [ ]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 14:57 102400]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 09:28 495616]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2008-01-03 17:11 737872 --a------ C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 14:49 20480 --------- C:\PROGRA~1\Wanadoo\Watch.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 02:01]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 02:02]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c59b1483-8f6d-11db-821b-0060b3e428cc}]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 20:30:25 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
voici si sa peut vous aider le rapport de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:08:27, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre Morales\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4061128
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BlueSynchroManager.lnk = C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{976E3A74-5DDC-43D8-9946-03A0F1475469}: NameServer = 192.168.1.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Merci de m aider c est trés sympas
Logfile of HijackThis v1.99.1
Scan saved at 16:08:27, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre Morales\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4061128
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BlueSynchroManager.lnk = C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{976E3A74-5DDC-43D8-9946-03A0F1475469}: NameServer = 192.168.1.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Merci de m aider c est trés sympas
Bonsoir.
1-Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/
*Dézippe l'archive sur ton Bureau.
*Ouvre le dossier BTFix.
*Double clique sur BTFix.exe.
*Clique sur Rechercher.
*Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
2-Script Combofix
- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous, en italique :
Folder::
C:\Program Files\Enigma Software Group
C:\Program Files\MyWebSearch
C:\Program Files\Multi_Media
Files::
C:\WINDOWS\toprates.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-
"SpyHunter Security Suite"=-
- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
- Supprime le fichier C:\Combofix.txt et relance Combofix.
- Poste le nouveau Combofix.txt et un nouveau rapport HijackThis.
- Donne des infos sur l'évolution de tes problèmes.
3-Hijackthis
Lances Hijackthis par scan only et coches les lignes suivantes :
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
Cliques sur Fix checked
Un peu de lecture:
http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/
Connais-tu ce fichier :
C:\upload_moi_SOLEX.tar.gz
1-Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/
*Dézippe l'archive sur ton Bureau.
*Ouvre le dossier BTFix.
*Double clique sur BTFix.exe.
*Clique sur Rechercher.
*Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
2-Script Combofix
- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous, en italique :
Folder::
C:\Program Files\Enigma Software Group
C:\Program Files\MyWebSearch
C:\Program Files\Multi_Media
Files::
C:\WINDOWS\toprates.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-
"SpyHunter Security Suite"=-
- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
- Supprime le fichier C:\Combofix.txt et relance Combofix.
- Poste le nouveau Combofix.txt et un nouveau rapport HijackThis.
- Donne des infos sur l'évolution de tes problèmes.
3-Hijackthis
Lances Hijackthis par scan only et coches les lignes suivantes :
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
Cliques sur Fix checked
Un peu de lecture:
http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/
Connais-tu ce fichier :
C:\upload_moi_SOLEX.tar.gz
voici le rapport avec bitfix
BTFix 1.068 (par bibi26) - 04/01/2008 22:58:00 - Analyse
Lancé depuis C:\Documents and Settings\Alexandre Morales\Bureau\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
- C:\Program Files\DAEMON Tools SearchBar
---> Analyse terminée
BTFix 1.068 (par bibi26) - 04/01/2008 22:58:00 - Analyse
Lancé depuis C:\Documents and Settings\Alexandre Morales\Bureau\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
- C:\Program Files\DAEMON Tools SearchBar
---> Analyse terminée
voici le rapport de combofix
ComboFix 08-01-04.1 - Alexandre Morales 2008-01-04 23:05:54.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1312 [GMT 1:00]
Running from: C:\Documents and Settings\Alexandre Morales\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre Morales\Bureau\CFScript.tx.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\pgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\rgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\support.log
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:16 . 2008-01-04 22:16 <REP> d-------- C:\Program Files\KONAMI
2008-01-04 21:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:04 . 2008-01-04 18:04 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Grisoft
2008-01-04 18:03 . 2008-01-04 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 18:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 17:32 . 2008-01-04 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-04 17:23 . 2008-01-04 17:25 <REP> d-------- C:\Program Files\Anti-Virus&Trojan
2008-01-04 15:02 . 2008-01-04 15:02 17,637,503 --a------ C:\upload_moi_SOLEX.tar.gz
2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\c23664ad693bfa926493e6
2008-01-03 21:59 . 2008-01-03 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 21:59 . 2008-01-03 22:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 20:08 . 2008-01-03 20:14 238,080 --a------ C:\WINDOWS\toprates.dll
2007-12-13 21:47 . 2007-12-13 21:47 40 --a------ C:\WINDOWS\RUNAWAY.INI
2007-12-13 21:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-13 21:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-13 20:54 . 2007-12-13 20:54 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-13 13:11 . 2007-12-13 13:11 319 --a------ C:\WINDOWS\game.ini
2007-12-13 13:01 . 2007-12-13 13:01 <REP> d-------- C:\Program Files\Activision
2007-12-13 12:57 . 2007-12-13 12:57 <REP> d--hs---- C:\WINDOWS\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:15 --------- d-----w C:\Program Files\Wanadoo
2008-01-04 21:15 --------- d-----w C:\Program Files\eMule
2008-01-04 18:28 --------- d-----w C:\Program Files\VSO
2008-01-04 18:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 14:32 --------- d-----w C:\Program Files\MSN Messenger
2008-01-03 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 21:09 --------- d-----w C:\Program Files\Google
2007-12-30 17:40 --------- d-----w C:\Program Files\Eidos Interactive
2007-12-21 22:06 --------- d-----w C:\Program Files\EA GAMES
2007-12-13 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 07:12 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\BitTorrent
2007-12-07 16:51 --------- d-----w C:\Program Files\Dl_cats
2007-12-06 20:02 --------- d-----w C:\Program Files\Pochette Express 2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-01 02:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:06 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\U3
2007-11-10 17:00 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\dvdcss
2007-11-08 10:14 --------- d-----w C:\Program Files\Common Files
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-01 11:29 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-01 11:29 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-18 07:05 94,208 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\ezplay.sys
2007-09-18 07:05 47,360 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\pcouffin.sys
2007-08-30 19:16 48,632 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\GDIPFONTCACHEV1.DAT
2007-01-04 14:00 131,072 ----a-w C:\Documents and Settings\Alexandre Morales\vms.bin
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2007-03-18 18:08 168 --sh--r C:\WINDOWS\system32\D529860838.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-03-18 18:09 5,798 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_21.20.49.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-02 18:24:58 31,720 ----a-r C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-01-04 21:28:48 31,720 ----a-r C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-01-04 22:13:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_330.dat
+ 2008-01-04 22:13:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat
+ 2008-01-04 22:13:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_890.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{834B0DD4-3A68-4F58-B265-D9FDB3D8F88B}]
2008-01-03 20:14 238080 --a------ C:\WINDOWS\toprates.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [ ]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 14:57 102400]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 09:28 495616]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 14:49 20480 --------- C:\PROGRA~1\Wanadoo\Watch.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 02:01]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 02:02]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c59b1483-8f6d-11db-821b-0060b3e428cc}]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 21:30:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ComboFix 08-01-04.1 - Alexandre Morales 2008-01-04 23:05:54.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1312 [GMT 1:00]
Running from: C:\Documents and Settings\Alexandre Morales\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre Morales\Bureau\CFScript.tx.txt
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\pgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\rgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\support.log
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:16 . 2008-01-04 22:16 <REP> d-------- C:\Program Files\KONAMI
2008-01-04 21:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 18:04 . 2008-01-04 18:04 <REP> d-------- C:\Documents and Settings\Alexandre Morales\Application Data\Grisoft
2008-01-04 18:03 . 2008-01-04 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 18:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-04 17:33 . 2008-01-04 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 17:32 . 2008-01-04 17:32 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-04 17:23 . 2008-01-04 17:25 <REP> d-------- C:\Program Files\Anti-Virus&Trojan
2008-01-04 15:02 . 2008-01-04 15:02 17,637,503 --a------ C:\upload_moi_SOLEX.tar.gz
2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\c23664ad693bfa926493e6
2008-01-03 21:59 . 2008-01-03 22:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 21:59 . 2008-01-03 22:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 20:08 . 2008-01-03 20:14 238,080 --a------ C:\WINDOWS\toprates.dll
2007-12-13 21:47 . 2007-12-13 21:47 40 --a------ C:\WINDOWS\RUNAWAY.INI
2007-12-13 21:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-13 21:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-13 20:54 . 2007-12-13 20:54 <REP> d-------- C:\Program Files\PENDULO Studios
2007-12-13 13:11 . 2007-12-13 13:11 319 --a------ C:\WINDOWS\game.ini
2007-12-13 13:01 . 2007-12-13 13:01 <REP> d-------- C:\Program Files\Activision
2007-12-13 12:57 . 2007-12-13 12:57 <REP> d--hs---- C:\WINDOWS\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 22:15 --------- d-----w C:\Program Files\Wanadoo
2008-01-04 21:15 --------- d-----w C:\Program Files\eMule
2008-01-04 18:28 --------- d-----w C:\Program Files\VSO
2008-01-04 18:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-04 14:32 --------- d-----w C:\Program Files\MSN Messenger
2008-01-03 22:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 21:09 --------- d-----w C:\Program Files\Google
2007-12-30 17:40 --------- d-----w C:\Program Files\Eidos Interactive
2007-12-21 22:06 --------- d-----w C:\Program Files\EA GAMES
2007-12-13 23:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 07:12 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\BitTorrent
2007-12-07 16:51 --------- d-----w C:\Program Files\Dl_cats
2007-12-06 20:02 --------- d-----w C:\Program Files\Pochette Express 2
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 02:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-01 02:00 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 22:06 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\U3
2007-11-10 17:00 --------- d-----w C:\Documents and Settings\Alexandre Morales\Application Data\dvdcss
2007-11-08 10:14 --------- d-----w C:\Program Files\Common Files
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-11-06 18:30 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-01 11:29 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-01 11:29 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-18 07:05 94,208 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\ezplay.sys
2007-09-18 07:05 47,360 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\pcouffin.sys
2007-08-30 19:16 48,632 ----a-w C:\Documents and Settings\Alexandre Morales\Application Data\GDIPFONTCACHEV1.DAT
2007-01-04 14:00 131,072 ----a-w C:\Documents and Settings\Alexandre Morales\vms.bin
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2007-03-18 18:08 168 --sh--r C:\WINDOWS\system32\D529860838.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-03-18 18:09 5,798 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_21.20.49.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-02 18:24:58 31,720 ----a-r C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-01-04 21:28:48 31,720 ----a-r C:\WINDOWS\Installer\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\ARPPRODUCTICON.exe
+ 2008-01-04 22:13:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_330.dat
+ 2008-01-04 22:13:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat
+ 2008-01-04 22:13:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_890.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{834B0DD4-3A68-4F58-B265-D9FDB3D8F88B}]
2008-01-03 20:14 238080 --a------ C:\WINDOWS\toprates.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [ ]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [ ]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 11:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 14:57 102400]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 09:28 495616]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2004-08-23 14:49 20480 --------- C:\PROGRA~1\Wanadoo\Watch.exe
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 02:01]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 02:02]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 17:19]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c59b1483-8f6d-11db-821b-0060b3e428cc}]
\Shell\AutoRun\command - I:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-19 13:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 19:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-19 09:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-04 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-01-04 21:30:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
voici le rapport de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 23:24, on 2008-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre Morales\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4061128
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BlueSynchroManager.lnk = C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{976E3A74-5DDC-43D8-9946-03A0F1475469}: NameServer = 192.168.1.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:24, on 2008-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Giganology\Gigaget\GigagetShell.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre Morales\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4061128
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Rates - {834B0DD4-3A68-4F58-B265-D9FDB3D8F88B} - C:\WINDOWS\toprates.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BlueSynchroManager.lnk = C:\Program Files\BlueSynchroManager\BlueSynchroManager.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{976E3A74-5DDC-43D8-9946-03A0F1475469}: NameServer = 192.168.1.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
Bonsoir,
Supprimes ce fichier : C:\upload_moi_SOLEX.tar.gz
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Poste le rapport dans ta réponse.
Supprimes ce fichier : C:\upload_moi_SOLEX.tar.gz
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5)
Double clique sur BTFix.exe.
Clique sur Nettoyer.
Poste le rapport dans ta réponse.
voila le nouveau rapport de btfix. Tout marche comme avant merci encore pour votre aide!!!!!
BTFix 1.068 (par bibi26) - 05/01/2008 11:56:05 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\Alexandre Morales\Bureau\pb file secure\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
- C:\Program Files\DAEMON Tools SearchBar
---> Nettoyage terminé
BTFix 1.068 (par bibi26) - 05/01/2008 11:56:05 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\Alexandre Morales\Bureau\pb file secure\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
- C:\Program Files\DAEMON Tools SearchBar
---> Nettoyage terminé
Boinjour,
Tu peux supprimer Combofix, BTFix et Navilog ainsi que les rapports créés par eux.
Pour supprimer Navilog1 du PC, deux choix :
- Via ajout/suppression des programmes (Navilog1 3.11)
- Via le fichier unins000.exe présent dans le dossier C:\programfiles\navilog1.
Puis supprime ensuite le dossier C:\Program Files\Navilog1.
Tu peux supprimer Combofix, BTFix et Navilog ainsi que les rapports créés par eux.
Pour supprimer Navilog1 du PC, deux choix :
- Via ajout/suppression des programmes (Navilog1 3.11)
- Via le fichier unins000.exe présent dans le dossier C:\programfiles\navilog1.
Puis supprime ensuite le dossier C:\Program Files\Navilog1.
voila c'est fait merci encore pour tout!!! Par contre j aimeré savoir si il existe un logiciel pour recuperer des dossier que j ai effacé par inadvertance lol !!! merci beaucoup
Bonjour.
A condition d'avoir plusieurs partitions pour ne pas installer le programme de récupération sur les emplacements occupés parles fichiers disparus.
C'est possible au moins partiellement avec :
http://download.pcinspector.de/pci_filerecovery.exe
PC Inspector Files recovery
http://www.informatique-facile.net/dossiers/dossiers.php?id_dossier=21
Tutoriel PCInspector Files Recovery
@plus
nardino
A condition d'avoir plusieurs partitions pour ne pas installer le programme de récupération sur les emplacements occupés parles fichiers disparus.
C'est possible au moins partiellement avec :
http://download.pcinspector.de/pci_filerecovery.exe
PC Inspector Files recovery
http://www.informatique-facile.net/dossiers/dossiers.php?id_dossier=21
Tutoriel PCInspector Files Recovery
@plus
nardino
